Skip to content

Add Maven Central publishing configuration#29

Merged
nlathia merged 2 commits into
mainfrom
maven-central-publishing
Jun 29, 2026
Merged

Add Maven Central publishing configuration#29
nlathia merged 2 commits into
mainfrom
maven-central-publishing

Conversation

@nlathia

@nlathia nlathia commented Jun 29, 2026

Copy link
Copy Markdown
Member

Summary

  • Adds <scm> block and a release Maven profile to the parent POM with maven-gpg-plugin (artifact signing) and central-publishing-maven-plugin (Sonatype Central Portal)
  • Adds .github/workflows/ci.yml to run mvn verify on every push/PR to main
  • Adds .github/workflows/release.yml to publish to Maven Central on v* tag push — extracts the version from the tag, sets it in the POMs, and deploys signed artifacts

One-time setup required

Before the release workflow will work, add these GitHub Actions secrets:

Secret Source
SONATYPE_USERNAME Token username from central.sonatype.com
SONATYPE_PASSWORD Token password from central.sonatype.com
MAVEN_GPG_PRIVATE_KEY Armored GPG private key (gpg --armor --export-secret-keys KEY_ID)
MAVEN_GPG_PASSPHRASE GPG key passphrase

Also register the ai.gradientlabs namespace on Sonatype Central (DNS TXT verification on gradient-labs.ai).

Test plan

  • CI workflow runs on this PR
  • After merging and completing setup, create a v1.0.0 tag and verify the release workflow publishes to Maven Central

🤖 Generated with Claude Code

Adds GPG signing and Sonatype Central publishing plugin to a release
profile, SCM metadata to the parent POM, and GitHub Actions workflows
for CI and tag-triggered releases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@nlathia nlathia requested review from gmtuca and sharanmoore June 29, 2026 13:05
@sharanmoore

sharanmoore commented Jun 29, 2026

Copy link
Copy Markdown

missing a dependency or something? looks like it might be an existing issue though. maybe we weren't running compilation as part of ci before?

@nlathia nlathia force-pushed the maven-central-publishing branch from bacfdc7 to b6596c5 Compare June 29, 2026 17:13

nlathia commented Jun 29, 2026

Copy link
Copy Markdown
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@nlathia nlathia force-pushed the maven-central-publishing branch from b6596c5 to ca6e309 Compare June 29, 2026 17:24
Resolves 4 open Dependabot alerts:
- PolymorphicTypeValidator bypass (high)
- BasicPolymorphicTypeValidator allowIfSubTypeIsArray bypass (high)
- InetSocketAddress SSRF via eager DNS resolution (medium)
- Case-insensitive deserialization @JsonIgnoreProperties bypass (medium)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@nlathia nlathia force-pushed the maven-central-publishing branch from ca6e309 to 64eac66 Compare June 29, 2026 17:28

@sharanmoore sharanmoore left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a little readme section on publishing would be helpful for future us

nlathia commented Jun 29, 2026

Copy link
Copy Markdown
Member Author

Merge activity

  • Jun 29, 5:35 PM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Jun 29, 5:36 PM UTC: @nlathia merged this pull request with Graphite.

@nlathia nlathia merged commit aff17b7 into main Jun 29, 2026
2 checks passed
@nlathia nlathia deleted the maven-central-publishing branch June 29, 2026 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants