From d2d55b525604a224627bdf75aeff025ea649c39f Mon Sep 17 00:00:00 2001
From: alzimmermsft <48699787+alzimmermsft@users.noreply.github.com>
Date: Fri, 20 Dec 2024 14:47:54 -0500
Subject: [PATCH] Fix Publish to Java Dev Feed

---
 eng/scripts/Publish-MavenPackages.ps1 | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/eng/scripts/Publish-MavenPackages.ps1 b/eng/scripts/Publish-MavenPackages.ps1
index 9a67be8bf9ddc..7c2d59d6c0a6b 100644
--- a/eng/scripts/Publish-MavenPackages.ps1
+++ b/eng/scripts/Publish-MavenPackages.ps1
@@ -147,14 +147,11 @@ foreach ($packageDetail in $packageDetails) {
   $gpgexeOption = "-Dgpgexe=$GPGExecutablePath"
   Write-Information "GPG Executable Option is: $gpgexeOption"
 
-  $gpgPluginVersion = . $PSScriptRoot\Get-ExternalDependencyVersion.ps1 -GroupId 'org.apache.maven.plugins' -ArtifactId 'maven-gpg-plugin'
-  if ($LASTEXITCODE) {
-    Write-Information "##vso[task.logissue type=error]Unable to resolve version of external dependency 'org.apache.maven.plugins:maven-gpg-plugin'"
-    exit $LASTEXITCODE
-  }
-
-  $gpgSignAndDeployWithVer = "org.apache.maven.plugins:maven-gpg-plugin:$gpgPluginVersion`:sign-and-deploy-file"
-
+  # Just hard code the maven-gpg-plugin version rather than the previous logic where it determined it based on values
+  # in /eng/versions/external_dependencies.txt. This will prevent an issue with new scripts that remove unused
+  # dependencies (which this usage wouldn't be considered one) and from an errant update to the version breaking this
+  # release. Effectively, the usage is unique enough here to be handled separately from our normal dependency management.
+  $gpgSignAndDeployWithVer = "org.apache.maven.plugins:maven-gpg-plugin:3.2.7:sign-and-deploy-file"
 
   if ($requiresLocalGpg) {
     $localRepositoryDirectory = Get-RandomRepositoryDirectory