-
Notifications
You must be signed in to change notification settings - Fork 3
Update Maven configuration for Central Repository publishing #116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
fde130d
d6a79d0
9ee7315
975e39f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| version: 2 | ||
| updates: | ||
| - package-ecosystem: "maven" | ||
| directory: "/" | ||
| schedule: | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good addition! Weekly dependency updates for Maven dependencies and GitHub Actions. Note: This PR's pom.xml changes require careful testing in CI. The workflow (.github/workflows/release.yaml) was not updated to match the new Central Publishing Maven Plugin configuration - there's a critical mismatch between the pom.xml and workflow that will cause release builds to fail. Be sure to coordinate the workflow updates before merging this PR or releasing. |
||
| interval: "weekly" | ||
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,35 +17,23 @@ | |
| <license> | ||
| <name>MIT License</name> | ||
| <url>https://www.opensource.org/licenses/mit-license.php</url> | ||
| <distribution>repo</distribution> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ✅ Good Addition: License Distribution Tag Adding There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch - adding This setting indicates the license is available from the Maven Central repository (as opposed to manual/external distribution). It's one of the requirements for publishing to Maven Central. |
||
| </license> | ||
| </licenses> | ||
|
|
||
| <developers> | ||
| <developer> | ||
| <name>Bernard Ladenthin</name> | ||
|
|
||
| <organizationUrl>https://github.com/bernardladenthin</organizationUrl> | ||
| </developer> | ||
| </developers> | ||
|
|
||
| <scm> | ||
| <connection>scm:git:git://github.com/kherud/java-llama.cpp.git</connection> | ||
| <developerConnection>scm:git:ssh://github.com:bernardladenthin/java-llama.cpp.git</developerConnection> | ||
| <connection>scm:git:https://github.com/bernardladenthin/java-llama.cpp.git</connection> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security improvement: SCM URLs changed from mixed protocols (git://, ssh://) to consistent HTTPS. The original configuration used:
New configuration uses:
This is more secure and compatible with Maven Central requirements. HTTPS is the recommended protocol for Maven Central artifacts. |
||
| <developerConnection>scm:git:https://github.com/bernardladenthin/java-llama.cpp.git</developerConnection> | ||
|
Comment on lines
+32
to
+33
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The original
If this is intentional (e.g., project maintenance transferred): proceed, but document the change in commit history. If not intentional: Consider keeping the upstream URL as the canonical source while using the personal fork for |
||
| <url>https://github.com/bernardladenthin/java-llama.cpp/tree/master</url> | ||
| </scm> | ||
|
|
||
| <distributionManagement> | ||
| <snapshotRepository> | ||
| <id>ossrh</id> | ||
| <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url> | ||
| </snapshotRepository> | ||
| <repository> | ||
| <id>ossrh</id> | ||
| <url> | ||
| https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url> | ||
| </repository> | ||
| </distributionManagement> | ||
|
|
||
| <properties> | ||
| <jna.version>5.18.1</jna.version> | ||
| <junit.version>4.13.2</junit.version> | ||
|
|
@@ -62,13 +50,13 @@ | |
| <dependency> | ||
| <groupId>org.jetbrains</groupId> | ||
| <artifactId>annotations</artifactId> | ||
| <version>24.1.0</version> | ||
| <version>26.1.0</version> | ||
| <scope>compile</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>com.fasterxml.jackson.core</groupId> | ||
| <artifactId>jackson-databind</artifactId> | ||
| <version>2.21.2</version> | ||
| <version>2.21.3</version> | ||
| </dependency> | ||
| </dependencies> | ||
|
|
||
|
|
@@ -77,7 +65,7 @@ | |
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-compiler-plugin</artifactId> | ||
| <version>3.13.0</version> | ||
| <version>3.15.0</version> | ||
| <configuration> | ||
| <source>1.8</source> | ||
| <target>1.8</target> | ||
|
|
@@ -104,7 +92,7 @@ | |
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-resources-plugin</artifactId> | ||
| <version>3.3.1</version> | ||
| <version>3.5.0</version> | ||
| <executions> | ||
| <!-- Copy custom cuda libs to the output directory --> | ||
| <execution> | ||
|
|
@@ -132,7 +120,7 @@ | |
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-source-plugin</artifactId> | ||
| <version>3.3.0</version> | ||
| <version>3.4.0</version> | ||
| <executions> | ||
| <execution> | ||
| <id>attach-sources</id> | ||
|
|
@@ -145,7 +133,7 @@ | |
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-javadoc-plugin</artifactId> | ||
| <version>3.5.0</version> | ||
| <version>3.12.0</version> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Version bump from 3.5.0 → 3.12.0 is a significant jump. This plugin was previously at 3.5.0, now 3.12.0. Good news: This update is a stable release, not a beta. However, with such a version jump (3.5 → 3.12), ensure:
The corresponding update in the main build section is the same version, so at least they're consistent now. |
||
| <configuration> | ||
| <source>1.8</source> | ||
| </configuration> | ||
|
|
@@ -166,35 +154,42 @@ | |
| <id>release</id> | ||
| <build> | ||
| <plugins> | ||
| <plugin> | ||
| <groupId>org.sonatype.plugins</groupId> | ||
| <artifactId>nexus-staging-maven-plugin</artifactId> | ||
| <version>1.6.13</version> | ||
| <extensions>true</extensions> | ||
| <configuration> | ||
| <serverId>ossrh</serverId> | ||
| <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> | ||
| <autoReleaseAfterClose>true</autoReleaseAfterClose> | ||
| </configuration> | ||
| </plugin> | ||
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-gpg-plugin</artifactId> | ||
| <version>3.1.0</version> | ||
| <version>3.2.8</version> | ||
| <executions> | ||
| <execution> | ||
| <id>sign-artifacts</id> | ||
| <phase>verify</phase> | ||
| <goals> | ||
| <goal>sign</goal> | ||
| </goals> | ||
| <goals><goal>sign</goal></goals> | ||
| <configuration> | ||
| <keyname>${gpg.keyname}</keyname> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical Issue: The pom.xml references
The Fix: Either:
Note: The property should be the GPG key ID (usually the last 16 hex characters of the fingerprint) |
||
| <gpgArguments> | ||
| <arg>--pinentry-mode</arg> | ||
| <arg>loopback</arg> | ||
| </gpgArguments> | ||
|
Comment on lines
+166
to
+171
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. GPG Configuration - Documentation Needed: The
Recommendation: Add a comment or update documentation (CONTRIBUTING.md or README) with these requirements for maintainers setting up release builds. |
||
| </configuration> | ||
|
Comment on lines
+166
to
+172
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📝 CI/CD Configuration Note The
Example CI command:
Comment on lines
+166
to
+172
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📋 GPG Configuration - Missing Documentation The GPG signing configuration references
Recommendation: Add a comment above this configuration block documenting where the Example CI/CD usage: mvn deploy -P release -Dgpg.keyname=${{ secrets.GPG_KEYNAME }} |
||
| </execution> | ||
| </executions> | ||
| </plugin> | ||
|
|
||
| <plugin> | ||
| <groupId>org.sonatype.central</groupId> | ||
| <artifactId>central-publishing-maven-plugin</artifactId> | ||
| <version>0.10.0</version> | ||
| <extensions>true</extensions> | ||
| <configuration> | ||
| <publishingServerId>central</publishingServerId> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical Issue: The pom.xml now uses The Central Publishing Maven Plugin will look for a server named Fix: Update .github/workflows/release.yaml publish job:
Reference: https://central.sonatype.org/publish/publish-maven/ for complete setup instructions |
||
| <autoPublish>true</autoPublish> | ||
| <waitUntil>published</waitUntil> | ||
| </configuration> | ||
|
Comment on lines
+182
to
+186
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Central Publishing Maven Plugin Configuration: The migration from OSSRH to Sonatype Central Portal is correct and uses appropriate configuration: ✅ Note: Users will need to configure credentials in <server>
<id>central</id>
<username>SONATYPE_USERNAME</username>
<password>SONATYPE_PASSWORD</password>
</server>This should be documented for contributors who need to perform releases. Also ensure CI/CD credentials are properly scoped to this server ID. |
||
| </plugin> | ||
|
|
||
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-jar-plugin</artifactId> | ||
| <version>3.4.2</version> | ||
| <version>3.5.0</version> | ||
| <executions> | ||
| <!-- Pick class files AND libs from custom output | ||
| directory --> | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✅ Good Addition: Dependabot Configuration
This Dependabot setup is well-configured for automated dependency updates. A few notes:
Optional enhancement: Consider setting
open-pull-requests-limitif you want to limit concurrent PRs:Also consider adding labels or assignees to make PRs easier to manage:
These are optional but helpful for managing many dependency updates.