-
Notifications
You must be signed in to change notification settings - Fork 3
Update Maven configuration for Central Repository publishing #116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
fde130d
d6a79d0
9ee7315
975e39f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,35 +17,23 @@ | |
| <license> | ||
| <name>MIT License</name> | ||
| <url>https://www.opensource.org/licenses/mit-license.php</url> | ||
| <distribution>repo</distribution> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch - adding This setting indicates the license is available from the Maven Central repository (as opposed to manual/external distribution). It's one of the requirements for publishing to Maven Central. |
||
| </license> | ||
| </licenses> | ||
|
|
||
| <developers> | ||
| <developer> | ||
| <name>Bernard Ladenthin</name> | ||
|
|
||
| <organizationUrl>https://github.com/bernardladenthin</organizationUrl> | ||
| </developer> | ||
| </developers> | ||
|
|
||
| <scm> | ||
| <connection>scm:git:git://github.com/kherud/java-llama.cpp.git</connection> | ||
| <developerConnection>scm:git:ssh://github.com:bernardladenthin/java-llama.cpp.git</developerConnection> | ||
| <connection>scm:git:https://github.com/bernardladenthin/java-llama.cpp.git</connection> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security improvement: SCM URLs changed from mixed protocols (git://, ssh://) to consistent HTTPS. The original configuration used:
New configuration uses:
This is more secure and compatible with Maven Central requirements. HTTPS is the recommended protocol for Maven Central artifacts. |
||
| <developerConnection>scm:git:https://github.com/bernardladenthin/java-llama.cpp.git</developerConnection> | ||
|
Comment on lines
+32
to
+33
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The original
If this is intentional (e.g., project maintenance transferred): proceed, but document the change in commit history. If not intentional: Consider keeping the upstream URL as the canonical source while using the personal fork for |
||
| <url>https://github.com/bernardladenthin/java-llama.cpp/tree/master</url> | ||
| </scm> | ||
|
|
||
| <distributionManagement> | ||
| <snapshotRepository> | ||
| <id>ossrh</id> | ||
| <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url> | ||
| </snapshotRepository> | ||
| <repository> | ||
| <id>ossrh</id> | ||
| <url> | ||
| https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url> | ||
| </repository> | ||
| </distributionManagement> | ||
|
|
||
| <properties> | ||
| <jna.version>5.18.1</jna.version> | ||
| <junit.version>4.13.2</junit.version> | ||
|
|
@@ -167,30 +155,61 @@ | |
| <build> | ||
| <plugins> | ||
| <plugin> | ||
| <groupId>org.sonatype.plugins</groupId> | ||
| <artifactId>nexus-staging-maven-plugin</artifactId> | ||
| <version>1.6.13</version> | ||
| <extensions>true</extensions> | ||
| <configuration> | ||
| <serverId>ossrh</serverId> | ||
| <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> | ||
| <autoReleaseAfterClose>true</autoReleaseAfterClose> | ||
| </configuration> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-source-plugin</artifactId> | ||
| <version>3.3.1</version> | ||
| <executions> | ||
| <execution> | ||
| <id>attach-sources</id> | ||
| <goals><goal>jar-no-fork</goal></goals> | ||
| </execution> | ||
| </executions> | ||
| </plugin> | ||
|
|
||
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-javadoc-plugin</artifactId> | ||
| <version>3.11.2</version> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Consider:
|
||
| <executions> | ||
| <execution> | ||
| <id>attach-javadocs</id> | ||
| <goals><goal>jar</goal></goals> | ||
| </execution> | ||
| </executions> | ||
| </plugin> | ||
|
|
||
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-gpg-plugin</artifactId> | ||
| <version>3.1.0</version> | ||
| <version>3.2.7</version> | ||
| <executions> | ||
| <execution> | ||
| <id>sign-artifacts</id> | ||
| <phase>verify</phase> | ||
| <goals> | ||
| <goal>sign</goal> | ||
| </goals> | ||
| <goals><goal>sign</goal></goals> | ||
| <configuration> | ||
| <keyname>${gpg.keyname}</keyname> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical Issue: The pom.xml references
The Fix: Either:
Note: The property should be the GPG key ID (usually the last 16 hex characters of the fingerprint) |
||
| <gpgArguments> | ||
| <arg>--pinentry-mode</arg> | ||
| <arg>loopback</arg> | ||
| </gpgArguments> | ||
|
Comment on lines
+166
to
+171
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. GPG Configuration - Documentation Needed: The
Recommendation: Add a comment or update documentation (CONTRIBUTING.md or README) with these requirements for maintainers setting up release builds. |
||
| </configuration> | ||
|
Comment on lines
+166
to
+172
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📝 CI/CD Configuration Note The
Example CI command:
Comment on lines
+166
to
+172
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📋 GPG Configuration - Missing Documentation The GPG signing configuration references
Recommendation: Add a comment above this configuration block documenting where the Example CI/CD usage: mvn deploy -P release -Dgpg.keyname=${{ secrets.GPG_KEYNAME }} |
||
| </execution> | ||
| </executions> | ||
| </plugin> | ||
|
|
||
| <plugin> | ||
| <groupId>org.sonatype.central</groupId> | ||
| <artifactId>central-publishing-maven-plugin</artifactId> | ||
| <version>0.9.0</version> | ||
| <extensions>true</extensions> | ||
| <configuration> | ||
| <publishingServerId>central</publishingServerId> | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical Issue: The pom.xml now uses The Central Publishing Maven Plugin will look for a server named Fix: Update .github/workflows/release.yaml publish job:
Reference: https://central.sonatype.org/publish/publish-maven/ for complete setup instructions |
||
| <autoPublish>true</autoPublish> | ||
| <waitUntil>published</waitUntil> | ||
| </configuration> | ||
|
Comment on lines
+182
to
+186
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Central Publishing Maven Plugin Configuration: The migration from OSSRH to Sonatype Central Portal is correct and uses appropriate configuration: ✅ Note: Users will need to configure credentials in <server>
<id>central</id>
<username>SONATYPE_USERNAME</username>
<password>SONATYPE_PASSWORD</password>
</server>This should be documented for contributors who need to perform releases. Also ensure CI/CD credentials are properly scoped to this server ID. |
||
| </plugin> | ||
|
|
||
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-jar-plugin</artifactId> | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✅ Good Addition: License Distribution Tag
Adding
<distribution>repo</distribution>is correct for Maven Central requirements. This indicates the license applies to repository-hosted distributions, which is standard for open-source projects published to Maven Central.