From aa376ca3c0255b9cf04e1fc79fcf1fe5c63b2376 Mon Sep 17 00:00:00 2001
From: Khaled Yakdan <yakdan@code-intelligence.com>
Date: Mon, 19 Aug 2024 15:44:44 +0200
Subject: [PATCH] ci: reactivate publishing Jazzer releases to Maven Central

---
 .github/workflows/prerelease.yaml |  2 ++
 deploy/deploy.sh                  | 18 +++++++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/prerelease.yaml b/.github/workflows/prerelease.yaml
index b0a8014b5..936030334 100644
--- a/.github/workflows/prerelease.yaml
+++ b/.github/workflows/prerelease.yaml
@@ -118,6 +118,8 @@ jobs:
 
       - name: Run Deployment
         env:
+          RELEASE_SIGNING_KEY_ID: ${{ secrets.RELEASE_SIGNING_KEY_ID }}
+          RELEASE_SIGNING_KEY_PRIVATE: ${{ secrets.RELEASE_SIGNING_KEY_PRIVATE }}
           MAVEN_USER: ${{ secrets.MAVEN_USER }}
           MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
         run: JAZZER_JAR_PATH="$(pwd)/_tmp/jazzer.jar" bazel run deploy
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index b2815e23c..43397f7c5 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -20,10 +20,13 @@ cd "$BUILD_WORKSPACE_DIRECTORY" || fail "BUILD_WORKSPACE_DIRECTORY not found"
 JAZZER_COORDINATES=$1
 [[ "$JAZZER_COORDINATES" != *-dev ]] || fail "--//deploy:jazzer_version must be set to a release version, got: $JAZZER_COORDINATES"
 
+echo "$RELEASE_SIGNING_KEY_PRIVATE" | gpg --import
+echo "default-key $RELEASE_SIGNING_KEY_ID" > $HOME/.gnupg/gpg.conf
+
 [ -z "${MAVEN_USER+x}" ] && \
-  fail "Set MAVEN_USER to the repository user"
+  fail "Set MAVEN_USER to the Sonatype OSSRH user"
 [ -z "${MAVEN_PASSWORD+x}" ] && \
-  fail "Set MAVEN_PASSWORD to the repository password"
+  fail "Set MAVEN_PASSWORD to the Sonatype OSSRH password"
 [ -z "${JAZZER_JAR_PATH+x}" ] && \
   fail "Set JAZZER_JAR_PATH to the absolute path of jazzer.jar obtained from the release GitHub Actions workflow"
 [ ! -f "${JAZZER_JAR_PATH}" ] && \
@@ -47,21 +50,22 @@ java=$(rlocation "$java_rlocationpath")
 "$java" -jar "${JAZZER_JAR_PATH}" --version 2>&1 | grep '^Jazzer v' || \
   fail "JAZZER_JAR_PATH is not a valid jazzer.jar"
 
-MAVEN_REPO=https://gitlab.code-intelligence.com/api/v4/projects/89/packages/maven
+MAVEN_REPO=https://oss.sonatype.org/service/local/staging/deploy/maven2
 
 # The Jazzer jar itself bundles native libraries for multiple architectures and thus can't be built
 # on the local machine. It is obtained from CI and passed in via JAZZER_JAR_PATH.
 bazel build //deploy:jazzer-docs //deploy:jazzer-sources //deploy:jazzer-pom
 
 JAZZER_DOCS_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-docs)
+JAZZER_SOURCES_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-sources)
 JAZZER_POM_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-pom)
 
 bazel run --define "maven_repo=${MAVEN_REPO}" --define "maven_user=${MAVEN_USER}" \
-  --define "maven_password=${MAVEN_PASSWORD}" \
+  --define "maven_password=${MAVEN_PASSWORD}" --define gpg_sign=true \
   //deploy:jazzer-api.publish
-MAVEN_REPO="$MAVEN_REPO" MAVEN_USER="$MAVEN_USER" MAVEN_PASSWORD="$MAVEN_PASSWORD" \
+MAVEN_REPO="$MAVEN_REPO" GPG_SIGN="true" MAVEN_USER="$MAVEN_USER" MAVEN_PASSWORD="$MAVEN_PASSWORD" \
   bazel run @rules_jvm_external//private/tools/java/com/github/bazelbuild/rules_jvm_external/maven:MavenPublisher -- \
-  "$JAZZER_COORDINATES" "$JAZZER_POM_PATH" "$JAZZER_JAR_PATH" "javadoc=${JAZZER_DOCS_PATH}"
+  "$JAZZER_COORDINATES" "$JAZZER_POM_PATH" "$JAZZER_JAR_PATH" "sources=${JAZZER_SOURCES_PATH},javadoc=${JAZZER_DOCS_PATH}"
 bazel run --define "maven_repo=${MAVEN_REPO}" --define "maven_user=${MAVEN_USER}" \
-  --define "maven_password=${MAVEN_PASSWORD}" \
+  --define "maven_password=${MAVEN_PASSWORD}" --define gpg_sign=true \
   //deploy:jazzer-junit.publish