build: publish to Maven Central on version tags#3
Conversation
Make JavaSake consumable as a normal Gradle/Maven dependency (org.openminimed:javasake) instead of requiring downstream projects to vendor the sources. - Apply com.vanniktech.maven.publish; configure POM (name, description, GPL-3.0, developers, SCM), sources + javadoc jars, and GPG signing for the Sonatype Central Portal. - Derive the release version from the git tag (-PreleaseVersion); local builds and PRs stay on 0.1.0-SNAPSHOT and never publish. - Add a release workflow that publishes + signs on a vX.Y.Z tag and opens a GitHub Release. Credentials and the signing key come from repo secrets at publish time only. - Document the one-time admin setup (namespace, token, signing key) and the tag-to-release flow in RELEASING.md. No production code changes. Build/test, the generated POM, and the wired publishing tasks were verified locally (publish itself needs the secrets).
|
@palmarci some context on what this PR is for and what (if anything) you'd need to do — no rush on any of it. The problem it solves. Today the only way to use JavaSake in another project is to copy the source in ("vendoring"). That's how GlycemicGPT consumes it right now — we keep a verbatim copy of What this changes. It makes JavaSake a normal published library. Once it's on Maven Central, any project — GlycemicGPT included — just declares: implementation("org.openminimed:javasake:<version>")and pulls it like any other dependency. Tools like Renovate then open automatic version-bump PRs whenever you cut a new release, so consumers stay current with zero hand-copying. It also means your work ships as a proper versioned artifact rather than a source dump. How releasing works. You push a tag (e.g. What's needed from you (one-time, admin):
On cost — this is all free. Maven Central / the Sonatype Central Portal is free for open-source publishing (no account or per-artifact fees), GitHub Actions is free for public repos, and the Totally your call on whether and when to do this. Suggest merging #2 first — it fixes a real desync bug and also clears the pre-existing Spotless formatting issue that's currently making this PR's |
Summary
Makes JavaSake consumable as a normal Gradle/Maven dependency (
org.openminimed:javasake) instead of requiring downstream projects to vendor the sources. This is the enabler for downstream consumers (e.g. GlycemicGPT) to pull JavaSake as a versioned dependency and let Renovate bump it, rather than copying the source in.No production code changes — build and release plumbing only.
What's here
com.vanniktech.maven.publishand configures publishing to the Sonatype Central Portal: POM metadata (name, description, GPL-3.0, developers, SCM), sources + javadoc jars, and GPG signing.-PreleaseVersion); local builds and PRs stay on0.1.0-SNAPSHOTand never publish..github/workflows/release.yml: on avX.Y.Ztag push, builds, signs, publishes to Central, and opens a GitHub Release. Credentials and the signing key are read from repo secrets at publish time only — nothing is needed to build or test.RELEASING.md: the one-time admin setup (namespace verification, Central user token, GPG signing key as secrets) and the tag-to-release flow.What you'll need to flip it on (admin, one-time)
Publishing won't run until four repo secrets exist (
MAVEN_CENTRAL_USERNAME,MAVEN_CENTRAL_PASSWORD,SIGNING_KEY,SIGNING_KEY_PASSWORD) and the Central namespace is verified. Full checklist inRELEASING.md. The coordinate isorg.openminimed(needs domain verification); if you'd rather skip that,io.github.openminimedverifies automatically against the GitHub org — one-line change togroup.Verification
./gradlew build(compile/test/jar/sources/javadoc), the generated POM, and the wired publishing tasks were all verified locally; only the publish upload itself needs the secrets.Note on CI
The
buildcheck will be red on this PR until #2 merges. That's a pre-existing Spotless formatting violation inSeqCrypt.javaonmain(from d78ff25) — unrelated to this PR, which changes no.javafiles. #2 fixes it; once it merges and this rebases onmain, CI goes green. Please review/merge #2 first.