Update MavenCentral documentation (#334)

travisrieglerleidos · web-flow · commit a3fe4dc462d4 · 2025-06-26T10:09:31.000-04:00
Updated the MavenCentral documentation by fixing minor typos,
fixing the table of contents links, adjusting the capitalization of some
words, and adding a few additional details for clarification.
diff --git a/documentation/MavenCentral.md b/documentation/MavenCentral.md
@@ -1,89 +1,92 @@
 # Deploying to Maven Central
-## Table of contents
+## Table of Contents
 1. [Introduction](#introduction)
-2. [Prerequisites](#Prerequisites)
-3. [GitHub Configuration](#GitHubConfiguration)
-    1. [GitHub Actions Secrets](#GitHubActionSecrets)
-        1. [List of Secrets](#GitHubActionSecretsList)
-        2. [Purpose of Each Secret](#GitHubActionSecretsPurpose)
-    2. [GitHub Actions Workflow](#GitHubActionsWorkflow)
-        1. [Workflow Description](#GitHubActionsWorkflowDescription)
-3. [Maven Pom File Configuration](#MavenConfig)
-    1. [Required Plugins](#MavenReqPlugins)
-    1. [Plugin Descriptions](#MavenReqPluginsDescriptions)
-    1. [Plugin Configurations](#MavenReqPluginsConfigurations)
+2. [Prerequisites](#prerequisites)
+3. [GitHub Configuration](#github-configuration)
+    1. [GitHub Actions Secrets](#github-actions-secrets)
+        1. [List of Secrets](#list-of-secrets)
+        2. [Purpose of Each Secret](#purpose-of-each-secret)
+    2. [GitHub Actions Workflow](#github-actions-workflow)
+        1. [Workflow Description](#workflow-description)
+3. [Maven POM File Configuration](#maven-pom-file-configuration)
+    1. [Required Plugins](#required-plugins)
+    2. [Plugin Descriptions](#plugin-descriptions)
+    3. [Plugin Configurations](#plugin-configurations)
 
 
 ## Introduction <a name="introduction"></a>
-Deploying to Maven Central is currently an automated process, but the steps are a bit of a black box that deserves some level of explanation in the event there is a need to update it or change it and the original author is no longer around.
+Deploying to Maven Central is currently an automated process, but the steps are a bit of a black box that deserve some level of explanation in the event there is a need to update it or change it and the original author is no longer around.
 
-## Prerequisites <a name="Prerequisites"></a>
+## Prerequisites <a name="prerequisites"></a>
 There are a couple things you will need to do before attempting to deploy to Maven Central.
 1.	You will need an account on Maven Central: https://central.sonatype.com/
-    1. You will also need to be added to the `gov.hhs.aspr.ms group`. To be added to the group, a current member of the group (currently Zach Bischoff, Shawn Hatch and David Durham) must send an email to central-support@sonatype.com requesting your account be added to the gov.hhs.aspr.ms group.
+    1. You will also need to be added to the `gov.hhs.aspr.ms` group. To be added to the group, a current member of the group (currently Zachary Bischoff, Shawn Hatch, and David Durham) must send an email to central-support@sonatype.com requesting your account be added to the `gov.hhs.aspr.ms` group.
     2.	You will need to generate a user token: https://central.sonatype.org/publish/generate-portal-token/
-    3.	You will need your maven central username. **NOTE** that this is *NOT* the username you sign in with. It is different. It will be displayed when you generate a token in the previous step
-2.	You need a signed pgp key. Instructions can be found here: https://central.sonatype.org/publish/requirements/gpg 
+    3.	You will need your Maven Central username. **NOTE** that this is *NOT* the username you sign in with. It is different. It will be displayed when you generate a token in the previous step
+2.	You need a signed PGP key. Instructions can be found here: https://central.sonatype.org/publish/requirements/gpg 
 
 
-## GitHub Configuration <a name="GitHubConfiguration"></a>
-### GitHub Actions Secrets <a name="GitHubActionSecrets"></a>
-#### List of Secrets <a name="GitHubActionSecretsList"></a>
-Each repository that we control has the following Secrets Defined under Settings -> Security -> Secrets and Variables -> Actions:
+## GitHub Configuration <a name="github-configuration"></a>
+### GitHub Actions Secrets <a name="github-actions-secrets"></a>
+#### List of Secrets <a name="list-of-secrets"></a>
+Each repository that we control has the following secrets defined under Settings -> Security -> Secrets and Variables -> Actions:
 
 1.	GHA_BOT
 2.	GPG_SECRET_KEY
 3.	GPG_SECRET_KEY_PASSWORD
 4.	MAVEN_CENTRAL_TOKEN
 5.	MAVEN_CENTRAL_USERNAME
-#### Purpose of Each Secret <a name="GitHubActionSecretsPurpose"></a>
+#### Purpose of Each Secret <a name="purpose-of-each-secret"></a>
 Each secret serves a purpose for enabling the auto deployment to Maven Central when a new version is pushed to the main branch.
 1.	GHA_BOT
-    - This is a Personal access token (Currently generated under Zach Bischoff’s github account) that allows an upstream GitHub Action workflow to commit and push to a downstream GitHub Repo. (ie Allows ASPR-8 GitHub Action to commit and push to aspr-ms-gcm-taskit repo)
+    - This is a Personal Access Token (currently generated under Zachary Bischoff’s GitHub account) that allows an upstream GitHub Actions workflow to commit and push to a downstream GitHub repo (i.e., allows ASPR-8 GitHub Actions workflows to commit and push to aspr-ms-gcm-taskit repo). Instructions can be found here: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token
 2.	GPG_SECRET_KEY
-    - From the prerequisites step 2, this is the secret key that you made. (Currently this is a key that Zachary Bischoff made, and it expires in 2027). This serves as the key to sign the artifacts from the maven build prior to uploading them to Maven Central. The signing of the artifacts is REQUIRED.
+    - From the prerequisites step 2, this is the secret key that you made. (Currently this is a key that Zachary Bischoff made, and it expires in 2027). This serves as the key to sign the artifacts from the Maven build prior to uploading them to Maven Central. The signing of the artifacts is REQUIRED.
 3.	GPG_SECRET_KEY_PASSWORD
     - Same as above, but the signing key requires a password, and that is the value of this field. The current password is known by Zachary Bischoff. The password is unique to the specific secret key but can be the same over various keys.
 4.	MAVEN_CENTRAL_TOKEN
-    - The user token from prerequisites step 1b. Currently this is generated by Zachary Bischoff. This serves as the password for authenticating to Maven Central for purposes of publishing.
+    - The user token from prerequisites step 1.ii. Currently this is generated by Zachary Bischoff. This serves as the password for authenticating to Maven Central for purposes of publishing.
 5.	MAVEN_CENTRAL_USERNAME
-    - The username from prerequisites step 1c. Currently this is generated by Zachary Bischoff. This serves as the username for authenticating to Maven Central for purposes of publishing.
+    - The username from prerequisites step 1.iii. Currently this is generated by Zachary Bischoff. This serves as the username for authenticating to Maven Central for purposes of publishing.
 
 
-### GitHub Actions Workflow <a name="GitHubActionsWorkflow"></a>
-When pushing a new version to the main branch, a Github action workflow runs. This action is defined in the `.github/workflows/release_build.yml` file in the repo.
-#### Workflow Description <a name="GitHubActionsWorkflowDescription"></a>
+### GitHub Actions Workflow <a name="github-actions-workflow"></a>
+When pushing a new version to the main branch, a GitHub Actions workflow runs. This workflow is defined in the `.github/workflows/release_build.yml` file in the repo.
+#### Workflow Description <a name="workflow-description"></a>
 The workflow does the following, in the following order:
 1. Checkout the repo on the main branch
-2. Setup up Java and Maven
+2. Set up Java and Maven
     - This includes setting the MAVEN_CENTRAL_TOKEN, MAVEN_CENTRAL_USERNAME, GPG_SECRET_KEY and GPG_SECRET_KEY_PASSWORD
-3. run the command `mvn deploy -Pjavadoc,sign --file pom.xml`
+3. Run the command `mvn clean deploy -Pjavadoc,sign --file pom.xml`
+    - clean will remove previous build artifacts, ensuring a clean slate for the current build
     - deploy will trigger the deployment to Maven Central
-    - -Pjavadoc will generate javadocs, this is required for Maven Central Deployment
-    - -Psign will sign all of the generated files, this is required for Maven Central Deployment
-    - --file just signifies which pom file to run the maven command against, in this case, the pom.xml in the root directory of the repo
-4. Get the version of the software and save it to an enviroment variable by running the command `echo "version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file pom.xml)" >> "$GITHUB_ENV"`
-5. Create a Github Release using the version from step 4 and the files generated by step 3.
+    - -Pjavadoc will generate javadocs, this is required for Maven Central deployment
+    - -sign will sign all of the generated files, this is required for Maven Central deployment
+    - --file just signifies which POM file to run the Maven command against, in this case, the pom.xml in the root directory of the repo
+4. Get the version of the software and save it to an environment variable by running the command `echo "version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file pom.xml)" >> "$GITHUB_ENV"`
+5. Create a GitHub Release using the version from step 4 and the files generated by step 3.
 
-## Maven Pom File Configuration <a name="MavenConfig"></a>
-### Required Plugins <a name="MavenReqPlugins"></a>
-To Deploy to Maven Central, you need the Plugins defined in the publish requirements on https://central.sonatype.org/publish/requirements. At a minimum you need the `maven-gpg-plugin`, `maven-javadoc-plugin`, `maven-source-plugin` and `central-publishing-maven-plugin`. The `flatten-maven-plugin` is helpful but not required.
-### Plugin Descriptions <a name="MavenReqPluginsDescriptions"></a>
-- `flatten-maven-plugin` creates a flattened version of the pom file, with all dependencies including transitive dependencies 
-- `maven-source-plugin` creates the sources jar file
-- `maven-javadoc-plugin` creates the javadoc jar file
-- `maven-gpg-plugin` signs all created files, jar, source jar, javadoc jar, and pom file
-### Plugin Configurations <a name="MavenReqPluginsConfigurations"></a>
-- `flatten-maven-plugin` use the `<flattenMode>ossrh</flattenMode>` to create a pom file adequate for deployment to Maven Central
-- `maven-source-plugin` use the goal `jar-no-fork`
-- `maven-javadoc-plugin` use `<doclint>all,-missing</doclint>`, add any additional dependencies and add the following:
+## Maven POM File Configuration <a name="maven-pom-file-configuration"></a>
+### Required Plugins <a name="required-plugins"></a>
+To deploy to Maven Central, you need to meet the publishing requirements defined at https://central.sonatype.org/publish/requirements. At a minimum, you will need the `maven-source-plugin`, `maven-javadoc-plugin`, `maven-gpg-plugin`, and `central-publishing-maven-plugin`. The `flatten-maven-plugin` is helpful but not required.
+### Plugin Descriptions <a name="plugin-descriptions"></a>
+- `flatten-maven-plugin` creates a flattened version of the POM file, with all dependencies including transitive dependencies 
+- `maven-source-plugin` creates the sources JAR file
+- `maven-javadoc-plugin` creates the Javadoc JAR file
+- `maven-gpg-plugin` signs all created files: main JAR, sources JAR, Javadoc JAR, and POM file
+- `central-publishing-maven-plugin` publishes all signed files to Maven Central
+### Plugin Configurations <a name="plugin-configurations"></a>
+- `flatten-maven-plugin` use the `<flattenMode>ossrh</flattenMode>` to create a POM file adequate for deployment to Maven Central
+- `maven-source-plugin` use the goal `jar-no-fork` to create the sources JAR without starting a separate build process
+- `maven-javadoc-plugin`
+    - use `<doclint>all,-missing</doclint>` to validate all existing javadocs and not generate warnings for missing javadocs
+    - add any additional dependencies, like `junit-jupiter-api` (which prevents Javadoc errors related to JUnit)
+    - add the following to ensure that as many errors and warnings are found as possible in a single execution:
     ```
     <additionalJOptions>
         <additionalJOption>-Xmaxerrs</additionalJOption>
         <additionalJOption>65536</additionalJOption>
         <additionalJOption>-Xmaxwarns</additionalJOption>
         <additionalJOption>65536</additionalJOption>
     </additionalJOptions>
-    ```
-    To esnure that as many errors and warnings are found as possible in a single execution
-
+    ```
