feat(gha): Configure publishing to Maven Central

.github/workflows/release.yml

@@ -228,8 +228,8 @@ jobs:
           TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
           TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
 
-  release_maven:
-    name: Release to GitHub Packages (Maven)
+  release_maven_github_packages:
+    name: Release Maven (GitHub Packages)
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -259,6 +259,39 @@ jobs:
           MAVEN_REPOSITORY_URL: "https://maven.pkg.github.com/${{ github.repository }}"
           MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" # See https://stackoverflow.com/questions/70153962/nexus-staging-maven-plugin-maven-deploy-failed-an-api-incompatibility-was-enco
 
+  release_maven_central:
+    name: Release Maven (Central)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs:
+      - prepare-release
+      - integration_test
+      - provider_integration_test
+      - unit_test
+    if: needs.prepare-release.outputs.release_status == 'unreleased'
+    container:
+      image: terraconstructs/jsii-terraform@sha256:4942a4c6ed8286f403c7855dab56b0e11f9a7115e7e0afbcd49d7e69de4d6dc0
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        with:
+          name: dist
+          path: dist
+      - name: ensure correct user
+        run: chown -R root /__w/cdk-terrain
+      - name: Release
+        run: npx -p publib publib-maven
+        env:
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+          MAVEN_ENDPOINT: https://central.sonatype.com
+          MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }}
+          MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }}
+          MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" # See https://stackoverflow.com/questions/70153962/nexus-staging-maven-plugin-maven-deploy-failed-an-api-incompatibility-was-enco
+
   release_nuget:
     name: Release to NuGet
     runs-on: ubuntu-latest
@@ -353,7 +386,8 @@ jobs:
       - prepare-release
       - release_github
       - release_golang
-      - release_maven
+      - release_maven_github_packages
+      - release_maven_central
       - release_npm
       - release_nuget
       - release_pypi

.github/workflows/release_next.yml

@@ -201,8 +201,8 @@ jobs:
           TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
           TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
 
-  release_maven:
-    name: Release to GitHub Packages (Maven)
+  release_maven_github_packages:
+    name: Release Maven (GitHub Packages)
     needs:
       - prepare-release
       - integration_test
@@ -231,6 +231,38 @@ jobs:
           MAVEN_REPOSITORY_URL: "https://maven.pkg.github.com/${{ github.repository }}"
           MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" # See https://stackoverflow.com/questions/70153962/nexus-staging-maven-plugin-maven-deploy-failed-an-api-incompatibility-was-enco
 
+  release_maven_central:
+    name: Release Maven (Central)
+    needs:
+      - prepare-release
+      - integration_test
+      - provider_integration_test
+      - unit_test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    container:
+      image: terraconstructs/jsii-terraform@sha256:4942a4c6ed8286f403c7855dab56b0e11f9a7115e7e0afbcd49d7e69de4d6dc0
+    steps:
+      - name: Download dist
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        with:
+          name: dist
+          path: dist
+      - name: ensure correct user
+        run: chown -R root /__w/cdk-terrain
+      - name: Release
+        run: npx -p publib publib-maven
+        env:
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_ENDPOINT: https://hashicorp.oss.sonatype.org
+          MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }}
+          MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }}
+          MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" # See https://stackoverflow.com/questions/70153962/nexus-staging-maven-plugin-maven-deploy-failed-an-api-incompatibility-was-enco
+
   release_nuget:
     name: Release to NuGet
     needs:
@@ -319,7 +351,8 @@ jobs:
       - linting
       - prepare-release
       - release_golang
-      - release_maven
+      - release_maven_github_packages
+      - release_maven_central
       - release_npm
       - release_nuget
       - release_pypi