Publish snapshots to maven via GHA

[gaiksaya]

Coming from opensearch-build#3185

What is happening?

We are de-coupling the task of publishing the maven snapshots from centralized build workflow to individual repositories. What this means is each repo can now publish maven snapshots using GitHub Actions.
This change unblocks the dependent components from waiting for a successful build before they can consume the snapshots. This also ensures that all snapshots are independent and up to date.

What do you need to do?

1. Determine what artifacts you publish to maven. Most plugins publish only zips. Example.
2. Add below repository under publishing in build.gradle:

    repositories {
        maven {
            name = "Snapshots"
            url = "https://aws.oss.sonatype.org/content/repositories/snapshots"
            credentials {
                username "$System.env.SONATYPE_USERNAME"
                password "$System.env.SONATYPE_PASSWORD"
            }
        }
    }

Example

3. Determine what gradle task will publish the content to snapshots repo. Example: ./gradlew publishPluginZipPublicationToSnapshotsRepository.
4. Create a pull request to set up a GitHub action that will fetch the credentials and publish the snpahots to https://aws.oss.sonatype.org/ See sample workflow.
5. Add @gaiksaya as a reviewer, who will also take care of creating the IAM role that is required to fetch the credentials and add it to the GitHub Secrets.

Testing

Test by editing the snapshot repository by updating the Snapshots target repository from maven to a local file system path.

build.gradle

        maven {
            name = "Snapshots" //  optional target repository name
            url = "https://aws.oss.sonatype.org/content/repositories/snapshots"
            credentials {
                username "$System.env.SONATYPE_USERNAME"
                password "$System.env.SONATYPE_PASSWORD"
            }
        }

->

        maven {
            name = "Snapshots" //  optional target repository name
            url = "snapshots"
        }

Run the command ./gradlew which will publish the files in the file system under the 'snapshots' folder, then scan with find or your favor directory scanner to see the zip + pom with sha files

% find snapshots | sort                                                                                                                                                                               ~/git/security
snapshots
snapshots/org
snapshots/org/opensearch
snapshots/org/opensearch/plugin
snapshots/org/opensearch/plugin/opensearch-security
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/maven-metadata.xml
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/maven-metadata.xml.md5
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/maven-metadata.xml.sha1
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/maven-metadata.xml.sha256
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/maven-metadata.xml.sha512
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.pom
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.pom.md5
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.pom.sha1
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.pom.sha256
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.pom.sha512
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.zip
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.zip.md5
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.zip.sha1
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.zip.sha256
snapshots/org/opensearch/plugin/opensearch-security/3.0.0.0-SNAPSHOT/opensearch-security-3.0.0.0-20230214.224249-1.zip.sha512
snapshots/org/opensearch/plugin/opensearch-security/maven-metadata.xml
snapshots/org/opensearch/plugin/opensearch-security/maven-metadata.xml.md5
snapshots/org/opensearch/plugin/opensearch-security/maven-metadata.xml.sha1
snapshots/org/opensearch/plugin/opensearch-security/maven-metadata.xml.sha256
snapshots/org/opensearch/plugin/opensearch-security/maven-metadata.xml.sha512

Please feel free to reach out to @opensearch-project/engineering-effectiveness.

[kartg]

Resolving since #320 is merged

[joshpalis]

@gaiksaya @prudhvigodithi

For future reference for the team regarding Job Scheduler snapshot publication to maven, please correct me if I am misunderstanding.

Currently, the path org.opensearch.opensearch-job-scheduler contains both the jars and zips. Though zips should not be published to this location, the maven metadata.xml prevents zips from being pulled from this location since extension is set as jar here : <extension>jar</extension>. Dependent plugins rely on jars for Job Scheduler dependencies

The path org.opensearch.plugin.opensearch-job-scheduler contains only the zip files, which dependent plugins rely on for backwards compatibility tests.

Moving forward, we planning on deprecating the path org.opensearch.opensearch-job-scheduler and org.opensearch.opensearch-job-scheduler-spi and relocating both to org.opensearch.plugin.~

Once Job Scheduler is relocated as a native plugin, org.opensearch.plugin.opensearch-job-scheduler will contain only the jars.

CC : @owaiskazi19 @vibrantvarun