Skip to content

Commit 4423ce2

Browse files
sarahchen6devflow.devflow-routing-intake
sarahchen6
and
devflow.devflow-routing-intake
authored
🍒 10942 - Use ossrh-staging-api releases for Maven Central credential check (#10946)
Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>
1 parent 14f1ebb commit 4423ce2

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

‎.gitlab-ci.yml‎

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -214,6 +214,34 @@ default:
214214
- *cgroup_info
215215
- *container_info
216216

217+
# Check and fail early if maven central credentials are incorrect. When a new token is generated
218+
# on the central publisher portal, it invalidates the old one. This check prevents going further.
219+
# See https://datadoghq.atlassian.net/wiki/x/Oog5OgE
220+
maven-central-pre-release-check:
221+
image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}base
222+
stage: .pre
223+
rules:
224+
- if: '$CI_COMMIT_BRANCH == "master"'
225+
when: on_success
226+
allow_failure: false
227+
- if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
228+
when: on_success
229+
allow_failure: false
230+
script:
231+
- |
232+
MAVEN_CENTRAL_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
233+
MAVEN_CENTRAL_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
234+
# See https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/
235+
# Use the staging API search endpoint to validate the tokens without relying on a specific deployment
236+
AUTHORIZATION_HEADER="Authorization: Bearer $(printf '%s:%s' "$MAVEN_CENTRAL_USERNAME" "$MAVEN_CENTRAL_PASSWORD" | base64)"
237+
if ! curl --silent --show-error --fail \
238+
"https://ossrh-staging-api.central.sonatype.com/manual/search/repositories?ip=any" \
239+
--header "$AUTHORIZATION_HEADER" \
240+
> /dev/null; then
241+
echo "Failed to authenticate tokens against maven central staging API. Check credentials and see https://datadoghq.atlassian.net/wiki/x/Oog5OgE"
242+
exit 1
243+
fi
244+
217245
dd-octo-sts-pre-release-check:
218246
image: registry.ddbuild.io/images/dd-octo-sts-ci-base:2025.06-1
219247
stage: .pre

0 commit comments

Comments
 (0)