Updated the cred validator to new API

agrasth · agrasth · commit b19ae7d2dc8a · 2026-01-31T12:28:38.000+05:30
diff --git a/.github/workflows/credential-validation.yml b/.github/workflows/credential-validation.yml
@@ -2,6 +2,9 @@ name: Credential Validation
 
 on:
   workflow_dispatch:  # Triggered by Jenkins or manually
+  pull_request:       # Run on PRs to verify the fix
+    branches:
+      - master
 
 jobs:
   validate-credentials:
@@ -35,31 +38,91 @@ jobs:
         id: validate_maven_central
         if: always()  # Run even if JFrog validation fails
         run: |
-          echo "Testing Maven Central (OSSRH) connection..."
+          echo "Testing Maven Central (OSSRH) credentials..."
+          echo ""
           
-          # Test authentication against Nexus staging profiles API
-          HTTP_CODE=$(curl -s -o /dev/null -w '%{http_code}' \
+          # Test 1: Check actual Maven repository endpoint (what mvn deploy uses)
+          echo "Test 1: Checking Maven repository authentication..."
+          REPO_CODE=$(curl -s -o /dev/null -w '%{http_code}' \
             -u "${{ secrets.OSSRH_USERNAME }}:${{ secrets.OSSRH_PASSWORD }}" \
-            "https://oss.sonatype.org/service/local/staging/profiles")
+            -X GET \
+            "https://oss.sonatype.org/service/local/repositories")
           
-          echo "Maven Central API response: $HTTP_CODE"
+          echo "  Endpoint: /service/local/repositories"
+          echo "  Response: HTTP $REPO_CODE"
           
-          if [ "$HTTP_CODE" = "200" ]; then
-            echo "status=SUCCESS" >> $GITHUB_OUTPUT
-            echo "message=Maven Central connection successful" >> $GITHUB_OUTPUT
-            echo "SUCCESS: Maven Central credentials are valid"
-          elif [ "$HTTP_CODE" = "401" ]; then
-            echo "status=FAILURE" >> $GITHUB_OUTPUT
-            echo "message=Authentication failed - invalid credentials" >> $GITHUB_OUTPUT
-            echo "ERROR: Maven Central authentication failed (401)"
-            exit 1
-          elif [ "$HTTP_CODE" = "403" ]; then
-            echo "status=SUCCESS" >> $GITHUB_OUTPUT
-            echo "message=Credentials valid (limited permissions on staging API is normal)" >> $GITHUB_OUTPUT
-            echo "SUCCESS: Maven Central credentials valid (403 on staging API is acceptable for deployment)"
+          if [ "$REPO_CODE" = "200" ]; then
+            echo "  ✅ Repository access verified"
+            echo ""
+            echo "✅ SUCCESS: Maven Central credentials are valid and working"
+            echo "status=success" >> $GITHUB_OUTPUT
+            exit 0
+          elif [ "$REPO_CODE" = "401" ]; then
+            echo "  ❌ Authentication failed"
+          elif [ "$REPO_CODE" = "403" ]; then
+            echo "  ⚠️  Authenticated but forbidden (may be OK)"
           else
-            echo "status=FAILURE" >> $GITHUB_OUTPUT
-            echo "message=Connection failed - HTTP $HTTP_CODE" >> $GITHUB_OUTPUT
-            echo "ERROR: Maven Central connection failed with HTTP $HTTP_CODE"
-            exit 1
+            echo "  ⚠️  Unexpected response: $REPO_CODE"
           fi
+          echo ""
+          
+          # Test 2: Try Nexus status endpoint (lightweight check)
+          echo "Test 2: Checking Nexus status endpoint..."
+          STATUS_CODE=$(curl -s -o /dev/null -w '%{http_code}' \
+            -u "${{ secrets.OSSRH_USERNAME }}:${{ secrets.OSSRH_PASSWORD }}" \
+            "https://oss.sonatype.org/service/local/status")
+          
+          echo "  Endpoint: /service/local/status"
+          echo "  Response: HTTP $STATUS_CODE"
+          
+          if [ "$STATUS_CODE" = "200" ]; then
+            echo "  ✅ Status check passed"
+            echo ""
+            echo "✅ SUCCESS: Maven Central credentials are valid"
+            echo "Note: Credentials work, but may have limited API access (normal for some endpoints)"
+            echo "status=success" >> $GITHUB_OUTPUT
+            exit 0
+          elif [ "$STATUS_CODE" = "401" ]; then
+            echo "  ❌ Authentication failed"
+          else
+            echo "  Response: HTTP $STATUS_CODE"
+          fi
+          echo ""
+          
+          # Test 3: Check if it's a Central Portal token (new system)
+          echo "Test 3: Checking Central Portal (new authentication system)..."
+          CENTRAL_CODE=$(curl -s -o /dev/null -w '%{http_code}' \
+            -H "Authorization: Bearer ${{ secrets.OSSRH_PASSWORD }}" \
+            "https://central.sonatype.com/api/v1/publisher/status")
+          
+          echo "  Endpoint: central.sonatype.com/api/v1/publisher/status"
+          echo "  Response: HTTP $CENTRAL_CODE"
+          
+          if [ "$CENTRAL_CODE" = "200" ]; then
+            echo "  ✅ Central Portal access verified"
+            echo ""
+            echo "✅ SUCCESS: New Central Portal credentials are valid"
+            echo "status=success" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+          echo ""
+          
+          # All tests failed
+          echo "❌ FAILURE: All authentication tests failed"
+          echo ""
+          echo "Results:"
+          echo "  • Repository endpoint: HTTP $REPO_CODE"
+          echo "  • Status endpoint: HTTP $STATUS_CODE"
+          echo "  • Central Portal: HTTP $CENTRAL_CODE"
+          echo ""
+          echo "📝 Action Required:"
+          echo "  Your Maven Central credentials appear to be invalid or expired."
+          echo "  Maven Central is migrating to a new authentication system."
+          echo ""
+          echo "  To fix:"
+          echo "  1. Visit: https://central.sonatype.com/"
+          echo "  2. Sign in and go to: Account → Generate User Token"
+          echo "  3. Update GitHub secrets with new token credentials"
+          echo ""
+          echo "status=failure" >> $GITHUB_OUTPUT
+          exit 1
