使用 gpg:sign-and-deploy-file 部署到 Maven Central 时出现 400 Bad Request

Getting 400 Bad Request when deploying to Maven Central with gpg:sign-and-deploy-file

我有一个 .jar 文件,我想使用 Travis 将其上传到 Maven Central。创建账号的Jira ticket是我公司发给Sonatype的,账号已经创建。

我在 Travis 脚本中上传工件的命令如下:

mvn gpg:sign-and-deploy-file \
  -DpomFile=stuff/pom.xml \
  -Dfile=_build/java/Packager.jar \
  -Durl=https://oss.sonatype.org/service/local/staging/deploy/maven2/ \
  -DrepositoryId=maven-central \
  -Dgpg.passphrase=${mvn_passphrase}

命令的输出以以下错误结束:

Uploading to maven-central: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.jar
Uploading to maven-central: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  8.115 s
[INFO] Finished at: 2020-01-15T16:48:51Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign-and-deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact com.cloudblue:connect-sdk:jar:18.0 from/to maven-central (https://oss.sonatype.org/service/local/staging/deploy/maven2/): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.jar 400 Bad Request -> [Help 1]

这些是 ~/.m2/settings.xml 文件的内容:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                            http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <profiles>
        <profile>
            <id>maven-central</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
        </profile>
    </profiles>

    <activeProfiles>
        <activeProfile>maven-central</activeProfile>
    </activeProfiles>

    <servers>
        <server>
            <id>maven-central</id>
            <!-- These will be replaced by the proper env vars by the Travis script -->
            <username>__USER__</username>
            <password>__PASSWORD__</password>
        </server>
    </servers>
</settings>

这是我的 pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.cloudblue</groupId>
    <artifactId>connect-sdk</artifactId>
    <version>18.0</version>
    <packaging>jar</packaging>

    <name>${project.groupId}:${project.artifactId}</name>
    <description>Connect Java SDK autogenerated from Haxe sources.</description>
    <url>https://github.com/cloudblue/connect-java-sdk</url>

    <licenses>
        <license>
            <name>The Apache License, Version 2.0</name>
            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
        </license>
    </licenses>

    <developers>
        <developer>
            <name>CloudBlue</name>
            <email>connect-service-account@ingrammicro.com</email>
            <organization>CloudBlue</organization>
            <organizationUrl>https://www.cloudblue.com/</organizationUrl>
        </developer>
    </developers>

    <scm>
        <connection>scm:git:git://github.com/cloudblue/connect-java-sdk.git</connection>
        <developerConnection>scm:git:ssh://github.com:cloudblue/connect-java-sdk.git</developerConnection>
        <url>https://github.com/cloudblue/connect-java-sdk</url>
    </scm>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <maven-deploy-plugin.version>3.0.0-M1</maven-deploy-plugin.version>
    </properties>

    <build>
        <plugins>
            <plugin>
                <artifactId>maven-deploy-plugin</artifactId>
                <version>${maven-deploy-plugin.version}</version>
                <executions>
                    <execution>
                        <configuration>
                            <repositoryId>maven-central</repositoryId>
                            <file>connect.jar</file>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-gpg-plugin</artifactId>
                <version>${maven-gpg-plugin-version}</version>
                <executions>
                    <execution>
                        <id>sign-artifacts</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                    <groupId>org.sonatype.plugins</groupId>
                    <artifactId>nexus-staging-maven-plugin</artifactId>
                    <version>1.6.8</version>
                    <extensions>true</extensions>
                    <configuration>
                        <serverId>maven-central</serverId>
                        <nexusUrl>https://oss.sonatype.org/</nexusUrl>
                        <autoReleaseAfterClose>true</autoReleaseAfterClose>
                    </configuration>
            </plugin>
        </plugins>
    </build>

    <distributionManagement>
        <snapshotRepository>
            <id>maven-central</id>
            <name>Snapshot</name>
            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
        </snapshotRepository>
        <repository>
            <id>maven-central</id>
            <name>Release</name>
            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
        </repository>
    </distributionManagement>
</project>

有人可以就 400 错误的可能原因提供指导吗?

编辑: 我找到了其中一个问题的原因。创建 Sonatype 帐户时,groupId 未设置为正确的值。它已被修复。现在,使用 deploy:deploy-file 目标可以正确上传包,但是使用 gpg:sign-and-deploy-file 签名和上传文件会引发以下错误:

Uploading to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar
Uploaded to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar (374 kB at 19 kB/s)
Uploading to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.pom
Uploaded to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.pom (3.7 kB at 6.2 kB/s)
Downloading from connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/maven-metadata.xml
Downloading from connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc
[WARNING] Could not transfer metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc from/to connect (https://oss.sonatype.org/service/local/staging/deploy/maven2): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc 400 Bad Request
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  27.511 s
[INFO] Finished at: 2020-01-17T08:00:16Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign-and-deploy-file (default-cli) on project standalone-pom: Failed to retrieve remote metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc: Could not transfer metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc from/to connect (https://oss.sonatype.org/service/local/staging/deploy/maven2): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc 400 Bad Request -> [Help 1]

我最终使用 REST API 上传了所有工件并且效果非常好。 Maven 似乎是随机工作的。有时是在上传签名文件,大多数时候不是。

对于有同样问题的人,我们做了以下工作:

我很傻,在 pomFile 参数中包含了我项目的路径 pom.xml 而不是 jar pom,这也导致了这个错误。 希望能帮助我的一些同行解决这个问题。