Skip to content

Topic/migrate to sonatype central #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 2, 2025
Merged

Topic/migrate to sonatype central #144

merged 2 commits into from
Jun 2, 2025

Conversation

@phillipross
Copy link
Contributor

@phillipross phillipross commented Jun 2, 2025

No description provided.

@phillipross
Build Fixes/Improvements
cbb8640 
- Update URLs to https

Signed-off-by: Phillip Ross <[email protected]>
@coderabbitai
Copy link

coderabbitai bot commented Jun 2, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The changes update Maven and GitHub Actions configurations to switch repository deployment from the old Sonatype OSSRH setup to the new Sonatype Central Portal. This includes renaming profiles, updating server and repository IDs, modifying environment variables, and replacing URLs and plugins in the POM and workflow files.

Changes

File(s) Change Summary
.github/settings.xml Updated server/repository IDs, environment variables, and URLs to use Sonatype Central Portal; removed old staging/release profiles.
.github/workflows/main.yml Changed Maven deployment profiles and credentials to match new Sonatype Central Portal setup.
pom.xml Switched URLs to HTTPS, replaced deployment profile and plugin with central-publishing-maven-plugin, updated release profile references.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant GitHub Actions
    participant Maven
    participant Sonatype Central Portal

    Developer->>GitHub Actions: Push code / trigger workflow
    GitHub Actions->>Maven: Run build & deploy with new profiles and credentials
    Maven->>Sonatype Central Portal: Deploy artifacts using central-publishing-maven-plugin
    Sonatype Central Portal-->>Maven: Acknowledge deployment
    Maven-->>GitHub Actions: Report deployment status
    GitHub Actions-->>Developer: Notify build/deployment result
Loading

Poem

🐇
Hopped from OSSRH to Central Portal’s gate,
New profiles and plugins, a shiny update!
URLs now secure, all tidy and neat,
Credentials refreshed for a seamless feat.
With every deploy, the rabbit will cheer—
"Onward to Central, our Maven is here!"

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce384a1 and d3983e3.

📒 Files selected for processing (3)
  • .github/settings.xml (2 hunks)
  • .github/workflows/main.yml (2 hunks)
  • pom.xml (7 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
  • .github/workflows/main.yml
  • .github/settings.xml
  • pom.xml
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: Build on OS ubuntu-24.04 using JDK 8.0.452-zulu

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jun 2, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
.github/workflows/main.yml (1)

28-28: Ensure PROFILES env matches configuration: The PROFILES variable lists the Maven profiles to activate. Double-check that these profile IDs (gpg, release-sign-artifacts, sonatype-central-portal-deployment, sonatype-central-snapshots) exactly match those declared in settings.xml and pom.xml. Also consider quoting the comma-separated string to prevent YAML parsing issues:

 env:
-  PROFILES: gpg,release-sign-artifacts,sonatype-central-portal-deployment,sonatype-central-snapshots
+  PROFILES: "gpg,release-sign-artifacts,sonatype-central-portal-deployment,sonatype-central-snapshots"
pom.xml (1)

862-865: Fix malformed XML comment: The comment block for the release-sign-artifacts profile is missing a closing parenthesis and has inconsistent phrasing. Consider revising for clarity:

-        <!--
-        The release-sign-artifacts and sonatype-central-portal-deployment profiles only need activated when pushing
-        snapshots or releases to maven central.  When enabled, additional artifacts will be generated for javadoc and
-        source as well as GPG signatures for each artifact.  These profiles assume that the properties for the gpg
-        plugin (such as gpg.keyname and gpg.passphrase are either defined in a settings.xml file or similar facility.
-        -->
+        <!--
+        The release-sign-artifacts and sonatype-central-portal-deployment profiles need activation only when publishing
+        snapshots or releases to Maven Central. When enabled, additional artifacts will be generated (javadoc, source)
+        and each artifact will be GPG-signed. Ensure properties for the GPG plugin (e.g., gpg.keyname and gpg.passphrase)
+        are defined in a settings.xml or equivalent.
+        -->
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 652fddb and 0cc8e1f.

📒 Files selected for processing (3)
  • .github/settings.xml (2 hunks)
  • .github/workflows/main.yml (2 hunks)
  • pom.xml (7 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (5)
  • GitHub Check: Build on OS ubuntu-24.04 using JDK 24.0.1-zulu
  • GitHub Check: Build on OS ubuntu-24.04 using JDK 8.0.452-zulu
  • GitHub Check: Build on OS ubuntu-24.04 using JDK 11.0.27-zulu
  • GitHub Check: Build on OS ubuntu-24.04 using JDK 17.0.15-zulu
  • GitHub Check: Build on OS ubuntu-24.04 using JDK 21.0.7-zulu
🔇 Additional comments (12)
.github/workflows/main.yml (1)

85-86: Verify repository credentials secrets: The workflow now uses SONATYPE_CENTRAL_PORTAL_REPO_USERNAME and SONATYPE_CENTRAL_PORTAL_REPO_PASSWORD. Ensure these secrets are created in the repository settings and have correct values, or the deploy step will fail.

.github/settings.xml (1)

6-9: Confirm server ID consistency: The <id> has been updated to sonatype-central-portal, matching the new plugin’s publishingServerId. This aligns settings with pom.xml and the workflow.

pom.xml (10)

12-12: Switch project URL to HTTPS: The project <url> has been updated to use HTTPS. Using HTTPS for project metadata is a best practice for security and trust.

16-16: Update license URL to HTTPS: The license URL now uses HTTPS. This ensures secure retrieval of license text.

24-24: Update developer URL to HTTPS: Changing to https://postgis.net is consistent and secure.

38-38: Update contributor URL to HTTPS: Switching to https://www.gurkensalat.com/ aligns the link with secure protocol.

58-58: Update user list archive URL: Changing to the OSGeo Pipermail archive over HTTPS is appropriate.

65-65: Update developer list archive URL: The HTTPS archive URL is correct.

90-90: Review distributionManagement site URL: The staging site URL is set to https://local-staging/. Verify whether this placeholder should be updated or parameterized for different environments.

464-464: Align <releaseProfiles> with workflow: The <releaseProfiles> now include sonatype-central-portal-deployment. Ensure this matches the profiles activated in the CI workflow.

912-915: Define sonatype-central-portal-deployment profile properties: The profile is correctly configured with the central-publishing-maven-plugin.version property. This ensures the plugin version can be managed.

916-937: Configure central-publishing-maven-plugin: The sonatype-central-portal-deployment profile now includes the plugin configuration to publish via the new Sonatype Central Portal. This matches the migration plan.

@phillipross phillipross force-pushed the topic/migrate-to-sonatype-central branch from 0cc8e1f to ce384a1 Compare June 2, 2025 18:09
@phillipross phillipross force-pushed the topic/migrate-to-sonatype-central branch from ce384a1 to d3983e3 Compare June 2, 2025 18:22
@phillipross phillipross merged commit 923b56e into postgis:main Jun 2, 2025
6 checks passed
@phillipross phillipross deleted the topic/migrate-to-sonatype-central branch June 2, 2025 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@phillipross