new prompts

edburns · edburns · commit 3c3cc0ac1512 · 2026-05-18T08:33:59.000-07:00
diff --git a/80-java-monorepo-add-01-remove-before-merge/20260515-prompts.md b/80-java-monorepo-add-01-remove-before-merge/20260515-prompts.md
@@ -0,0 +1,118 @@
+### 10:11 Prompt
+
+Read the `80-java-monorepo-add-01-remove-before-merge\dd-2989727-move-java-to-monorepo-plan.md` and the two `*-prompts.md` to get the context of what we've been working on.
+
+My current problem is the branch protection rules as tracked in this text in the plan.
+
+```markdown
+- [⌛ ] **Confirm branch protection** — will new required status checks be accepted? See https://github.com/github/copilot-sdk-partners/issues/95 .
+```
+
+The maintainer has this question:
+
+---
+@edburns Can you clarify why we need an action to be able to push directly to main rather than having the action produce a PR?
+---
+
+I know there is a good answer for this, but I can't easily articulate it. Can you help me?
+
+### 10:16 Response
+
+The workflow that needs direct-to-main push is `java-publish.yml` (adapted from `publish-maven.yml`), specifically because of how `maven-release-plugin` works.
+
+Here's the articulation:
+
+---
+
+**Why `maven-release-plugin` requires direct push to `main`:**
+
+The Maven Release Plugin performs an **atomic, multi-step commit sequence** as part of its `release:prepare` + `release:perform` lifecycle:
+
+1. Removes `-SNAPSHOT` from pom.xml version → commits as "prepare release vX.Y.Z"
+2. Creates a git tag `vX.Y.Z` pointing at that exact commit
+3. Bumps pom.xml to next `-SNAPSHOT` version → commits as "prepare for next development iteration"
+4. Pushes both commits + tag in one operation
+5. `release:perform` then checks out the tag and deploys the artifact to Maven Central
+
+**Why a PR doesn't work here:**
+
+- The **tag must point to the exact commit** with the non-SNAPSHOT version on `main`. If that commit lives on a PR branch, the tag references a commit that isn't on the default branch — Maven Central metadata and `<scm>` URLs become inconsistent.
+- A PR introduces a **race condition**: other commits could merge between the release commit and the SNAPSHOT-bump commit, breaking the plugin's assumption of consecutive commits.
+- There is **no human decision left to make** — the decision to release was already made when someone triggered the `workflow_dispatch`. The commits are mechanical version bookkeeping, not code changes requiring review.
+- The entire operation is **idempotent and reversible** (revert the two commits + delete the tag) if something goes wrong.
+
+This is the standard pattern used by virtually all Maven projects that release via CI (Spring, Apache, Quarkus, etc.). The alternative — manually managing versions and tags outside the plugin — defeats the purpose of using `maven-release-plugin` and introduces more error-prone manual steps.
+
+---
+
+Want me to draft this as a comment you can post directly on the issue?
+
+### 10:17 Prompt
+
+Yes.
+
+### 10:18 Response
+
+Read [](file:///e%3A/workareas/copilot-sdk-java-00/.github/workflows/publish-maven.yml#1-1), lines 1 to 180
+
+Here's a comment you can post:
+
+---
+
+The workflow that needs this is `java-publish.yml` (the Maven release workflow). It uses `maven-release-plugin`, which performs an atomic multi-commit sequence directly on `main`:
+
+1. Removes `-SNAPSHOT` from pom.xml → commits `[maven-release-plugin] prepare release v1.2.3`
+2. Creates git tag `v1.2.3` pointing at that exact commit
+3. Bumps pom.xml to next `-SNAPSHOT` → commits `[maven-release-plugin] prepare for next development iteration`
+4. Pushes both commits + tag in one operation
+5. Checks out the tag and deploys the signed artifact to Maven Central
+
+**Why a PR can't substitute here:**
+
+- **The tag must point to a commit on `main`.** Maven Central's POM metadata, `<scm>` URLs, and reproducibility guarantees all assume the tagged commit is on the default branch. A tag pointing at a PR branch commit breaks downstream tooling (Dependabot, IDE source attachment, `mvn scm:changelog`).
+- **The two commits must be consecutive.** If a PR is opened between the "set release version" commit and the "set next SNAPSHOT" commit, other PRs could merge in between, meaning `main` would contain a non-SNAPSHOT pom.xml that doesn't correspond to any published artifact — a broken state.
+- **There's no remaining human decision.** The release was already authorized by triggering `workflow_dispatch`. The commits are mechanical version bookkeeping, not code changes requiring review.
+- **The workflow already has rollback.** If anything fails, it reverts the documentation commit and runs `mvn release:rollback` (lines 168–177 of the current publish-maven.yml).
+
+This is the standard pattern used by Maven projects that release via CI (Spring, Apache, Quarkus, etc.). The `JAVA_RELEASE_TOKEN` PAT with `contents:write` scope is specifically for this use case.
+
+Note: only this one workflow (`java-publish.yml`) needs the bypass. All other Java workflows (`java-sdk-tests.yml`, `java-smoke-test.yml`, `java-codegen-fix.md`, etc.) operate via normal PRs.
+
+---
+
+### 10:21 Prompt
+
+That's close, but let's take the ADR in `docs/adr/adr-002-maven-version-and-reference-implementation-tracking.md` into account regarding tag names.
+
+You stated:
+
+> 2. Creates git tag `v1.2.3` pointing at that exact commit
+
+In our case, per the ADR, the tag would be `v1.2.3-java.0`. To avoid confusion, rewrite your post-ready response using this tag name wherever you need a tag.
+
+### 10:24 Response
+
+Here's the revised comment:
+
+---
+
+The workflow that needs this is `java-publish.yml` (the Maven release workflow). It uses `maven-release-plugin`, which performs an atomic multi-commit sequence directly on `main`:
+
+1. Removes `-SNAPSHOT` from pom.xml → commits `[maven-release-plugin] prepare release v1.2.3-java.0`
+2. Creates git tag `v1.2.3-java.0` pointing at that exact commit. See the [ADR](https://github.com/github/copilot-sdk-java/blob/main/docs/adr/adr-002-maven-version-and-reference-implementation-tracking.md).
+3. Bumps pom.xml to next `-SNAPSHOT` → commits `[maven-release-plugin] prepare for next development iteration`
+4. Pushes both commits + tag in one operation
+5. Checks out the tag and deploys the signed artifact to Maven Central
+
+**Why a PR can't substitute here:**
+
+- **The tag must point to a commit on `main`.** Maven Central's POM metadata, `<scm>` URLs, and reproducibility guarantees all assume the tagged commit is on the default branch. A tag pointing at a PR branch commit breaks downstream tooling (Dependabot, IDE source attachment, `mvn scm:changelog`).
+- **The two commits must be consecutive.** If a PR is opened between the "set release version" commit and the "set next SNAPSHOT" commit, other PRs could merge in between, meaning `main` would contain a non-SNAPSHOT pom.xml that doesn't correspond to any published artifact — a broken state.
+- **There's no remaining human decision.** The release was already authorized by triggering `workflow_dispatch`. The commits are mechanical version bookkeeping, not code changes requiring review.
+- **The workflow already has rollback.** If anything fails, it reverts the documentation commit and runs `mvn release:rollback`.
+
+This is the standard pattern used by Maven projects that release via CI (Spring, Apache, Quarkus, etc.). The `JAVA_RELEASE_TOKEN` PAT with `contents:write` scope is specifically for this use case.
+
+Note: only this one workflow (`java-publish.yml`) needs the bypass. All other Java workflows (`java-sdk-tests.yml`, `java-smoke-test.yml`, `java-codegen-fix.md`, etc.) operate via normal PRs.
+
+---
