Update credential validator for Sonatype Central Portal

agrasth · agrasth · commit b0bfec76fbb8 · 2026-04-29T02:11:07.000+05:30
- Switch from deprecated oss.sonatype.org to Central Portal
- Use CENTRAL_USERNAME/CENTRAL_PASSWORD secrets
- Use UserToken auth scheme (base64 encoded) against Central Portal API
diff --git a/.github/workflows/credential-validation.yml b/.github/workflows/credential-validation.yml
@@ -31,35 +31,35 @@ jobs:
             exit 1
           fi
 
-      - name: Validate Maven Central (OSSRH) Credentials
+      - name: Validate Maven Central (Central Portal) Credentials
         id: validate_maven_central
-        if: always()  # Run even if JFrog validation fails
+        if: always()
         run: |
-          echo "Testing Maven Central (OSSRH) connection..."
-          
-          # Test authentication against Nexus staging profiles API
+          echo "Testing Maven Central (Central Portal) connection..."
+
+          # Central Portal uses UserToken auth scheme: Authorization: UserToken <base64(user:pass)>
+          TOKEN=$(echo -n "${{ secrets.CENTRAL_USERNAME }}:${{ secrets.CENTRAL_PASSWORD }}" | base64)
           HTTP_CODE=$(curl -s -o /dev/null -w '%{http_code}' \
-            -u "${{ secrets.OSSRH_USERNAME }}:${{ secrets.OSSRH_PASSWORD }}" \
-            "https://oss.sonatype.org/service/local/staging/profiles")
-          
+            -H "Authorization: UserToken $TOKEN" \
+            "https://central.sonatype.com/api/v1/publisher/published?namespace=org.jfrog.buildinfo&name=artifactory-maven-plugin&version=3.7.1")
+
           echo "Maven Central API response: $HTTP_CODE"
-          
-          if [ "$HTTP_CODE" = "200" ]; then
+
+          # 200 = auth OK and artifact found
+          # 404 = auth OK but artifact not found
+          # 401 = invalid credentials
+          if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "404" ]; then
             echo "status=SUCCESS" >> $GITHUB_OUTPUT
-            echo "message=Maven Central connection successful" >> $GITHUB_OUTPUT
-            echo "SUCCESS: Maven Central credentials are valid"
+            echo "message=Maven Central credentials valid" >> $GITHUB_OUTPUT
+            echo "✅ Maven Central credentials are valid"
           elif [ "$HTTP_CODE" = "401" ]; then
             echo "status=FAILURE" >> $GITHUB_OUTPUT
             echo "message=Authentication failed - invalid credentials" >> $GITHUB_OUTPUT
-            echo "ERROR: Maven Central authentication failed (401)"
+            echo "❌ Maven Central authentication failed (401)"
             exit 1
-          elif [ "$HTTP_CODE" = "403" ]; then
-            echo "status=SUCCESS" >> $GITHUB_OUTPUT
-            echo "message=Credentials valid (limited permissions on staging API is normal)" >> $GITHUB_OUTPUT
-            echo "SUCCESS: Maven Central credentials valid (403 on staging API is acceptable for deployment)"
           else
             echo "status=FAILURE" >> $GITHUB_OUTPUT
             echo "message=Connection failed - HTTP $HTTP_CODE" >> $GITHUB_OUTPUT
-            echo "ERROR: Maven Central connection failed with HTTP $HTTP_CODE"
+            echo "❌ Maven Central connection failed with HTTP $HTTP_CODE"
             exit 1
           fi
