Skip to content

Commit 9b52694

Browse files
Merge pull request #120 from bernardladenthin/claude/sonatype-central-portal
chore: migrate CI to unified publish.yml with Sonatype Central Portal
2 parents ccae345 + 001097d commit 9b52694

3 files changed

Lines changed: 78 additions & 44 deletions

File tree

.github/workflows/codeql.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: CodeQL
2+
on:
3+
push:
4+
branches: [main]
5+
pull_request:
6+
branches: [main]
7+
schedule:
8+
- cron: "12 1 * * 0"
9+
jobs:
10+
analyze:
11+
runs-on: ubuntu-latest
12+
permissions:
13+
actions: read
14+
contents: read
15+
security-events: write
16+
steps:
17+
- uses: actions/checkout@v6
18+
- uses: actions/setup-java@v5
19+
with: { java-version: '8', distribution: zulu }
20+
- uses: github/codeql-action/init@v4
21+
with: { languages: java, queries: +security-and-quality }
22+
- uses: github/codeql-action/autobuild@v4
23+
- uses: github/codeql-action/analyze@v4
24+
with: { category: "/language:java" }
Lines changed: 47 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
name: Build, Test and Release
1+
name: Publish
22
on:
33
push:
4-
branches: [ master ]
4+
branches: [ main ]
5+
tags: ['v*']
56
pull_request:
67
workflow_dispatch:
78
inputs:
@@ -10,11 +11,9 @@ on:
1011
required: false
1112
default: 'false'
1213
enable_cuda_build:
13-
description: 'Compile CUDA artifacts (slow — nvcc install + build). Auto-enabled on release events.'
14+
description: 'Compile CUDA artifacts (slow — nvcc install + build). Auto-enabled on tag pushes.'
1415
required: false
1516
default: 'false'
16-
release:
17-
types: [ created ]
1817
env:
1918
MODEL_URL: "https://huggingface.co/TheBloke/CodeLlama-7B-GGUF/resolve/main/codellama-7b.Q2_K.gguf"
2019
MODEL_NAME: "codellama-7b.Q2_K.gguf"
@@ -49,7 +48,7 @@ jobs:
4948
id: build
5049
shell: bash
5150
run: |
52-
if [[ "${{ github.event_name }}" == "release" || "${{ github.event.inputs.enable_cuda_build }}" == "true" ]]; then
51+
if [[ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" || "${{ github.event.inputs.enable_cuda_build }}" == "true" ]]; then
5352
.github/dockcross/dockcross-manylinux_2_28-x64 .github/build_cuda_linux.sh "-DOS_NAME=Linux -DOS_ARCH=x86_64"
5453
echo "built=true" >> "$GITHUB_OUTPUT"
5554
else
@@ -588,59 +587,46 @@ jobs:
588587
path: target/*.jar
589588

590589
publish-snapshot:
591-
name: Publish Snapshot to GitHub Releases and GitHub Packages
590+
name: Publish Snapshot to Central
592591
needs: [ package ]
593-
if: github.event_name != 'pull_request' && needs.package.result == 'success'
592+
if: >-
593+
(github.event_name == 'push' && github.ref == 'refs/heads/main') ||
594+
github.event_name == 'workflow_dispatch'
594595
runs-on: ubuntu-latest
595-
permissions:
596-
contents: write
597-
packages: write
596+
environment: maven-central
598597
steps:
599598
- uses: actions/checkout@v6
600599
- uses: actions/download-artifact@v8
601600
with:
602601
name: llama-jars
603602
path: snapshot-jars/
604-
- name: Publish rolling snapshot release
605-
env:
606-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
607-
GH_REPO: ${{ github.repository }}
608-
run: |
609-
gh release delete snapshot --yes --cleanup-tag || true
610-
gh release create snapshot snapshot-jars/*.jar \
611-
--title "Snapshot Build" \
612-
--notes "Snapshot from ${{ github.sha }} — ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
613-
--prerelease \
614-
--target ${{ github.sha }}
615-
- name: Set up Maven for GitHub Packages
616-
uses: actions/setup-java@v5
603+
- uses: actions/setup-java@v5
617604
with:
618-
distribution: 'zulu'
619605
java-version: '8'
620-
server-id: github
621-
server-username: GITHUB_ACTOR
622-
server-password: GITHUB_TOKEN
623-
- name: Delete snapshot package from GitHub Packages
624-
env:
625-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
626-
run: gh api --method DELETE /user/packages/maven/net.ladenthin.llama || true
627-
- name: Publish to GitHub Packages
628-
env:
629-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
606+
distribution: zulu
607+
server-id: central
608+
server-username: MAVEN_USERNAME
609+
server-password: MAVEN_PASSWORD
610+
- name: Deploy snapshot
630611
run: |
631612
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
632613
mvn --batch-mode deploy:deploy-file \
633-
-Durl=https://maven.pkg.github.com/${{ github.repository }} \
634-
-DrepositoryId=github \
614+
-Durl=https://central.sonatype.com/repository/maven-snapshots \
615+
-DrepositoryId=central \
635616
-Dfile=snapshot-jars/llama-${VERSION}.jar \
636617
-DpomFile=pom.xml \
637618
-Dsources=snapshot-jars/llama-${VERSION}-sources.jar \
638619
-Djavadoc=snapshot-jars/llama-${VERSION}-javadoc.jar
620+
env:
621+
MAVEN_USERNAME: ${{ secrets.CENTRAL_USERNAME }}
622+
MAVEN_PASSWORD: ${{ secrets.CENTRAL_TOKEN }}
639623

640-
publish:
641-
if: ${{ github.event_name == 'release' || (github.event.inputs.release_to_maven_central == 'true' && needs.crosscompile-linux-x86_64-cuda.outputs.built == 'true') }}
624+
publish-release:
625+
name: Publish Release to Central
626+
if: startsWith(github.ref, 'refs/tags/v') || github.event.inputs.release_to_maven_central == 'true'
642627
needs: [ package, crosscompile-linux-x86_64-cuda ]
643628
runs-on: ubuntu-latest
629+
environment: maven-central
644630
steps:
645631
- uses: actions/checkout@v6
646632
- uses: actions/download-artifact@v8
@@ -658,14 +644,31 @@ jobs:
658644
with:
659645
java-version: '17'
660646
distribution: 'zulu'
661-
server-id: ossrh
647+
server-id: central
662648
server-username: MAVEN_USERNAME
663649
server-password: MAVEN_PASSWORD
664-
gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}
650+
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
665651
gpg-passphrase: MAVEN_GPG_PASSPHRASE
666-
- name: Publish package
652+
- name: Publish release
667653
run: mvn --batch-mode -P release -Dmaven.test.skip=true deploy
668654
env:
669-
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
670-
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
655+
MAVEN_USERNAME: ${{ secrets.CENTRAL_USERNAME }}
656+
MAVEN_PASSWORD: ${{ secrets.CENTRAL_TOKEN }}
671657
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
658+
659+
post-publish:
660+
name: Post-Publish
661+
needs: [package, publish-snapshot, publish-release]
662+
if: >-
663+
always() &&
664+
needs.package.result == 'success' &&
665+
(needs.publish-snapshot.result == 'success' ||
666+
needs.publish-release.result == 'success')
667+
runs-on: ubuntu-latest
668+
permissions:
669+
contents: write
670+
steps:
671+
- uses: actions/checkout@v6
672+
- uses: actions/setup-java@v5
673+
with: { java-version: '8', distribution: zulu }
674+
- uses: advanced-security/maven-dependency-submission-action@v5

pom.xml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@
3434
<url>https://github.com/bernardladenthin/java-llama.cpp/tree/master</url>
3535
</scm>
3636

37+
<distributionManagement>
38+
<snapshotRepository>
39+
<id>central</id>
40+
<url>https://central.sonatype.com/repository/maven-snapshots/</url>
41+
</snapshotRepository>
42+
</distributionManagement>
43+
3744
<properties>
3845
<jna.version>5.18.1</jna.version>
3946
<junit.version>4.13.2</junit.version>

0 commit comments

Comments
 (0)