Update POM file for NotificationAPI Java Server SDK to include project metadata, change license to Apache 2.0, and configure distribution management for Maven Central. Modify README for clarity and update GitHub Actions workflow to publish to Maven Central with GPG signing support. #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t metadata, change license to Apache 2.0, and configure distribution management for Maven Central. Modify README for clarity and update GitHub Actions workflow to publish to Maven Central with GPG signing support.
…rkflows Enhance the publish workflow with a step to wait for artifacts to sync to Maven Central after a release. Implement a verification step to ensure all required artifacts are present in Maven Central. Update the pull request workflow to include GPG signing verification and a dry-run for SNAPSHOT deployment, ensuring proper configuration for OSSRH credentials.
Included Jackson for JSON handling and Apache HttpClient for making HTTP requests. This enhances the project's capabilities for data processing and network communication.
…cific files This commit introduces a .gitignore file to prevent unnecessary files from being tracked in the repository, including Maven build outputs, IDE configurations, compiled files, logs, and system-specific files.
This commit introduces a Checkstyle configuration file to enforce coding standards and best practices across the project. The POM file is updated to include the Maven Checkstyle plugin, which will validate the code during the build process. Additionally, new package-info.java files are added to document the main package, examples, exceptions, and model classes within the NotificationAPI Java Server SDK.
This commit adds a step to the pull request workflow to configure GPG settings, enabling loopback pinentry for GPG signing. This ensures that GPG signing verification can be performed during the build process, enhancing security and integrity of the artifacts.
…rity This commit modifies the GPG configuration in the pull request workflow by ensuring the GPG directory is created with appropriate permissions and updating the GPG command to include the passphrase from secrets. These changes improve the security of the GPG signing process during the build verification.
This commit eliminates the GPG configuration and signing verification steps from the pull request workflow. The removal streamlines the workflow by focusing on essential tasks, while GPG signing can be managed separately if needed.
This commit updates the pull request workflow to utilize GitHub secrets for GPG configuration, enhancing security by avoiding hardcoded values. Additionally, a new step for verifying GPG signing is added to ensure the integrity of the build process.
…for OSSRH credentials This commit modifies the pull request workflow to securely utilize GitHub secrets for OSSRH username and password during the SNAPSHOT deployment process. This change enhances security by avoiding hardcoded credentials in the workflow.
…loyment steps This commit modifies the pull request workflow by changing the server ID from 'ossrh' to 'central' for deployment. It also simplifies the dry-run deployment step by removing unnecessary environment variables and parameters, while retaining the GPG signing verification step for enhanced security.
…redentials This commit updates the pull request workflow to include the OSSRH username and password as GitHub secrets during the dry-run SNAPSHOT deployment process. Additionally, it modifies the GPG signing verification step to utilize the passphrase from secrets, improving security and ensuring a more streamlined deployment process.
This commit simplifies the dry-run SNAPSHOT deployment step in the pull request workflow by consolidating the deployment command into a single line. The server ID is updated to 'central', and unnecessary parameters have been removed while maintaining the use of GitHub secrets for secure credentials.
…custom settings file This commit modifies the dry-run SNAPSHOT deployment step in the pull request workflow to include a custom Maven settings file. This change enhances the deployment process by allowing for more flexible configuration while maintaining the use of GitHub secrets for secure credentials.
…rets in GitHub Actions workflow This commit modifies the dry-run SNAPSHOT deployment step in the pull request workflow to incorporate the GPG passphrase from GitHub secrets. This change enhances security by ensuring sensitive information is not hardcoded, while maintaining the streamlined deployment process.
…ecurity and configuration This commit introduces a new settings file for Maven that securely manages credentials using environment variables. It also modifies the GPG key import process to improve security by avoiding hardcoded values. The dry-run SNAPSHOT deployment step is updated to utilize the new settings file, ensuring a more streamlined and secure deployment process.
…OT deployment This commit modifies the path to the Maven settings file in the pull request workflow, ensuring it points to the correct location within the GitHub workflows directory. This change enhances the clarity and organization of the deployment configuration.
…d versioning This commit updates the version of the project in pom.xml from 0.1.0-SNAPSHOT to 0.1.1 and enhances the project description for clarity. Additionally, it modifies the GitHub Actions workflow to streamline the deployment process by removing the old settings file and incorporating a new Maven settings file for better management of credentials. The GPG signing process is also updated to utilize environment variables for enhanced security.
…tions workflow for simplified deployment
…se for secure Maven deployment
…e use and improving key import process for secure Maven deployment
…ment by explicitly retrieving the key ID and configuring the deployment command to use it, enhancing security and clarity.
…deployment This commit introduces a distribution management section to the pom.xml, specifying the snapshot and release repositories for Maven deployment. Additionally, a release profile is added, configuring the maven-gpg-plugin for signing artifacts during the verify phase, enhancing the deployment process and security.
…om pom.xml to streamline configuration and enhance clarity.
…job and simplifying JDK setup. Update GPG key import process for enhanced security and streamline Maven build and publish steps with environment variable management.
…-8 encoding, enhancing build configuration clarity.
…or the GPG key import step and updating the Maven deploy command to include the GPG key name, improving security and clarity in the deployment process.
…step in the Maven deploy command, enhancing security and clarity in the deployment process.
…aven deployment, improving security and consistency in the build process.
…r publishing to Maven Central, including necessary secrets and setup instructions in README.md.
…undant setup for Maven Central Repository and updating settings.xml creation to include proper server configurations. This enhances clarity and streamlines the deployment process.
…PG key permissions and updating settings.xml to include GPG passphrase and profile settings. This improves security and ensures proper deployment configuration.
…G key import process and updating settings.xml creation. This enhances security and ensures proper configurations for deployment, including the use of GPG key name in the Maven command.
… the GPG key ID in the deployment command and export it for later use. This improves security and ensures consistency in the build process.
…me from secrets in the deployment command, enhancing security and ensuring consistency in the build process.
… to include manual trigger for Maven publishing, enhancing flexibility in deployment processes.
…gging step to list GPG keys and configuring the Maven deploy command to explicitly use the GPG key name and passphrase. This improves clarity and security in the deployment process.
… configurations, and remove deprecated GitHub Actions workflow for Maven publishing. This enhances deployment security and streamlines the configuration process.
… variables for Maven deployment, enhancing security and ensuring correct key usage during the build process.
…nt, enhancing security by ensuring the key is available during the build process.
…g a dedicated GPG directory, writing the key to a file, and cleaning up after import. This enhances security and maintains a clean environment during the build process.
…rkflow to create settings.xml for Maven deployment. This enhances security by managing GPG credentials and ensuring proper signing of artifacts during the build process.
…se the key ID instead of the key name. This improves clarity and ensures the correct key is utilized during the Maven deployment process.
…improved credential management during deployment. This change activates the central profile by default and includes username and password properties for enhanced security.
…w to use OSSRH credentials for Maven deployment, enhancing security and aligning with updated credential management practices.
…ws to use JDK 17. Refactor build steps to include testing, code style checks, and Javadoc generation, enhancing the CI process.
…igning with project requirements.
millerm30
approved these changes
Apr 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.