feat: add Maven Central packaging and release publishing

refactor: move Maven POM and publication logic into gradle/maven-pom.gradle feat: publish signed mavenJava artifacts with sources and Javadoc jars feat: add Central staging, checksum generation, and centralBundle packaging feat: add packageReleaseCandidate task for clean local release verification docs: define Maven POM metadata for org.egothor:radixor docs: switch project licensing metadata and repository license file to BSD-3-Clause ci: build signed Central bundle in tagged release workflow ci: upload Central bundle to Maven Central via Sonatype Portal API ci: attach Central bundle to GitHub release assets
2026-04-16 02:00:59 +02:00
parent 558707d78e
commit 5730babd06
57 changed files with 1139 additions and 160 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -156,8 +156,31 @@ jobs:
          test -f gradle.properties
          test -f gradle/verification-metadata.xml

-      - name: Build release distribution and SBOM
-        run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport distZip cyclonedxBom
+      - name: Build release distribution, signed Maven bundle, and SBOM
+        run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport distZip cyclonedxBom centralBundle
+
+      - name: Publish bundle to Maven Central
+        shell: bash
+        env:
+          CENTRAL_BEARER_TOKEN: ${{ secrets.CENTRAL_BEARER_TOKEN }}
+        run: |
+          set -euo pipefail
+          echo "::add-mask::$CENTRAL_BEARER_TOKEN"
+
+          BUNDLE="$(ls build/central-bundle/*.zip)"
+          HEADER_FILE="$(mktemp)"
+          trap 'rm -f "$HEADER_FILE"' EXIT
+          printf 'Authorization: Bearer %s\n' "$CENTRAL_BEARER_TOKEN" > "$HEADER_FILE"
+
+          curl \
+            --fail \
+            --silent \
+            --show-error \
+            --request POST \
+            --header @"$HEADER_FILE" \
+            --form "bundle=@${BUNDLE}" \
+            --form "name=org.egothor:radixor:${GITHUB_REF_NAME#release@}" \
+            "https://central.sonatype.com/api/v1/publisher/upload?publishingType=AUTOMATIC"

      - name: Publish GitHub release assets
        uses: softprops/action-gh-release@v2
@@ -167,3 +190,4 @@ jobs:
            build/distributions/*.zip
            build/reports/sbom/radixor-sbom.json
            build/reports/sbom/radixor-sbom.xml
+            build/central-bundle/*.zip
--- a/.github/workflows/pages.yml
+++ b/.github/workflows/pages.yml
@@ -48,7 +48,7 @@ jobs:

      - name: Set up Gradle caching and instrumentation
        uses: gradle/actions/setup-gradle@v4
-		 
+
      - name: Verify reproducibility inputs
        shell: bash
        run: |