Host on Maven Repository

[MeFisto94]

Since this part of Vault is something that should be a dependency for many plugins, it would make sense to publish them somewhere.

The reason why I dislike jitpack is that it's good for snapshots but otherwise your build will take ages and might even need a few retries due to HTTP 500s whenever the gradle cache time has expired.
It would be just more convenient and since there is a versioning scheme in place, it wouldn't hurt to deploy the artifacts somewhere.

[A248]

Another problem with jitpack is that it breaks when another project dependency starts with "com.github", making it necessary to break out either the other dependency or the jitpack dependency into another module.

[sgdc3]

Hosted on https://repo.codemc.io/
https://ci.codemc.io/job/ThirdParty/job/VaultAPI/

[A248]

May I ask whether this deployment is officially sanctioned by the Vault team? (@Sleaker )

[sgdc3]

No, it is an unofficial "mirror" managed by codemc.io, the jenkins job is monitoring this github repo.
If @Sleaker wants I can give him edit access to the ci job configuration.

[Sleaker]

I don't support 3rd party building/hosting because you have to trust the source. Jitpack is currently the official method and I'm not going to endorse self-hosted repositories.

[josephjthomas]

I don't support 3rd party building/hosting because you have to trust the source. Jitpack is currently the official method and I'm not going to endorse self-hosted repositories.

You say you have to trust the source, that makes sense, I wouldn't want to host my stuff on some repository I don't know either, but what is wrong with repo.maven.apache.org?
It's the "central repository" where millions of open source artifacts are hosted since 2004.
What is your issue with it? My issue with Jitpack is that it very unreliable in terms of stability, uptime and caching, I have had days where I couldn't build my project because Jitpack was dead.

[Geolykt]

MavenCentral does not really like artifacts that depend on artifacts which are on other repositories, however this stance has more or less changed over the years and it isn't all that bad nowadays.

Of course other motivations can also play a role, such as the signing requirement, or others

[josephjthomas]

The Sonatype team have heavily reworked their standards and requirements. All the video tutorials from 2015 are gone and you have actual guides nowadays. But yeah you have a point, they basically allow hosting of any open source software nowadays, whether it's an API, a library or a dependency for something else.
Artifact signing is only necessary for release builds, snapshot don't need to be signed, but maven has plugins for that (and so does gradle).

[A248]

In case anyone is wondering why Jitpack is wholly inadequate as a repository solution:

I run a build relying on Vault. Locally, it passes. On CI, it passes. On another CI, it fails. On the first CI, Jitpack resolves the artifact and all is well; on the second CI, Jitpack breaks and responds with a 521 error code.

[Geolykt]

Jitpack is down at the moment (jitpack/jitpack.io#5337)