From d4294d08350850c81a9a0d340c917e375b552603 Mon Sep 17 00:00:00 2001 From: Pranav Sharma Date: Thu, 19 Jun 2025 19:59:38 +0000 Subject: [PATCH 1/5] Publish by using Portal OSSRH Staging API Updates the current release process to publish artifacts to the Sonatype Central Portal instead of Sonatype OSSRH using their staging API that is intended to reduce friction while migrating. --- build.gradle | 59 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index dd2438c5..71a437ba 100644 --- a/build.gradle +++ b/build.gradle @@ -13,8 +13,13 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + import nebula.plugin.release.git.opinion.Strategies +import java.net.http.HttpClient +import java.net.http.HttpRequest +import java.net.http.HttpResponse + plugins { id "com.diffplug.spotless" id 'nebula.release' @@ -314,12 +319,14 @@ subprojects { } repositories { maven { - def ossrhRelease = "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - def ossrhSnapshot = "https://oss.sonatype.org/content/repositories/snapshots/" + // Publish using Portal OSSRH Staging API. + // For more information see https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#publishing-by-using-the-portal-ossrh-staging-api + def ossrhRelease = "https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/" + def ossrhSnapshot = "https://central.sonatype.com/repository/maven-snapshots/" url = isReleaseVersion ? ossrhRelease : ossrhSnapshot credentials { - username = rootProject.hasProperty('ossrhUsername') ? rootProject.ossrhUsername : "Unknown user" - password = rootProject.hasProperty('ossrhPassword') ? rootProject.ossrhPassword : "Unknown password" + username = rootProject.hasProperty('centralPortalUsername') ? rootProject.centralPortalUsername : "Unknown user" + password = rootProject.hasProperty('centralPortalPassword') ? rootProject.centralPortalPassword : "Unknown password" } } } @@ -335,3 +342,47 @@ subprojects { } } } + +tasks.register('sonatypeUploadDefaultRepository') { + group = 'Deployment' + description = 'Uploads the artifact repository published by the maven publish plugin to Central Portal so that it is visible in the UI.' + + if (!rootProject.hasProperty('centralPortalUsername') || !rootProject.hasProperty('centralPortalPassword')) { + throw new GradleException("Unable to find the username and password. Please check ~/.gradle/gradle.properties file.") + } + + // The logic is placed in a doLast block to ensure it runs during the execution phase. + doLast { + // Create authentication string to be used in the bearer token for the API. + // See https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#manual-api-endpoints + String authString = "${rootProject.centralPortalUsername}:${rootProject.centralPortalPassword}" + + // Encode the auth string and construct the bearer token to be passed in the auth header. + String encodedAuthString = Base64.getEncoder().encodeToString(authString.getBytes('UTF-8')) + + String centralPortalUploadEndpoint = 'https://ossrh-staging-api.central.sonatype.com/manual/upload/defaultRepository/com.google.cloud.opentelemetry?publishing_type=user_managed' + + // Make a manual POST request to the Central Portal Endpoint + def client = HttpClient.newHttpClient() + def request = HttpRequest.newBuilder() + .uri(URI.create(centralPortalUploadEndpoint)) + .header('Authorization', "Bearer ${encodedAuthString}") + .header('accept', '*/*') + .POST(HttpRequest.BodyPublishers.ofString('')) + .build() + + println "Sending POST request to: ${centralPortalUploadEndpoint}" + + // The response body will be handled as a String. + HttpResponse response = client.send(request, HttpResponse.BodyHandlers.ofString()) + println "Response Status Code: ${response.statusCode()}" + println "Response Body: ${response.body()}" + + // Optionally, fail the build if the request was not successful + if (response.statusCode() >= 400) { + throw new GradleException("Deployment failed! Received HTTP status ${response.statusCode()}") + } else { + println "Default repository uploaded successfully! Please visit https://central.sonatype.com/publishing to complete release process." + } + } +} From b074ee412e7a2fcf42aff12eae86bb0cfbbe666c Mon Sep 17 00:00:00 2001 From: Pranav Sharma Date: Fri, 20 Jun 2025 01:55:16 +0000 Subject: [PATCH 2/5] Udpate releasing information --- RELEASING.md | 220 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 159 insertions(+), 61 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index 12c28269..35b7c65b 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -2,30 +2,42 @@ ## Prerequisites -### Setup OSSRH and Signing +### Setup Maven Central Portal Publishing -If you haven't deployed artifacts to Maven Central before, you need to set up -your OSSRH (OSS Repository Hosting) account and signing keys. +> [!IMPORTANT] +> The OSSRH service will reach the end-of-life sunset date on June 30th, 2025. +> After this, it is recommended to only use Sonatype's Central Publisher Portal +> to publish artifacts to Maven Central. See +> [the official notice](https://central.sonatype.org/news/20250326_ossrh_sunset/) +> for more details. + +If you do not have a Central Portal account on Sonatype, you need to set up your +account to publish via the Central Portal. - Follow the instructions on [this - page](http://central.sonatype.org/pages/ossrh-guide.html) to set up an account - with OSSRH. - - You only need to create the account, not set up a new project - - Contact an OpenTelemetry Operations Java maintainer to add your account - after you have created it. -- (For release deployment only) [Install - GnuPG](http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg) - and [generate your key - pair](http://central.sonatype.org/pages/working-with-pgp-signatures.html#generating-a-key-pair). - You'll also need to [publish your public - key](http://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key) - to make it visible to the Sonatype servers. For gpg 2.1 or newer, you also - need to [export the - keys](https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials) - with command `gpg --keyring secring.gpg --export-secret-keys > - ~/.gnupg/secring.gpg`. -- Put your GnuPG key password and OSSRH account information in - `/.gradle/gradle.properties`: + page](https://central.sonatype.org/register/central-portal/) to set up an + account with Central Portal. + - You only need to create the account, not set up a new project. + - Contact an OpenTelemetry Operations Java maintainer to add your account + after you have created it. + +### Setup artifact signing + +The artifacts must be signed before being published for consumption. Follow +these steps to set up artifact signing: + - [Install + GnuPG](http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg) + and [generate your key + pair](http://central.sonatype.org/pages/working-with-pgp-signatures.html#generating-a-key-pair). + - You'll also need to [publish your public + key](http://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key) + to make it visible to the Sonatype servers. For gpg 2.1 or newer, you also + need to [export the + keys](https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials) + with command + `gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg`. + - Put your GnuPG key password and Central Portal account information in + `/.gradle/gradle.properties`: ```text # You need the signing properties only if you are making release deployment @@ -33,35 +45,54 @@ your OSSRH (OSS Repository Hosting) account and signing keys. signing.password= signing.secretKeyRingFile=/.gnupg/secring.gpg - ossrhUsername= - ossrhPassword= + centralPortalUsername= + centralPortalPassword= checkstyle.ignoreFailures=false ``` > [!TIP] -> If your key-generation is failing, checkout the [help section](#help-timeout-during-key-generation-process) at the bottom of this document. +> If your key-generation is failing, checkout the +> [help section](#help-timeout-during-key-generation-process) at the bottom of +> this document. ### Using GPG-Agent for artifact signing > [!NOTE] > These instructions are for modern linux where `gpg` refers to the 2.0 version. -If you're running in linux and would like to use the GPG agent to remember your PGP key passwords instead of keeping them in a plain-text file on your home directory, -you can configure the following in `/.gradle/gradle.properties`: +If you're running in linux and would like to use the GPG agent to remember your +PGP key passwords instead of keeping them in a plain-text file on your home +directory, you can configure the following in +`/.gradle/gradle.properties`: ```text - ossrhUsername= - ossrhPassword= + centralPortalUsername= + centralPortalPassword= signingUseGpgCmd=true signing.gnupg.executable=gpg signing.gnupg.keyName= ``` -Note: You can retrieve the list of previously created GPG keys on your machine by using `gpg --list-secret-keys`. + +Note: You can retrieve the list of previously created GPG keys on your machine +by using `gpg --list-secret-keys`. Additionally, you might still be asked for +the GPG key's passphrase while signing the artifact, you can store the key in a +password manager (or in the built-in Keyring) to avoid entering the password +manually.\ +For more details, checkout the +[help section](#help-timeout-while-singing-during-release-process) on the bottom +of this guide. > [!IMPORTANT] -> Starting June 2024, due to a change to the OSSRH authentication backend, the maven publish plugin now requires [a user token](https://central.sonatype.org/publish/generate-token/) instead of a typical username and password used in the Nexus UI. -> Follow the steps in the [link](https://central.sonatype.org/publish/generate-token/) to generate a user token, if not done already - this will provide you with a `tokenuser` and `tokenkey`. Replace `` and `` with the generated `tokenuser` and `tokenkey` in your `gradle.properties` file to successfully publish artifacts. +> The user tokens for publishing to the Central Portal are different from those +> used for OSSRH. If you haven't already, you must generate a new Portal Token +> to publish to the Central Portal. +> Follow the steps in this +> [link](https://central.sonatype.org/publish/generate-portal-token/) to +> generate a user token - this will provide you with a Portal token containing a +> `username` and `password`. Replace `` and +> `` with the generated `username` and `password` in your +> `gradle.properties` file to successfully publish artifacts. ### Ensuring you can push tags to GitHub upstream @@ -71,15 +102,33 @@ token](https://help.github.com/articles/creating-a-personal-access-token-for-the ## Release a Snapshot -If you've followed the above steps, you can release snapshots for consumption using the following: +If you've followed the above steps, you can release snapshots for consumption +using the following: ```bash $ ./gradlew snapshot ``` -## Releasing a Candidate (Optional) +SNAPSHOT releases are intended for developers to make pre-release versions of +their projects available for testing. Published snapshots should be visible +using the +[directory listing for com.google.cloud.opentelemetry](https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/com/google/cloud/opentelemetry/) +namespace. + +See +[Publishing Snapshot Releases](https://central.sonatype.org/publish/publish-portal-snapshots/#publishing-snapshot-releases) +for more details. + +## Preparing a release candidate (Optional) + +> [!TIP] +> Preparing a release candidate involves the same steps as preparing a final +> version. The only difference is in how a release candidate is tagged.\ +> Release candidates are pre-release version of libraries, close to the final +> stable release, this is typically not required for this repository. -After following the above steps, you can release candidates from `main` or `v..x` branches. +After following the above steps, you can release candidates from `main` or +`v..x` branches. For example, to release the v0.14.0-RC1 candidate, do the following: @@ -93,12 +142,18 @@ $ git push origin v0.14.0-RC1 Next follow [Releasing on Maven Central](#releasing-on-maven-central) to close + publish the [repository on OSSRH](https://oss.sonatype.org/#stagingRepositories). - Note: In the future, the `-Prelease.version` flag should not be required. -## Release a final verison +## Preparing a final verison + +> [!IMPORTANT] +> The nebula-release plugin automatically tags the current release with the +> appropriate number based on the previous release. Make sure that the release +> version being provided in the argument for the candidate task matches the +> latest tag. -After following the above steps, you can release candidates from `main` or `v..x` branches. +After following the above steps, you can release candidates from `main` or +`v..x` branches. For example, to release the v0.14.0 candidate, do the following: @@ -109,14 +164,11 @@ $ ./gradlew candidate -Prelease.version=0.14.0 $ git push origin v0.14.0 ``` -*Note: If you do not have a CredentialsProvider registered for GitHub, the `candidate` task may fail to upload tags to the GitHub repository and the overall command may take a long time to report completion on the task. In this case, before moving forward - check if tags were pushed to GitHub. If not, manually push the tags before continuing.*\ -*Next, check if the staging repository is created on the [nexus repository manager](https://oss.sonatype.org/#stagingRepositories). If the repository is already created, continue with the next steps.* - -Follow [Releasing on Maven Central](#releasing-on-maven-central) to close + publish the -[repository on OSSRH](https://oss.sonatype.org/#stagingRepositories). - -After this, follow the [Announcment](#Announcement) documentation to advertise the release and update README files. - +*Note: If you do not have a CredentialsProvider registered for GitHub, the +`candidate` task may fail to upload tags to the GitHub repository and the +overall command may take a long time to report completion on the task. +In this case, before moving forward - check if tags were pushed to GitHub. +If not, manually push the tags before continuing.*\ Note: In the future, the `-Prelease.version` flag should not be required. @@ -130,37 +182,65 @@ gone through code review. For the current release use: $ git checkout -b v$MAJOR.$MINOR.$PATCH tags/v$MAJOR.$MINOR.$PATCH ``` +## Uploading the release artifacts to Central Portal + +> [!IMPORTANT] +> This task will create a deployment on the Central Portal, visible on their UI. +> It should only be run after the release is prepared. + +After preparing the release, the release artifacts need to be uploaded to +Central Portal so that they can be released on Maven Central.\ +To upload the prepared release artifacts, run the following gradle task: + +```shell +./gradlew sonatypeUploadDefaultRepository +``` + +The task will respond with an HTTP status code. If the status code is 200, the +artifacts are successfully uploaded on the Central Portal and should be visible +on the UI. + ## Releasing on Maven Central Once all the artifacts have been pushed to the staging repository, the repository must first be `closed`, which will trigger several sanity checks on the repository. If this completes successfully, the repository can then be `released`, which will begin the process of pushing the new artifacts to Maven -Central (the staging repository will be destroyed in the process). You can see -the complete process for releasing to Maven Central on the [OSSRH -site](http://central.sonatype.org/pages/releasing-the-deployment.html). +Central (the staging repository will be destroyed in the process). + +These are manual steps which must be performed from the Central Portal's UI, +which can be accessed by logging into https://central.sonatype.com/publishing. +You should see a deployment under the "Deployments" tab. + +You can see the complete process for publishing & releasing to Maven Central on +[Central Portal site](https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#publishing-by-using-the-portal-ossrh-staging-api). Note: This can/will be automated in the future. ### Things to check before 'closing' on Maven Central -Before closing the staging repository, it is important to verify that the contents of all the -published modules are looking good. Particularly, the version numbers should be what are expected, -and they include any custom release qualifiers (like 'alpha') which are set. Make sure that: - - The generated POM files for the individual module have the correct version number. - - The dependencies for an individual module in the POM file are the expected ones & they dependencies have the correct versions. - - The module content includes all the artifacts that are expected to be published - for instance, sourcesJar, javadocs, additional variants like a shaded JAR in some cases, etc. +Before closing the staging repository, it is important to verify that the +contents of all the published modules are looking good. Particularly, the +version numbers should be what are expected, and they include any custom release +qualifiers (like 'alpha') which are set. Make sure that: + - The generated POM files for the individual module have the correct version + number. + - The dependencies for an individual module in the POM file are the expected + ones & they dependencies have the correct versions. + - The module content includes all the artifacts that are expected to be + published - for instance, sourcesJar, javadocs, additional variants like a + shaded JAR in some cases, etc. - The file sizes for the published artifacts should seem reasonable. ## Announcement -Once deployment finishes, go to GitHub [release -page](https://github.com/GoogleCloudPlatform/opentelemetry-operations-java/releases), +Once deployment finishes, go to GitHub +[release page](https://github.com/GoogleCloudPlatform/opentelemetry-operations-java/releases), press `Draft a new release` to write release notes about the new release. You can use `git log upstream/v$MAJOR.$((MINOR-1)).x..upstream/v$MAJOR.$MINOR.x ---graph --first-parent` or the GitHub [compare -tool](https://github.com/GoogleCloudPlatform/opentelemetry-operations-java/compare/) +--graph --first-parent` or the GitHub +[compare tool](https://github.com/GoogleCloudPlatform/opentelemetry-operations-java/compare/) to view a summary of all commits since last release as a reference. Please pick major or important user-visible changes only. @@ -177,9 +257,27 @@ $ git cherry-pick -x $COMMIT ``` ### Help: Timeout during key-generation process -If you see timeout errors when you run `gpg --gen-key` to generate your keys, it maybe because you are running the command on a server and do not have access to a UI. +If you see timeout errors when you run `gpg --gen-key` to generate your keys, +it maybe because you are running the command on a server and do not have access +to a UI.\ A common example is - running this command on a remote machine over ssh. -The issue here is that this command opens up a UI dialog asking for you to set a passphrase, waiting for input for a fixed time. +The issue here is that this command opens up a UI dialog asking for you to set a +passphrase, waiting for input for a fixed time. + +The easiest way to fix this is to run it on a machine for which you have UI +access. + +### Help: Timeout while signing during release process +If you see timeout errors when you run `./gradlew snapshot` or +`./gradlew candidate` this could be because the process is expecting your GPGKey +passphrase and timed out waiting on it. +This is expected if you do not have access to the UI of the machine which runs +the gradle task.\ +A common example is - running this command on a remote machine over ssh. + +The issue here is that this command opens up a UI dialog asking for you to set a +passphrase, waiting for input for a fixed time. -The easiest way to fix this is to run it on a machine for which you have UI access. +The easiest way to fix this is to run it on a machine for which you have UI +access. From 8283653ac0f4ccffe66561d9d7b65b6fdfc104a2 Mon Sep 17 00:00:00 2001 From: Pranav Sharma Date: Fri, 20 Jun 2025 18:57:32 +0000 Subject: [PATCH 3/5] Fix spotless checks --- build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/build.gradle b/build.gradle index 71a437ba..fc307294 100644 --- a/build.gradle +++ b/build.gradle @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - import nebula.plugin.release.git.opinion.Strategies import java.net.http.HttpClient From d8febee8b9336a1e83df99d26d8dfe57d3f02f2f Mon Sep 17 00:00:00 2001 From: Pranav Sharma Date: Fri, 20 Jun 2025 20:51:56 +0000 Subject: [PATCH 4/5] Update publishing information in RELEASING --- RELEASING.md | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index 35b7c65b..eb2c48de 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -202,24 +202,20 @@ on the UI. ## Releasing on Maven Central -Once all the artifacts have been pushed to the staging repository, the -repository must first be `closed`, which will trigger several sanity checks on -the repository. If this completes successfully, the repository can then be -`released`, which will begin the process of pushing the new artifacts to Maven -Central (the staging repository will be destroyed in the process). - -These are manual steps which must be performed from the Central Portal's UI, -which can be accessed by logging into https://central.sonatype.com/publishing. -You should see a deployment under the "Deployments" tab. - -You can see the complete process for publishing & releasing to Maven Central on -[Central Portal site](https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#publishing-by-using-the-portal-ossrh-staging-api). - -Note: This can/will be automated in the future. - -### Things to check before 'closing' on Maven Central - -Before closing the staging repository, it is important to verify that the +Once all the artifacts have been pushed to the Central Portal, a `deployment` +will be created in the Central Portal. This deployment is visible under the +"Deployments" tab on https://central.sonatype.com/publishing (you will have to +log in with your account).\ +At this point, you can either manually 'Drop' or 'Publish' the deployment. + - Publishing the deployment will make the new release available on Maven + Central. + - Dropping the deployment will close the deployment and abandon the release. + You should drop the deployment if you do not wish to proceed with release + process for any reason. + +### Things to check before 'Publishing' on Maven Central + +Before publishing the release, it is important to verify that the contents of all the published modules are looking good. Particularly, the version numbers should be what are expected, and they include any custom release qualifiers (like 'alpha') which are set. Make sure that: From b5b157c53c805b5937252248dfc44a1bc4f948ae Mon Sep 17 00:00:00 2001 From: Pranav Sharma Date: Fri, 20 Jun 2025 21:37:10 +0000 Subject: [PATCH 5/5] Address comments --- RELEASING.md | 85 +++++++++++++--------------------------------------- 1 file changed, 21 insertions(+), 64 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index eb2c48de..131123e9 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -21,48 +21,25 @@ account to publish via the Central Portal. - Contact an OpenTelemetry Operations Java maintainer to add your account after you have created it. -### Setup artifact signing +## Setup artifact signing +### Generate the GPG key The artifacts must be signed before being published for consumption. Follow these steps to set up artifact signing: - - [Install - GnuPG](http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg) - and [generate your key - pair](http://central.sonatype.org/pages/working-with-pgp-signatures.html#generating-a-key-pair). - - You'll also need to [publish your public - key](http://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key) - to make it visible to the Sonatype servers. For gpg 2.1 or newer, you also - need to [export the - keys](https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials) - with command - `gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg`. - - Put your GnuPG key password and Central Portal account information in - `/.gradle/gradle.properties`: +- [Install + GnuPG](http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg) + and [generate your key + pair](http://central.sonatype.org/pages/working-with-pgp-signatures.html#generating-a-key-pair). +- You'll also need to [publish your public + key](http://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key) + to make it visible to the Sonatype servers. - ```text - # You need the signing properties only if you are making release deployment - signing.keyId=<8-character-public-key-id> - signing.password= - signing.secretKeyRingFile=/.gnupg/secring.gpg - - centralPortalUsername= - centralPortalPassword= - checkstyle.ignoreFailures=false - ``` - -> [!TIP] -> If your key-generation is failing, checkout the -> [help section](#help-timeout-during-key-generation-process) at the bottom of -> this document. - -### Using GPG-Agent for artifact signing +### Configuring Gradle to use GPG > [!NOTE] > These instructions are for modern linux where `gpg` refers to the 2.0 version. -If you're running in linux and would like to use the GPG agent to remember your -PGP key passwords instead of keeping them in a plain-text file on your home -directory, you can configure the following in +You can configure Gradle to use GPG by adding the following in `/.gradle/gradle.properties`: ```text @@ -72,15 +49,16 @@ directory, you can configure the following in signingUseGpgCmd=true signing.gnupg.executable=gpg signing.gnupg.keyName= + + checkstyle.ignoreFailures=false ``` Note: You can retrieve the list of previously created GPG keys on your machine -by using `gpg --list-secret-keys`. Additionally, you might still be asked for -the GPG key's passphrase while signing the artifact, you can store the key in a -password manager (or in the built-in Keyring) to avoid entering the password +by using `gpg --list-secret-keys`. Additionally, you can use a GPG Agent and/or +a password manager (or the built-in Keyring) to avoid entering the password manually.\ For more details, checkout the -[help section](#help-timeout-while-singing-during-release-process) on the bottom +[help section](#help-timeout-with-gpg-operations) on the bottom of this guide. > [!IMPORTANT] @@ -222,7 +200,7 @@ qualifiers (like 'alpha') which are set. Make sure that: - The generated POM files for the individual module have the correct version number. - The dependencies for an individual module in the POM file are the expected - ones & they dependencies have the correct versions. + ones & the dependencies have the correct versions. - The module content includes all the artifacts that are expected to be published - for instance, sourcesJar, javadocs, additional variants like a shaded JAR in some cases, etc. @@ -252,28 +230,7 @@ $ COMMIT=1224f0a # Set the right commit hash. $ git cherry-pick -x $COMMIT ``` -### Help: Timeout during key-generation process -If you see timeout errors when you run `gpg --gen-key` to generate your keys, -it maybe because you are running the command on a server and do not have access -to a UI.\ -A common example is - running this command on a remote machine over ssh. - -The issue here is that this command opens up a UI dialog asking for you to set a -passphrase, waiting for input for a fixed time. - -The easiest way to fix this is to run it on a machine for which you have UI -access. - -### Help: Timeout while signing during release process -If you see timeout errors when you run `./gradlew snapshot` or -`./gradlew candidate` this could be because the process is expecting your GPGKey -passphrase and timed out waiting on it. -This is expected if you do not have access to the UI of the machine which runs -the gradle task.\ -A common example is - running this command on a remote machine over ssh. - -The issue here is that this command opens up a UI dialog asking for you to set a -passphrase, waiting for input for a fixed time. - -The easiest way to fix this is to run it on a machine for which you have UI -access. +### Help: Timeout with gpg operations +If you see a timeout error when running `gpg` commands, then you probably have a +graphical session with a gpg agent that is prompting you for a password. Check +your graphical sessions for a password prompt.