fix(ci): run wrapper verification after publishForge to avoid first-bump 404#15602
Merged
Conversation
…ump 404 The `Verify grails-wrapper` step ran `grailsw --version` against the just-built wrapper, which downloads `org.apache.grails:grails-cli` from Apache Nexus. `grails-cli` is published by `publishForge` (in the grails-forge sub-project), but the verify step lived in the `publish` job which runs before `publishForge`. The smoke test only worked because Nexus already had a stale `grails-cli` snapshot for the same projectVersion from a previous run. The first publish run after a post-release version bump (e.g. 7.0.x bumping to 7.0.12-SNAPSHOT, or 7.1.x's recent bump to 7.1.1-SNAPSHOT) would always 404. Move the verification into a new `verifyWrapper` job that depends on both `publish` and `publishForge`, so by the time it runs `grails-cli` for this branch's exact projectVersion is guaranteed to be in Nexus. The `publish` job now uploads the wrapper distribution zip as an intermediate artifact (`apache-grails-wrapper-distribution-zip`) and `verifyWrapper` produces the user-facing `apache-grails-wrapper-SNAPSHOT-bin` artifact unchanged. Assisted-by: claude-code:claude-opus-4
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a CI publish pipeline ordering issue where the grails-wrapper smoke test (grailsw --version) could run before grails-cli (published by publishForge) exists for a freshly bumped SNAPSHOT version, causing 404 failures.
Changes:
- Removes wrapper verification from the
publishjob and introduces a dedicatedverifyWrapperjob. - Uploads the wrapper distribution zip as an intermediate artifact from
publish, then downloads/verifies it inverifyWrapperafterpublishForgecompletes. - Keeps the user-facing artifact name (
apache-grails-wrapper-SNAPSHOT-bin) by re-uploading extracted wrapper contents fromverifyWrapper.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
To prevent the 'Output Agent IP' step from failing the entire verifyWrapper job due to network issues, add 'continue-on-error: true' to make it non-blocking. .github/workflows/gradle.yml |
jdaugherty
requested changes
Apr 25, 2026
jdaugherty
reviewed
Apr 25, 2026
jdaugherty
reviewed
Apr 25, 2026
Resolve conflict in .github/workflows/gradle.yml: keep this branch's verifyWrapper job restructure while picking up dependabot's actions/upload-artifact v7.0.0 -> v7.0.1 bump for the new upload steps. Assisted-by: claude-code:claude-opus-4
Per review feedback: drop the 'smoke test downloads grails-cli from Nexus' framing and the historical 'Previously the verify step lived inside publish' narrative. The job's purpose is to verify the wrapper works end-to-end; ordering after publishForge is the means, not the end. Assisted-by: claude-code:claude-opus-4
Restore the publish job's wrapper build step to its byte-identical pre-PR form (just \./gradlew :grails-wrapper:distZip\) and upload the gradle-produced apache-grails-wrapper-<version>.zip directly via path glob, instead of renaming it to wrapper.zip first. The verify run script is also restored to its pre-PR form, with only \mkdir -p build\ added since the new job doesn't run gradle to create that directory. Net effect: the intermediate artifact 'apache-grails-wrapper-distribution-zip' now contains the version-stamped filename produced by gradle, matching the convention already in use elsewhere in this workflow (e.g. the docs job). The user-facing apache-grails-wrapper-SNAPSHOT-bin artifact is unaffected. Assisted-by: claude-code:claude-opus-4
…per-SNAPSHOT-bin directly Per review feedback, eliminate the secondary apache-grails-wrapper-distribution-zip artifact. The publish job now uploads the extracted wrapper directory under its existing user-facing name (apache-grails-wrapper-SNAPSHOT-bin), and verifyWrapper downloads that single artifact and runs grailsw --version directly against it. The publish job's Create Grails Wrapper Distribution Zip step absorbs the cp/unzip/mv ceremony that used to live in the inline verify step; only the grailsw --version invocation moves to the new verifyWrapper job. The user-facing artifact name and contents are identical to the pre-PR state. Assisted-by: claude-code:claude-opus-4
jdaugherty
approved these changes
Apr 25, 2026
Contributor
Author
|
Monitorig https://github.com/apache/grails-core/actions/runs/24933507519 and then will merge up |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes the
Verify grails-wrapperfailure that broke the publish run on 7.1.x at https://github.com/apache/grails-core/actions/runs/24911783419/job/72960758147 with:Root cause
This repository contains three independent sub-projects that publish separately:
grails-core(root)publishgrails-gradle/publishGradlegrails-forge/publishForgegrails-cli(combined shadow jar), grails-forge-cliThe
Verify grails-wrapperstep rangrailsw --version, andgrailswalways downloadsorg.apache.grails:grails-cli(GrailsWrapperHome.CLI_COMBINED_PROJECT_NAME = "grails-cli"). That artifact is produced bypublishForge, butpublishForgeneeds: [ buildForge, publishGradle, publish ], so it runs after the verify step that depends on it.Until now the smoke test happened to pass because Nexus already had a
grails-cli/<projectVersion>snapshot from a previouspublishForgerun. PR #15598 then pinned verify toprojectVersionviaPREFERRED_GRAILS_VERSION, which exposed the underlying chicken-and-egg: the very firstpublishrun after any post-release version bump finds nograils-cli/<new-version>-SNAPSHOTand 404s.Confirmed against
https://repository.apache.org/content/groups/public/org/apache/grails/grails-cli/:7.0.11-SNAPSHOT/exists (stale, dated 20260404 - priorpublishForgerun before the verify ran on 20260424).7.1.0-SNAPSHOT/and7.1.0/exist.7.1.1-SNAPSHOT/does not exist - the version was bumped post-release on 7.1.x andpublishForgehas not run since. Hence the 404 on 7.1.x.7.0.x will hit the same failure the next time it bumps to
7.0.12-SNAPSHOT, so this fix targets7.0.xfor forward-merge into 7.1.x and 8.0.x.Fix
Move the wrapper smoke test out of
publishand into a newverifyWrapperjob thatneeds: [ publish, publishForge ]. By the time it runs, both the wrapper itself (frompublish) andgrails-cli/<projectVersion>(frompublishForge) are in Nexus.Wiring:
publishbuilds the wrapper distZip and uploads it as a new intermediate artifactapache-grails-wrapper-distribution-zip(renamed towrapper.zipfor a stable filename).verifyWrapperdownloads that zip, runsgrailsw --version(which now succeeds becausegrails-cli/<projectVersion>exists), and uploads the extracted contents under the existing user-facing artifact nameapache-grails-wrapper-SNAPSHOT-bin. The artifact name visible on the workflow summary page is unchanged.docsis intentionally left asneeds: [ publish ]to preserve current parallelism withpublishForge/verifyWrapper. Wrapper verification failures should surface as a CI failure, not gate documentation publishing.The
PREFERRED_GRAILS_VERSIONpin from PR #15598 is preserved, since pinning to the branch's snapshot is still desirable - we just no longer require that snapshot to have been pre-published.Job graph (after this PR)
(* gated by
[skip tests].)Contributor Checklist
Issue and Scope
7.0.xbecause the bug is structural and forward-merges cleanly into 7.1.x and 8.0.x. Thepublish/publishForge/docssection ofgradle.ymlis identical across all three branches.Code Quality
.github/workflows/gradle.yml.python -c 'import yaml; yaml.safe_load(open(... ))').verifyWrapper.needs == ['publish', 'publishForge'],docs.needs == ['publish'],publishForge.needs == ['buildForge', 'publishGradle', 'publish'].Licensing and Attribution
Documentation
apache-grails-wrapper-SNAPSHOT-bin) is unchanged.The next post-bump run on each release branch will exercise the new ordering. If verification fails for an unrelated reason in the future, the failure will now be reported on its own job rather than masked inside
publish.