bug: can't publish to maven
MrArnoldPalmer opened this issue · 4 comments
Starting today, Jan 15 2020, traffic to the maven central repository is required to be over https. Currently the build environments of the codebuild tasks used for publishing are running on ubuntu 14.04 and we install maven using apt-get through the default ubuntu package repository. This results in maven 3.0.4 being installed.
http://maven.apache.org/ref/3.0.4/maven-model-builder/super-pom.html
You'll notice that the protocol for the central repository url in the maven settings of this version is http.
Compare that to https in the settings of all versions after 3.2.3.
http://maven.apache.org/ref/3.2.3/maven-model-builder/super-pom.html
Currently publishes fail with the following error.
501 HTTPS Required.
Use https://repo.maven.apache.org/maven2/
More information at https://links.sonatype.com/central/501-https-required
This occurs when running the maven gpg:sign-and-deploy-file plugin command in publish-mvn.sh
Proposed solutions
-
Change the command we use to install maven from
apt-get install mavento directly downloading the version we want. From my brief reading this looks like it will also require installing jdk separately. -
Change the container we are running publishes in to be the official nodejs container on docker hub. This is based on debian jessie and
apt-get install mavenwill get us maven 3.6.0. -
Change the maven settings in maven-publish.sh and specify the central repository ourselves using https. (will this actually work?)
Option 3 sounds like something worth trying opportunistically, no?
Agreed, gonna give that a shot.
Looks like that didn't work, maybe this is something you can't override at the user level?
Option 2 feels like the next best alternative to me.
Changing strategies to use the updated superchain image from aws/jsii#1205.