kpm 0.11.2 → 0.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 52403662d712a2a4e5d5f4858f9f5fdec00cfae193fb0fa584ac9e4ad0915b88
-  data.tar.gz: f44f9d18991344583ca2cf6edcea3973930396d8ed72781c6d178afa07c42e0f
+  metadata.gz: 6643e5b3189a2c301e1f8ed870467b15e8dcec6705f28b871af562dc18d5e908
+  data.tar.gz: 4afba99b8398ec1ab9da578b1966e6512b98bb5e3249400df28912d9aae0f0ba
 SHA512:
-  metadata.gz: 3f1197e9c21b9ff52f6938a329af118434243e8fceb8145826139e00598f68c1ae9567347cc3d2e462ad2fe6d2e26bc116037b259698656207a61366eda24e28
-  data.tar.gz: 1b48ddb9aa45a443c2d5a2af4ea8b38b2b3e8dfb66dbffe44ab5b8249dedad13a1cb68398f3f0ed2cef668b7731cc1bfcbf6029ea1bf2b700def47a6e7c2fa7b
+  metadata.gz: 1f96129abad9b2d687d2d2ab59689b80b1a799d442d61cd1d2a9716ebb1c6d7b006b36dbf8bd7c71df935a78fdf177fc72504f9ea8ffc189e97d7005a7c53f69
+  data.tar.gz: 274e48a2e1a95f93e5aa4b8603d38be14a36ec6daf0ca19d8504e7d6736ad8ef8f5ca108210412d246ebd3eaecbe03b27fc83cac973f4fb3d869e31adfd52635

data/lib/kpm/base_artifact.rb

@@ -49,7 +49,7 @@ module KPM
 
       def nexus_defaults
         {
-          url: 'https://oss.sonatype.org',
+          url: 'https://repo1.maven.org/maven2',
           repository: 'releases'
         }
       end

data/lib/kpm/nexus_helper/actions.rb

@@ -3,6 +3,7 @@
 require_relative 'nexus_api_calls_v2'
 require_relative 'github_api_calls'
 require_relative 'cloudsmith_api_calls'
+require_relative 'maven_central_api_calls'
 
 module KPM
   module NexusFacade
@@ -25,15 +26,18 @@ module KPM
 
       def initialize(overrides, ssl_verify, logger)
         overrides ||= {}
-        overrides[:url] ||= 'https://oss.sonatype.org'
+        overrides[:url] ||= 'https://repo1.maven.org/maven2'
         overrides[:repository] ||= 'releases'
 
         @logger = logger
+        logger.level = Logger::INFO
 
         @nexus_api_call = if overrides[:url].start_with?('https://maven.pkg.github.com')
                             GithubApiCalls.new(overrides, ssl_verify, logger)
                           elsif overrides[:url].start_with?('https://dl.cloudsmith.io')
                             CloudsmithApiCalls.new(overrides, ssl_verify, logger)
+                          elsif overrides[:url].start_with?('https://repo1.maven.org')
+                            MavenCentralApiCalls.new(overrides, ssl_verify, logger)
                           else
                             NexusApiCallsV2.new(overrides, ssl_verify, logger)
                           end

data/lib/kpm/nexus_helper/maven_central_api_calls.rb

@@ -0,0 +1,246 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'uri'
+require 'json'
+require 'rexml/document'
+
+module KPM
+  module NexusFacade
+    class MavenCentralApiCalls < NexusApiCallsV2
+      READ_TIMEOUT_DEFAULT = 60
+      OPEN_TIMEOUT_DEFAULT = 60
+
+      attr_reader :configuration
+      attr_accessor :logger
+
+      BASE_REPO_URL = 'https://repo1.maven.org/maven2'
+      SEARCH_API = 'https://search.maven.org/solrsearch/select'
+
+      def initialize(configuration, _ssl_verify, logger)
+        @configuration = configuration
+        @configuration[:url] ||= BASE_REPO_URL
+        @logger = logger
+      end
+
+      def search_for_artifacts(coordinates)
+        artifact = parse_coordinates(coordinates)
+        params = {
+          q: "g:\"#{artifact[:group_id]}\" AND a:\"#{artifact[:artifact_id]}\"",
+          rows: 200,
+          wt: 'json',
+          core: 'gav'
+        }
+        query = params.map { |k, v| "#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}" }.join('&')
+        url = "#{SEARCH_API}?#{query}"
+
+        response = Net::HTTP.get_response(URI(url))
+        raise "Search failed: #{response.code}" unless response.code.to_i == 200
+
+        json = JSON.parse(response.body)
+        docs = json['response']['docs']
+        search_versions = docs.map { |doc| doc['v'] }.uniq
+
+        # Apply when the artifact provided
+        if artifact[:artifact_id]
+          # Fetch metadata versions (incase the artifact is not indexed)
+          metadata_url = build_metadata_url(artifact)
+          metadata_versions = []
+          begin
+            metadata_response = Net::HTTP.get(URI(metadata_url))
+            if metadata_response.nil? || metadata_response.strip.empty?
+              logger.debug { "Empty metadata response for #{artifact[:artifact_id]}" }
+            else
+              begin
+                metadata_xml = REXML::Document.new(metadata_response)
+                metadata_xml.elements.each('//versioning/versions/version') do |version_node|
+                  metadata_versions << version_node.text
+                end
+              rescue REXML::ParseException => e
+                logger.debug { "Malformed XML in metadata for #{artifact[:artifact_id]}: #{e.message}" }
+              end
+            end
+          rescue StandardError => e
+            logger.debug { "Failed to fetch metadata for #{artifact[:artifact_id]}: #{e.message}" }
+          end
+
+          # Combine versions
+          search_versions = (search_versions + metadata_versions).uniq.sort_by do |v|
+            begin
+              Gem::Version.new(v)
+            rescue ArgumentError
+              v
+            end
+          end.reverse
+
+          artifacts_xml = '<searchNGResponse><data>'
+          search_versions.each do |version|
+            artifacts_xml += '<artifact>'
+            artifacts_xml += "<groupId>#{artifact[:group_id]}</groupId>"
+            artifacts_xml += "<artifactId>#{artifact[:artifact_id]}</artifactId>"
+            artifacts_xml += "<version>#{version}</version>"
+            artifacts_xml += '<repositoryId>central</repositoryId>'
+            artifacts_xml += '</artifact>'
+          end
+        else # Incase no artifact_id is provided for plugin search
+          artifacts_xml = '<searchNGResponse><data>'
+          docs.each do |doc|
+            artifacts_xml += '<artifact>'
+            artifacts_xml += "<groupId>#{doc['g']}</groupId>"
+            artifacts_xml += "<artifactId>#{doc['a']}</artifactId>"
+            artifacts_xml += "<version>#{doc['v']}</version>"
+            artifacts_xml += '<repositoryId>central</repositoryId>'
+            artifacts_xml += '</artifact>'
+          end
+        end
+
+        artifacts_xml += '</data></searchNGResponse>'
+        artifacts_xml
+      end
+
+      def get_artifact_info(coordinates)
+        coords = parse_coordinates(coordinates)
+        version = coords[:version]
+        if version.casecmp('latest').zero?
+          version = fetch_latest_version(coords)
+          coords = coords.merge(version: version)
+        end
+        _, versioned_artifact, coords = build_base_path_and_coords([coords[:group_id], coords[:artifact_id], coords[:extension], coords[:classifier], version].compact.join(':'))
+        sha1 = get_sha1([coords[:group_id], coords[:artifact_id], coords[:extension], coords[:classifier], version].compact.join(':'))
+        artifact_xml = '<artifact-resolution><data>'
+        artifact_xml += '<presentLocally>true</presentLocally>'
+        artifact_xml += "<groupId>#{coords[:group_id]}</groupId>"
+        artifact_xml += "<artifactId>#{coords[:artifact_id]}</artifactId>"
+        artifact_xml += "<version>#{coords[:version]}</version>"
+        artifact_xml += "<extension>#{coords[:extension]}</extension>"
+        artifact_xml += "<snapshot>#{!(coords[:version] =~ /-SNAPSHOT$/).nil?}</snapshot>"
+        artifact_xml += "<sha1>#{sha1}</sha1>"
+        artifact_xml += "<repositoryPath>/#{coords[:group_id].gsub('.', '/')}/#{versioned_artifact}</repositoryPath>"
+        artifact_xml += '</data></artifact-resolution>'
+        artifact_xml
+      end
+
+      def pull_artifact(coordinates, destination)
+        artifact = parse_coordinates(coordinates)
+        version = artifact[:version]
+        version = fetch_latest_version(artifact) if version.casecmp('latest').zero?
+        file_name = build_file_name(artifact[:artifact_id], version, artifact[:classifier], artifact[:extension])
+        download_url = build_download_url(artifact, version, file_name)
+
+        dest_path = File.join(File.expand_path(destination || '.'), file_name)
+
+        File.open(dest_path, 'wb') do |io|
+          io.write(Net::HTTP.get(URI(download_url)))
+        end
+
+        {
+          file_name: file_name,
+          file_path: File.expand_path(dest_path),
+          version: version,
+          size: File.size(File.expand_path(dest_path))
+        }
+      end
+
+      private
+
+      def parse_coordinates(coordinates)
+        raise 'Invalid coordinates' if coordinates.nil?
+
+        parts = coordinates.split(':')
+
+        {
+          group_id: parts[0],
+          artifact_id: parts[1],
+          extension: parts.size > 3 ? parts[2] : 'jar',
+          classifier: parts.size > 4 ? parts[3] : nil,
+          version: parts[-1]
+        }
+      end
+
+      def build_base_path_and_coords(coordinates)
+        coords = parse_coordinates(coordinates)
+
+        token_org_and_repo = URI.parse(configuration[:url]).path
+
+        [
+          "#{token_org_and_repo}/#{coords[:group_id].gsub('.', '/')}/#{coords[:artifact_id]}",
+          "#{coords[:version]}/#{coords[:artifact_id]}-#{coords[:version]}.#{coords[:extension]}",
+          coords
+        ]
+      end
+
+      def get_sha1(coordinates)
+        base_path, versioned_artifact, = build_base_path_and_coords(coordinates)
+        endpoint = "#{base_path}/#{versioned_artifact}.sha1"
+        get_response_with_retries(nil, endpoint, nil)
+      end
+
+      def get_response_with_retries(coordinates, endpoint, what_parameters)
+        logger.debug { "Fetching coordinates=#{coordinates}, endpoint=#{endpoint}, params=#{what_parameters}" }
+        response = get_response(coordinates, endpoint, what_parameters)
+        logger.debug { "Response body: #{response.body}" }
+        process_response_with_retries(response)
+      end
+
+      def process_response_with_retries(response)
+        case response.code
+        when '200'
+          response.body
+        when '301', '302', '307'
+          location = response['Location']
+          logger.debug { "Following redirect to #{location}" }
+
+          new_path = location.gsub!(configuration[:url], '')
+          if new_path.nil?
+            # Redirect to another domain (e.g. CDN)
+            get_raw_response_with_retries(location)
+          else
+            get_response_with_retries(nil, location, nil)
+          end
+        when '404'
+          raise StandardError, ERROR_MESSAGE_404
+        else
+          raise UnexpectedStatusCodeException, response.code
+        end
+      end
+
+      def get_response(coordinates, endpoint, what_parameters)
+        http = build_http
+        query_params = build_query_params(coordinates, what_parameters) unless coordinates.nil?
+        endpoint = endpoint_with_params(endpoint, query_params) unless coordinates.nil?
+        request = Net::HTTP::Get.new(endpoint)
+        if configuration.key?(:username) && configuration.key?(:password)
+          request.basic_auth(configuration[:username], configuration[:password])
+        elsif configuration.key?(:token)
+          request['Authorization'] = "token #{configuration[:token]}"
+        end
+
+        logger.debug do
+          http.set_debug_output(logger)
+          "HTTP path: #{endpoint}"
+        end
+
+        http.request(request)
+      end
+
+      def build_metadata_url(artifact)
+        group_path = artifact[:group_id].tr('.', '/')
+        "#{BASE_REPO_URL}/#{group_path}/#{artifact[:artifact_id]}/maven-metadata.xml"
+      end
+
+      def fetch_latest_version(artifact)
+        xml = REXML::Document.new(Net::HTTP.get(URI(build_metadata_url(artifact))))
+        xml.elements['//versioning/latest']&.text || xml.elements['//version']&.text
+      end
+
+      def build_file_name(artifact_id, version, classifier, extension)
+        classifier ? "#{artifact_id}-#{version}-#{classifier}.#{extension}" : "#{artifact_id}-#{version}.#{extension}"
+      end
+
+      def build_download_url(artifact, version, file_name)
+        group_path = artifact[:group_id].tr('.', '/')
+        "#{BASE_REPO_URL}/#{group_path}/#{artifact[:artifact_id]}/#{version}/#{file_name}"
+      end
+    end
+  end
+end

data/lib/kpm/tasks.rb

@@ -245,7 +245,7 @@ module KPM
         def search_for_plugins
           all_plugins = KillbillPluginArtifact.versions(options[:overrides], options[:ssl_verify])
 
-          result = ''
+          result = String.new
           all_plugins.each do |type, plugins|
             result << "Available #{type} plugins:\n"
             Hash[plugins.sort].each do |name, versions|

data/lib/kpm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module KPM
-  VERSION = '0.11.2'
+  VERSION = '0.12.1'
 end

data/pom.xml

@@ -22,7 +22,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.kill-bill.billing.installer</groupId>
     <artifactId>kpm</artifactId>
-    <version>0.11.2</version>
+    <version>0.12.1</version>
     <packaging>pom</packaging>
     <name>KPM</name>
     <description>KPM: the Kill Bill Package Manager</description>
@@ -77,12 +77,12 @@
         </snapshotRepository>
     </distributionManagement>
     <properties>
-        <repository.release.id>sonatype-nexus-staging</repository.release.id>
-        <repository.release.name>Nexus Release Repository</repository.release.name>
-        <repository.release.url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</repository.release.url>
-        <repository.snapshot.id>sonatype-nexus-snapshots</repository.snapshot.id>
-        <repository.snapshot.name>Sonatype Nexus Snapshots</repository.snapshot.name>
-        <repository.snapshot.url>https://oss.sonatype.org/content/repositories/snapshots/</repository.snapshot.url>
+        <repository.release.id>central</repository.release.id>
+        <repository.release.name>Central Release Repository</repository.release.name>
+        <repository.release.url>https://central.sonatype.com/service/local/staging/deploy/maven2/</repository.release.url>
+        <repository.snapshot.id>central</repository.snapshot.id>
+        <repository.snapshot.name>Central Snapshots Repository</repository.snapshot.name>
+        <repository.snapshot.url>https://central.sonatype.com/repository/maven-snapshots/</repository.snapshot.url>
     </properties>
     <build>
         <pluginManagement>
@@ -201,17 +201,14 @@
                         </executions>
                     </plugin>
                     <plugin>
-                        <groupId>org.sonatype.plugins</groupId>
-                        <artifactId>nexus-staging-maven-plugin</artifactId>
-                        <version>1.6.8</version>
+                        <groupId>org.sonatype.central</groupId>
+                        <artifactId>central-publishing-maven-plugin</artifactId>
+                        <version>0.7.0</version>
                         <extensions>true</extensions>
                         <configuration>
-                            <serverId>ossrh-releases</serverId>
-                            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-                            <keepStagingRepositoryOnFailure>true</keepStagingRepositoryOnFailure>
-                            <keepStagingRepositoryOnCloseRuleFailure>true</keepStagingRepositoryOnCloseRuleFailure>
-                            <autoReleaseAfterClose>true</autoReleaseAfterClose>
-                            <stagingProgressTimeoutMinutes>10</stagingProgressTimeoutMinutes>
+                            <autoPublish>true</autoPublish>
+                            <publishingServerId>central</publishingServerId>
+                            <waitUntil>published</waitUntil>
                         </configuration>
                     </plugin>
                 </plugins>

data/spec/kpm/remote/killbill_plugin_artifact_spec.rb

@@ -34,9 +34,6 @@ describe KPM::KillbillPluginArtifact do
     expect(versions[:java]['analytics-plugin']).not_to be_nil
     logging_plugin_versions = versions[:java]['analytics-plugin'].to_a
     expect(logging_plugin_versions.size).to be >= 3
-    expect(logging_plugin_versions[0]).to eq '0.6.0'
-    expect(logging_plugin_versions[1]).to eq '0.7.0'
-    expect(logging_plugin_versions[2]).to eq '0.7.1'
   end
 
   private

data/spec/kpm/remote/maven_central_api_calls_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rexml/document'
+
+describe KPM::NexusFacade do
+  let(:logger) do
+    logger = ::Logger.new(STDOUT)
+    logger.level = Logger::DEBUG
+    logger
+  end
+  let(:test_version) { '0.24.15' }
+  let(:coordinates_map) do
+    { version: test_version,
+      group_id: 'org.kill-bill.billing',
+      artifact_id: 'killbill',
+      packaging: 'pom',
+      classifier: nil }
+  end
+  let(:coordinates) { KPM::Coordinates.build_coordinates(coordinates_map) }
+  let(:nexus_remote) { described_class::MavenCentralApiCalls.new({}, nil, logger) }
+
+  context 'when pulling release artifact' do
+    it {
+      response = nil
+      expect { response = nexus_remote.get_artifact_info(coordinates) }.not_to raise_exception
+      parsed_doc = REXML::Document.new(response)
+      expect(parsed_doc.elements['//version'].text).to eq(test_version)
+      expect(parsed_doc.elements['//repositoryPath'].text).to eq("/org/kill-bill/billing/#{test_version}/killbill-#{test_version}.pom")
+      expect(parsed_doc.elements['//snapshot'].text).to eq('false')
+    }
+
+    it {
+      response = nil
+      destination = Dir.mktmpdir('artifact')
+      expect { response = nexus_remote.pull_artifact(coordinates, destination) }.not_to raise_exception
+      destination = File.join(File.expand_path(destination), response[:file_name])
+      parsed_pom = REXML::Document.new(File.read(destination))
+      expect(parsed_pom.elements['//groupId'].text).to eq('org.kill-bill.billing')
+      expect(parsed_pom.elements['//artifactId'].text).to eq('killbill-oss-parent')
+      expect(parsed_pom.elements['//version'].text).to eq('0.146.63')
+    }
+  end
+
+  context 'when getting artifact info' do
+    it 'returns artifact info in XML format' do
+      response = nil
+      expect { response = nexus_remote.get_artifact_info(coordinates) }.not_to raise_exception
+      parsed_doc = REXML::Document.new(response)
+      expect(parsed_doc.elements['//groupId'].text).to eq('org.kill-bill.billing')
+      expect(parsed_doc.elements['//artifactId'].text).to eq('killbill')
+      expect(parsed_doc.elements['//version'].text).to eq(test_version)
+    end
+  end
+
+  context 'when searching for release artifact' do
+    it 'searches for artifacts and returns XML format' do
+      response = nil
+      expect do
+        response = nexus_remote.search_for_artifacts(coordinates)
+      end.not_to raise_exception
+
+      parsed_doc = REXML::Document.new(response)
+      expect(parsed_doc.elements['//groupId'].text).to eq('org.kill-bill.billing')
+      expect(parsed_doc.elements['//artifactId'].text).to eq('killbill')
+      expect(parsed_doc.elements['//version'].text).to eq(test_version)
+    end
+  end
+end

data/tasks/package.rake

@@ -156,7 +156,7 @@ def gem_exists?
   response = `gem specification 'kpm' -r -v #{VERSION} 2>&1`
   return false if response.nil?
 
-  specification = YAML.load(response)
+  specification = YAML.safe_load(response, permitted_classes: [Gem::Dependency, Gem::Requirement, Gem::Specification, Gem::Version, Symbol, Time])
   specification.instance_of?(Gem::Specification)
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kpm
 version: !ruby/object:Gem::Version
-  version: 0.11.2
+  version: 0.12.1
 platform: ruby
 authors:
 - Kill Bill core team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-02-26 00:00:00.000000000 Z
+date: 2025-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: highline
@@ -176,6 +176,7 @@ files:
 - lib/kpm/nexus_helper/actions.rb
 - lib/kpm/nexus_helper/cloudsmith_api_calls.rb
 - lib/kpm/nexus_helper/github_api_calls.rb
+- lib/kpm/nexus_helper/maven_central_api_calls.rb
 - lib/kpm/nexus_helper/nexus_api_calls_v2.rb
 - lib/kpm/nexus_helper/nexus_facade.rb
 - lib/kpm/plugins_directory.rb
@@ -207,6 +208,7 @@ files:
 - spec/kpm/remote/kaui_artifact_spec.rb
 - spec/kpm/remote/killbill_plugin_artifact_spec.rb
 - spec/kpm/remote/killbill_server_artifact_spec.rb
+- spec/kpm/remote/maven_central_api_calls_spec.rb
 - spec/kpm/remote/migrations_spec.rb
 - spec/kpm/remote/nexus_facade_spec.rb
 - spec/kpm/remote/tenant_config_spec.rb