v6: Update release configuration #408
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OSSRH platform was sunset on June 30, 2025 and the recommended way to publish Maven artifacts is now via 'central-publishing-maven-plugin'. https://central.sonatype.org/pages/ossrh-eol/ The new Publishing Platform doubles as a staging server and will verify the artifact's checksums and GPG-signatures. 1. We replace nexus-staging-maven-plugin with central-publishing-maven-plugin and drop the explicit <distributionManagement> configuration (we use the plugin's default configuration). 2. Default settings for 'mvn deploy' is to NOT auto-publish and out wait until the artifact is 'verified'. We override these in our GitHub CI to autoPublish=true and waitUntil=published. This allows testing deployment changes and running mvn-deploy locally without running a risk of accidentally publishing an artifact. 3. Move ./decrypt_secret.sh to tools/ and add an encrypt_secret.sh script for convenience 4. Update create-release.yaml GH workflow
settings.xml have new username and password for Central Maven Repository Publishing Platform. Removed <server> configuration that was used to pass the GPG passphrase to gpg-maven-plugin, as the recommended method is via an env variable. Added autoPublish and waitUntil properties to control deployment behavior.
There was a problem hiding this comment.
Orca Security Scan Summary
| Status | Check | Issues by priority | |
|---|---|---|---|
 Passed |
Secrets |  0  0  0  0 |
View in Orca |
antas-marcin
reviewed
Jul 9, 2025
antas-marcin
approved these changes
Jul 9, 2025
antas-marcin
approved these changes
Jul 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OSSRH platform was sunset on June 30, 2025 and the recommended way to publish Maven artifacts is now via 'central-publishing-maven-plugin'.
The new Publishing Platform doubles as a staging server and will verify the artifact's checksums and GPG-signatures. Our
io.weaviatenamespace has been automatically migrated and is available here. The login credentials for Nexus Staging Repository are still valid.We had to re-generate the client credentials for the Maven deploy plugin, so I updated the settings.xml and pushed a new tarball.
Changes:
We replace nexus-staging-maven-plugin with central-publishing-maven-plugin and drop the explicit configuration (we use the plugin's default configuration).
Default settings for 'mvn deploy' is to NOT auto-publish and out wait until the artifact is 'verified'. We override these in our GitHub CI to autoPublish=true and waitUntil=published. This allows testing deployment changes and running mvn-deploy locally without running a risk of accidentally publishing an artifact.
Move ./decrypt_secret.sh to tools/ and add an encrypt_secret.sh script for convenience
Update create-release.yaml GH workflow
Note: the latest release pipeline failed because of this deprecation.