From 9fdaba2e8f4c2652926af6c0156a72027e5d2d3f Mon Sep 17 00:00:00 2001
From: owjs3901 <owjs3901@gmail.com>
Date: Wed, 27 May 2026 01:19:58 +0900
Subject: [PATCH] Fix Maven Central publish for vespera-bridge + gradle plugin

Three independent bugs blocked the 0.1.0 publish run
(https://github.com/dev-five-git/vespera/actions/runs/26458007485):

1. `shouldSign` probed `signingInMemoryKeyId` instead of
   `signingInMemoryKey`.  CI only sets the latter (the actual PGP
   private key), so `shouldSign` evaluated to `false` and the
   `signAllPublications()` call was skipped, leaving unsigned
   artifacts that Maven Central's Central Portal rejected during
   validation (gradle log ended at `Deployment is being validated`
   instead of progressing to `is being published`).

2. `libs/vespera-bridge-gradle-plugin/gradlew` lacked the executable
   bit, and the workflow's chmod step only touched
   `libs/vespera-bridge/gradlew`.  changepacks invokes
   `./gradlew publishToMavenCentral` per package, so the plugin
   publish failed immediately with no log output.

3. `.changepacks/config.json` did not list the gradle plugin in
   `updateOn`, so future Cargo bumps would not auto-bump the
   plugin alongside vespera-bridge.

Fixes:
- Both `build.gradle.kts` now probe `signingInMemoryKey` (both as a
  Gradle property and as `ORG_GRADLE_PROJECT_signingInMemoryKey`
  env var).
- `CI.yml` chmods +x both gradlew binaries.
- Both gradlew files are also marked `100755` in the index so the
  chmod step is defense-in-depth.
- `.changepacks/config.json` updates both Java packages on Cargo
  changes.
- Added a Patch changepack to drive the 0.1.0 -> 0.1.1 republish
  (Maven Central does not allow re-uploading the rejected 0.1.0).
---
 .../changepack_log_A8K-tWX7G216DOyLOY7Z8.json        |  1 +
 .changepacks/config.json                             |  5 ++++-
 .github/workflows/CI.yml                             |  7 +++++--
 libs/vespera-bridge-gradle-plugin/build.gradle.kts   | 12 ++++++++++--
 libs/vespera-bridge-gradle-plugin/gradlew            |  0
 libs/vespera-bridge/build.gradle.kts                 |  9 +++++++--
 libs/vespera-bridge/gradlew                          |  0
 7 files changed, 27 insertions(+), 7 deletions(-)
 create mode 100644 .changepacks/changepack_log_A8K-tWX7G216DOyLOY7Z8.json
 mode change 100644 => 100755 libs/vespera-bridge-gradle-plugin/gradlew
 mode change 100644 => 100755 libs/vespera-bridge/gradlew

diff --git a/.changepacks/changepack_log_A8K-tWX7G216DOyLOY7Z8.json b/.changepacks/changepack_log_A8K-tWX7G216DOyLOY7Z8.json
new file mode 100644
index 0000000..50b6dad
--- /dev/null
+++ b/.changepacks/changepack_log_A8K-tWX7G216DOyLOY7Z8.json
@@ -0,0 +1 @@
+{"changes":{"libs/vespera-bridge/build.gradle.kts":"Patch","libs/vespera-bridge-gradle-plugin/build.gradle.kts":"Patch"},"note":"Fix Maven Central publish: probe signingInMemoryKey (the actual private key, which CI sets) instead of signingInMemoryKeyId (which CI does not set); also chmod +x both gradlew binaries","date":"2026-05-26T16:19:26.1458553Z"}
\ No newline at end of file
diff --git a/.changepacks/config.json b/.changepacks/config.json
index c824273..a28a25b 100644
--- a/.changepacks/config.json
+++ b/.changepacks/config.json
@@ -3,7 +3,10 @@
   "baseBranch": "main",
   "latestPackage": "crates/vespera/Cargo.toml",
   "updateOn": {
-    "Cargo.toml": ["libs/vespera-bridge/build.gradle.kts"]
+    "Cargo.toml": [
+      "libs/vespera-bridge/build.gradle.kts",
+      "libs/vespera-bridge-gradle-plugin/build.gradle.kts"
+    ]
   },
   "publish": {
     "java": "./gradlew publishToMavenCentral --stacktrace"
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index c5f553f..bc06cc0 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -82,8 +82,11 @@ jobs:
           distribution: 'temurin'
           java-version: '17'
       - name: Make gradlew executable
-        working-directory: ./libs/vespera-bridge
-        run: chmod +x gradlew
+        # Both Java packages need their gradlew runnable — changepacks
+        # invokes `./gradlew publish` from each project directory.
+        run: |
+          chmod +x libs/vespera-bridge/gradlew
+          chmod +x libs/vespera-bridge-gradle-plugin/gradlew
       - uses: changepacks/action@main
         id: changepacks
         with:
diff --git a/libs/vespera-bridge-gradle-plugin/build.gradle.kts b/libs/vespera-bridge-gradle-plugin/build.gradle.kts
index 120b778..19720cf 100644
--- a/libs/vespera-bridge-gradle-plugin/build.gradle.kts
+++ b/libs/vespera-bridge-gradle-plugin/build.gradle.kts
@@ -34,8 +34,16 @@ gradlePlugin {
     }
 }
 
-val shouldSign = !providers.gradleProperty("signingInMemoryKeyId").orNull.isNullOrBlank()
-        || !System.getenv("ORG_GRADLE_PROJECT_signingInMemoryKeyId").isNullOrBlank()
+// Gate Maven Central signing on the presence of in-memory signing
+// credentials so `publishToMavenLocal` works for development /
+// dogfooding without GPG keys, while production releases still sign.
+//
+// We probe `signingInMemoryKey` (the actual PGP private key) rather
+// than `signingInMemoryKeyId` because CI only sets the former — the
+// vanniktech maven-publish plugin's `signAllPublications()` derives
+// the key ID from the key bytes when no explicit ID is supplied.
+val shouldSign = !providers.gradleProperty("signingInMemoryKey").orNull.isNullOrBlank()
+        || !System.getenv("ORG_GRADLE_PROJECT_signingInMemoryKey").isNullOrBlank()
 
 mavenPublishing {
     publishToMavenCentral(automaticRelease = true)
diff --git a/libs/vespera-bridge-gradle-plugin/gradlew b/libs/vespera-bridge-gradle-plugin/gradlew
old mode 100644
new mode 100755
diff --git a/libs/vespera-bridge/build.gradle.kts b/libs/vespera-bridge/build.gradle.kts
index 379d660..9318755 100644
--- a/libs/vespera-bridge/build.gradle.kts
+++ b/libs/vespera-bridge/build.gradle.kts
@@ -41,8 +41,13 @@ tasks.named<Test>("test") {
 // Gate Maven Central signing on the presence of in-memory signing
 // credentials so `publishToMavenLocal` works for development /
 // dogfooding without GPG keys, while production releases still sign.
-val shouldSign = !providers.gradleProperty("signingInMemoryKeyId").orNull.isNullOrBlank()
-        || !System.getenv("ORG_GRADLE_PROJECT_signingInMemoryKeyId").isNullOrBlank()
+//
+// We probe `signingInMemoryKey` (the actual PGP private key) rather
+// than `signingInMemoryKeyId` because CI only sets the former — the
+// vanniktech maven-publish plugin's `signAllPublications()` derives
+// the key ID from the key bytes when no explicit ID is supplied.
+val shouldSign = !providers.gradleProperty("signingInMemoryKey").orNull.isNullOrBlank()
+        || !System.getenv("ORG_GRADLE_PROJECT_signingInMemoryKey").isNullOrBlank()
 
 mavenPublishing {
     publishToMavenCentral(automaticRelease = true)
diff --git a/libs/vespera-bridge/gradlew b/libs/vespera-bridge/gradlew
old mode 100644
new mode 100755