From 2fd1900c5c97ef506c4900f6303b9c5f26de014a Mon Sep 17 00:00:00 2001
From: Sarah Chen <sarah.chen@datadoghq.com>
Date: Tue, 1 Jul 2025 15:58:29 -0400
Subject: [PATCH 1/2] Change sonatype naming to maven central

---
 .gitlab-ci.yml             | 14 +++++++-------
 build.gradle               |  4 ++--
 gradle/publish.gradle      |  8 ++++----
 gradle/repositories.gradle |  2 +-
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cfd791338ba..9d36253047d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -743,8 +743,8 @@ deploy_to_di_backend:manual:
     UPSTREAM_COMMIT_AUTHOR: $CI_COMMIT_AUTHOR
     UPSTREAM_COMMIT_SHORT_SHA: $CI_COMMIT_SHORT_SHA
 
-# If the deploy_to_sonatype job is re-run, re-trigger the deploy_artifacts_to_github job as well so that the artifacts match.
-deploy_to_sonatype:
+# If the deploy_to_maven_central job is re-run, re-trigger the deploy_artifacts_to_github job as well so that the artifacts match.
+deploy_to_maven_central:
   extends: .gradle_build
   stage: publish
   needs: [ build ]
@@ -761,8 +761,8 @@ deploy_to_sonatype:
     - when: manual
       allow_failure: true
   script:
-    - export SONATYPE_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
-    - export SONATYPE_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
+    - export MAVEN_CENTRAL_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
+    - export MAVEN_CENTRAL_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
     - export GPG_PRIVATE_KEY=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.signing.gpg_private_key --with-decryption --query "Parameter.Value" --out text)
     - export GPG_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.signing.gpg_passphrase --with-decryption --query "Parameter.Value" --out text)
     - ./gradlew -PbuildInfo.build.number=$CI_JOB_ID publishToSonatype closeSonatypeStagingRepository -PskipTests $GRADLE_ARGS
@@ -780,11 +780,11 @@ deploy_artifacts_to_github:
       when: never
     - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
       when: on_success
-  # Requires the deploy_to_sonatype job to have run first (the UP-TO-DATE gradle check across jobs is broken)
+  # Requires the deploy_to_maven_central job to have run first (the UP-TO-DATE gradle check across jobs is broken)
   # This will deploy the artifacts built from the publishToSonatype task to the GitHub release
   needs:
-    - job: deploy_to_sonatype
-      # The deploy_to_sonatype job is not run for release candidate versions
+    - job: deploy_to_maven_central
+      # The deploy_to_maven_central job is not run for release candidate versions
       optional: true
   script:
     - aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.gh_release_token --with-decryption --query "Parameter.Value" --out text > github-token.txt
diff --git a/build.gradle b/build.gradle
index ac0bd29d117..398629130ec 100644
--- a/build.gradle
+++ b/build.gradle
@@ -110,8 +110,8 @@ nexusPublishing {
       sonatype {
         nexusUrl.set(uri("https://ossrh-staging-api.central.sonatype.com/service/local/"))
         snapshotRepositoryUrl.set(uri("https://central.sonatype.com/repository/maven-snapshots/"))
-        username = System.getenv("SONATYPE_USERNAME")
-        password = System.getenv("SONATYPE_PASSWORD")
+        username = System.getenv("MAVEN_CENTRAL_USERNAME")
+        password = System.getenv("MAVEN_CENTRAL_PASSWORD")
       }
     }
   }
diff --git a/gradle/publish.gradle b/gradle/publish.gradle
index 3e3f9456aa9..e87776bd418 100644
--- a/gradle/publish.gradle
+++ b/gradle/publish.gradle
@@ -3,8 +3,8 @@ apply plugin: 'signing'
 
 /**
  * Proper publishing requires the following environment variables:
- * SONATYPE_USERNAME
- * SONATYPE_PASSWORD
+ * MAVEN_CENTRAL_USERNAME
+ * MAVEN_CENTRAL_PASSWORD
  * GPG_PRIVATE_KEY
  * GPG_PASSWORD
  */
@@ -81,8 +81,8 @@ gradle.taskGraph.whenReady { TaskExecutionGraph taskGraph ->
   if (taskGraph.hasTask(publish) || taskGraph.hasTask("publishToSonatype")) {
     assert project.findProperty("removeJarVersionNumbers") != true
     if (taskGraph.hasTask("publishToSonatype")) {
-      assert System.getenv("SONATYPE_USERNAME") != null
-      assert System.getenv("SONATYPE_PASSWORD") != null
+      assert System.getenv("MAVEN_CENTRAL_USERNAME") != null
+      assert System.getenv("MAVEN_CENTRAL_PASSWORD") != null
       if (isCI) {
         assert System.getenv("GPG_PRIVATE_KEY") != null
         assert System.getenv("GPG_PASSWORD") != null
diff --git a/gradle/repositories.gradle b/gradle/repositories.gradle
index 34738eacdc9..c649d2c9110 100644
--- a/gradle/repositories.gradle
+++ b/gradle/repositories.gradle
@@ -10,7 +10,7 @@ repositories {
     }
   }
   mavenCentral()
-  // add sonatype repository for snapshot dependencies
+  // add maven central repository for snapshot dependencies
   maven {
     content {
       includeGroup "com.datadoghq"

From 947a0b4668651d62ece5f0957c21c8c6a2c1db30 Mon Sep 17 00:00:00 2001
From: Sarah Chen <sarah.chen@datadoghq.com>
Date: Tue, 8 Jul 2025 11:40:04 -0400
Subject: [PATCH 2/2] Update credential names for pre-release-checks

---
 .gitlab-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 111bafd87f8..acd5b1eacbb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -198,11 +198,11 @@ pre-release-checks:
       allow_failure: false
   script:
     - |
-      SONATYPE_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
-      SONATYPE_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
+      MAVEN_CENTRAL_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
+      MAVEN_CENTRAL_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
       # See https://central.sonatype.org/publish/publish-portal-api/
       # 15e0cbbb-deff-421e-9e02-296a24d0cada is deployment, any deployment id listed in central  work, the idea is to check whether the token can authenticate
-      curl --request POST --include --fail https://central.sonatype.com/api/v1/publisher/status?id=15e0cbbb-deff-421e-9e02-296a24d0cada --header "Authorization: Bearer $(printf "$SONATYPE_USERNAME:$SONATYPE_PASSWORD" | base64)"
+      curl --request POST --include --fail https://central.sonatype.com/api/v1/publisher/status?id=15e0cbbb-deff-421e-9e02-296a24d0cada --header "Authorization: Bearer $(printf "$MAVEN_CENTRAL_USERNAME:$MAVEN_CENTRAL_PASSWORD" | base64)"
       if [ $? -ne 0 ]; then
         echo "Failed to authenticate against central. Check credentials, see https://datadoghq.atlassian.net/wiki/x/Oog5OgE"
         exit 1