await-artifact only checks sonatype repo, not maven central

[SylvainJuge]

The await-artifact seems to only check on "https://oss.sonatype.org/service/local/artifact/maven/... for artifact publication, which is usually a good proxy for actual publication in maven central in https://repo1.maven.org/maven2/....

However, this is apparently not always the case and it can happen that the sonatype repo responds with 200 status code and not maven central.

For example with the following 1.52.0 as I am writing this, with the following shell script:

#!/bin/bash -x

RELEASE_VERSION=1.52.0
RELEASE_VERSION_TAG=v1.52.0
ARTIFACT_ID=elastic-apm-agent
GROUP_ID=co.elastic.apm
VERSION=1.52.0

# same command as await-artifact
curl -L -I "https://oss.sonatype.org/service/local/artifact/maven/redirect?r=releases&g=${GROUP_ID}&a=${ARTIFACT_ID}&v=${VERSION}"

# where we actually assume the artifact to be published
curl -I "https://repo.maven.apache.org/maven2/co/elastic/apm/elastic-apm-agent/${VERSION}/"

The 1st curl returns a 307 for redirect, then we get a 200.

The second curl in maven central returns 404 which means the artifact is not yet publicly available.

So as an extra safety it would likely be better to check for actual maven central publication than relying on sonatype repository for releases. For snapshots however it is still relevant to only check the sonatype repo.

[SylvainJuge]

Well, this seems mostly related to the fact that while the global maven central status is apparently OK, the publication latency is very high as seen in the last chart here:

[v1v]

For the record, the original implementation was done in https://github.com/elastic/apm-pipeline-library/commits/main/.github/actions/await-maven-artifact