feat(gha): Configure publishing to Maven Central#63
feat(gha): Configure publishing to Maven Central#63krzema12 wants to merge 1 commit intoopen-constructs:mainfrom
Conversation
krzema12
changed the title
jsteinich
left a comment
jsteinich
left a comment
There was a problem hiding this comment.
The release workflow handles the actual release builds while release_next covers the pre-release. There's likely some restructuring we could do to remove some duplication; however, there are some differences in the two jobs.
Publishing to both is fine, though I'm not sure how necessary it is at this stage. I would generally expect users to allow maven central by default which would still pick up the new version.
| permissions: | ||
| contents: read | ||
| packages: write |
There was a problem hiding this comment.
The extra permissions aren't needed for a release to maven central
so0k
left a comment
so0k
left a comment
There was a problem hiding this comment.
I will set secrets on the repo and push a commit with fixes for the review comments
| env: | ||
| MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | ||
| MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | ||
| MAVEN_ENDPOINT: https://hashicorp.oss.sonatype.org |
There was a problem hiding this comment.
| MAVEN_ENDPOINT: https://hashicorp.oss.sonatype.org | |
| MAVEN_ENDPOINT: https://central.sonatype.com |
There was a problem hiding this comment.
but actually
| MAVEN_ENDPOINT: https://hashicorp.oss.sonatype.org | |
| MAVEN_ID: central-ossrh |
as per cdklabs/publib#1667
| MAVEN_ENDPOINT: https://hashicorp.oss.sonatype.org | ||
| MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | ||
| MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }} | ||
| MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} |
There was a problem hiding this comment.
| MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} |
MAVEN_STAGING_PROFILE_ID not needed for central-ossrh
|
Thanks for getting this started @krzema12! I've pushed a fix commit on top of yours and opened #64 which addresses the review feedback and consolidates the approach:
All 4 required secrets ( |
## Summary Builds on #63 by @krzema12 — replaces the GitHub Packages Maven job with Maven Central publishing instead of adding a second job alongside it (consistent with the NuGet.org restoration in #50). - **Replace** (not add alongside) the GitHub Packages Maven job - Use `MAVEN_SERVER_ID=central-ossrh` ([publib #1667](cdklabs/publib#1667)) instead of `MAVEN_ENDPOINT` - Remove unnecessary `permissions: packages: write` - Remove `MAVEN_STAGING_PROFILE_ID` (not needed for `central-ossrh`) - Fix inconsistent `MAVEN_ENDPOINT` between release.yml (`central.sonatype.com`) and release_next.yml (`hashicorp.oss.sonatype.org`) ### Required secrets All 4 secrets have been deployed via IaC: | Secret | Status | |--------|--------| | `MAVEN_USERNAME` | Deployed | | `MAVEN_PASSWORD` | Deployed | | `MAVEN_GPG_PRIVATE_KEY` | Deployed | | `MAVEN_GPG_PRIVATE_KEY_PASSPHRASE` | Deployed | Closes #13 ## Test plan - [x] Generate GPG key (RSA 4096), publish to `keyserver.ubuntu.com` - [x] Deploy all 4 secrets via terraform apply - [ ] Merge and verify first release publishes to `https://central.sonatype.com/artifact/io.cdktn/cdktn` 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Piotr Krzeminski <git@krzeminski.it> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
don't know why the merged commits didn't auto tag this PR as merged :/ |
3 participants
Related issue
Part of #13.
Description
This PR adds a new job for releasing Maven artifacts to Maven Central.
Why the current job that publishes to GitHub Packages isn't modified instead:
These new parts are a blend of a copied job for GitHub Packages, and the
Releasestep from before the renaming PR (https://raw.githubusercontent.com/open-constructs/cdk-terrain/a61d9aeef7d821756f8a2fa92f83127b45d01aa6/.github/workflows/release.yml and https://raw.githubusercontent.com/open-constructs/cdk-terrain/a61d9aeef7d821756f8a2fa92f83127b45d01aa6/.github/workflows/release_next.yml).BTW, I'm struggling to understand why there are 2 workflows: release and release_next. I updated both.
Checklist