Clojurians Log v2

If I want to publish a tools deps project as a jar to a repo (e.g. clojars) and I have an up-to-date pom.xml, what is the "right" artifact to publish if you are using git coordinates for your dependencies? Do I need to create an uberjar and publish that? Is there a way to package the git deps src in a regular jar target? This is assuming a library project with git dependencies.

there is no way to do that

git deps are only usable from source deps

as soon as you say "artifact", you're talking about maven and you need to depend only on other artifacts

Makes sense. Seems like an uberjar as lib or jar + git deps as lib would be a mess.

Is there a Maven command or Clojure lib someone made that uploads a jar file to a S3 bucket? All the tools I've found seem like they expect to build the jar for you.

well you can just do an aws s3 cp if that's sufficient

I tried that and receive this message from tools-deps "Download corrupted: Checksum validation failed, no checksums available." It actually all works (i.e., jvm starts up with the jar on the cp) but it'd be nice to do it the correct way.

Or maybe that's a bug in tools-deps?

well if you just upload the jar without the checksum files, you will see this message

I figured. Is there something out there that can do this the correct way to avoid this warning?

the correct way is to compute an md5 or sha1 checksum for the jar and upload those (and ideally to gpg sign all of those files as well). I do not know of a tool that does that (although I have started working on one)

an example of what goes into maven central is something like this: https://repo1.maven.org/maven2/org/clojure/tools.deps.alpha/0.8.677/

how that all gets created and uploaded is quite complicated, and clojars does much less (and even less is really required)

really, just the jar and the md5 or sha1 file (and ideally the pom) are probably sufficient

you can use a tool like sha1sum or md5sum to make that

there is also a version metadata file that should be updated too (like https://repo1.maven.org/maven2/org/clojure/tools.deps.alpha/maven-metadata.xml) if you want something like RELEASE version to work.

Wowza. Did not realize what I was getting myself in to. Thank you for all this info. I assume the work you started on is not public yet?

no, nothing usable

I would like to handle a) clojars b) s3 and c) maven central in that order which I think handles both the most common and easiest items first

there are multiple options on each and it is way harder than it should be for sure

Will try the jar + hash suggestion. And try to restrain myself from building something complete. Thanks again 🙂

Maybe I should build a tool on top of pack. It would force me to finish the api.

For deps that need to be kept in sync, or even in times where its likely two things should udpate together, what strategy have people used? My first thought would be that deps wouldn't be responsible for this and this more when you need a tool like lein. But if i only have this issue maybe soemthing a tad more lightweight.

@drewverlee I put them next to each other in deps.edn with a comment explaining the relationship.

(it's a project/application concern, not a tooling concern really -- so it's more about making sure people know how/when to change stuff)

BTW, that's also why I'm generally against tools that update my configuration files automatically -- those tools cannot know about such constraints, e.g., I may have very valid reasons for keeping two particular dependencies on older versions together, even if newer versions of one or both exist.

Seems reasonable, I guess I should start with the comment and add more as needed. Thanks @seancorfield