From 1fbc37fe3095330d1b122f724e751393fe5fe212 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:03:03 +0200 Subject: [PATCH 01/19] Migrate to new Maven Central Portal for publishing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace legacy OSSRH/Nexus publishing with the new Maven Central Portal: - Replace `io.github.gradle-nexus.publish-plugin` with `tech.yanand.maven-central-publish` - Remove old OSSRH repository configuration - Add `mavenCentral` block for new Central Portal API - Update publish workflow to use `publishToMavenCentralPortal` task - Update GitHub Actions to v4 and add fetch-depth for git-version plugin - Simplify workflow by separating GitHub Packages and Maven Central steps The new publishing requires a `MAVEN_CENTRAL_TOKEN` secret generated from https://central.sonatype.com/account (View Account -> Generate User Token) Fixes PER-13671 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .github/workflows/publish.yaml | 31 ++++++++++++++++--------------- build.gradle | 31 +++++++++++-------------------- 2 files changed, 27 insertions(+), 35 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 7d1c73d..f416011 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,4 +1,4 @@ -name: Publish package to GitHub Packages +name: Publish package to GitHub Packages and Maven Central on: release: types: [ created ] @@ -11,17 +11,19 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v2 - - uses: actions/setup-java@v3.11.0 + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Required for git-version plugin + - uses: actions/setup-java@v4 with: java-version: '8' distribution: 'corretto' - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/wrapper-validation-action@v2 + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 - name: Verify Javadoc generation - uses: gradle/gradle-build-action@v2 - with: - arguments: javadoc + run: ./gradlew javadoc - name: Check Javadoc generation run: | if [ -d "build/docs/javadoc" ]; then @@ -30,15 +32,14 @@ jobs: echo "ERROR: Javadoc directory not found" exit 1 fi - - name: Publish package - uses: gradle/gradle-build-action@v2 - with: - arguments: publish publishToSonatype closeAndReleaseSonatypeStagingRepository + - name: Publish to GitHub Packages + run: ./gradlew publish env: + GITHUB_ACTOR: ${{ github.actor }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} - OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + - name: Publish to Maven Central + run: ./gradlew publishToMavenCentralPortal + env: + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }} - NEXUS_TOKEN_USERNAME: ${{ secrets.NEXUS_TOKEN_USERNAME }} - NEXUS_TOKEN_PASSWORD: ${{ secrets.NEXUS_TOKEN_PASSWORD }} diff --git a/build.gradle b/build.gradle index 8d15bdb..3944821 100644 --- a/build.gradle +++ b/build.gradle @@ -15,8 +15,8 @@ plugins { id 'signing' // the git-version plugin helps us to publish an auto version (taken from git tags) id 'com.palantir.git-version' version '0.13.0' - // auto release to maven central (skip sonatype manual nexus release process) - id("io.github.gradle-nexus.publish-plugin") version "1.1.0" + // New Maven Central Portal publishing (replaces legacy OSSRH/Nexus) + id 'tech.yanand.maven-central-publish' version '1.2.0' // translate json schemas to java classes // id "org.jsonschema2pojo" version "1.1.3" } @@ -151,14 +151,6 @@ dependencies { publishing { repositories { - maven { - name = "OSSRH" - url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" - credentials { - username = System.getenv("OSSRH_USERNAME") - password = System.getenv("OSSRH_PASSWORD") - } - } maven { name = "GitHubPackages" url = "https://maven.pkg.github.com/permitio/permit-java" @@ -169,7 +161,6 @@ publishing { } } - publications { maven(MavenPublication) { groupId = 'io.permit' @@ -195,6 +186,8 @@ publishing { } } scm { + connection = 'scm:git:git://github.com/permitio/permit-java.git' + developerConnection = 'scm:git:ssh://github.com/permitio/permit-java.git' url = 'https://github.com/permitio/permit-java' } } @@ -202,15 +195,13 @@ publishing { } } -nexusPublishing { - repositories { - sonatype { - nexusUrl.set(uri("https://s01.oss.sonatype.org/service/local/")) - snapshotRepositoryUrl.set(uri("https://s01.oss.sonatype.org/content/repositories/snapshots/")) - username = System.getenv("NEXUS_TOKEN_USERNAME") - password = System.getenv("NEXUS_TOKEN_PASSWORD") - } - } +// Maven Central Portal publishing configuration +mavenCentral { + repoDir = layout.buildDirectory.dir("staging-deploy") + // Token from Maven Central Portal (https://central.sonatype.com/account) + authToken = System.getenv("MAVEN_CENTRAL_TOKEN") + // Automatically publish after uploading (set to false to manually release) + publishingType = "AUTOMATIC" } signing { From dd8ddc3e8d61c05b2d323975e0b2b4f625736cd7 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:07:45 +0200 Subject: [PATCH 02/19] Add documentation for Maven Central Portal configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- build.gradle | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 3944821..0ce2b82 100644 --- a/build.gradle +++ b/build.gradle @@ -196,11 +196,21 @@ publishing { } // Maven Central Portal publishing configuration +// See: https://github.com/yananhub/flying-gradle-plugin mavenCentral { + // Local staging directory where artifacts are collected before upload. + // The plugin publishes JARs, POM, and signatures here first, then zips + // and uploads the bundle to Maven Central Portal. repoDir = layout.buildDirectory.dir("staging-deploy") - // Token from Maven Central Portal (https://central.sonatype.com/account) + + // Authentication token from Maven Central Portal. + // Generate at: https://central.sonatype.com/account -> Generate User Token + // The token is a base64-encoded "username:password" string. authToken = System.getenv("MAVEN_CENTRAL_TOKEN") - // Automatically publish after uploading (set to false to manually release) + + // Publishing mode: + // - "AUTOMATIC": Artifacts are automatically published after validation + // - "USER_MANAGED": Artifacts stay in pending state for manual release publishingType = "AUTOMATIC" } From bd2806cd620559d4313ba156e66705c309460ff2 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:09:11 +0200 Subject: [PATCH 03/19] wip --- build.gradle | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index 0ce2b82..aba5794 100644 --- a/build.gradle +++ b/build.gradle @@ -36,7 +36,7 @@ repositories { java { toolchain { - languageVersion = JavaLanguageVersion.of(8) + languageVersion = JavaLanguageVersion.of(8) } // sources are required by maven central in order to accept the package withSourcesJar() @@ -69,8 +69,6 @@ dependencies { implementation 'ch.qos.logback:logback-core:1.4.14' implementation 'org.slf4j:slf4j-api:1.7.33' - - // Use JUnit Jupiter for testing. testImplementation 'org.junit.jupiter:junit-jupiter:5.7.2' @@ -233,7 +231,6 @@ tasks.named('javadoc') { tasks.named('jar') { manifest { - attributes('Implementation-Title': project.name, - 'Implementation-Version': project.version) + attributes('Implementation-Title': project.name, 'Implementation-Version': project.version) } -} \ No newline at end of file +} From 203e542e2482e58c184a25f1c8992df394aeb639 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:35:48 +0200 Subject: [PATCH 04/19] Migrate to new Maven Central Portal for publishing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Upgrade Gradle from 7.3.3 to 8.5 for plugin compatibility - Replace legacy nexus-publish plugin with vanniktech/gradle-maven-publish-plugin - Configure Maven Central Portal publishing (CENTRAL_PORTAL host) - Update workflows to use Java 11 for building - Update GitHub Actions to v4 versions - Use standard Gradle project properties for credentials: - ORG_GRADLE_PROJECT_mavenCentralUsername - ORG_GRADLE_PROJECT_mavenCentralPassword - ORG_GRADLE_PROJECT_signingInMemoryKey - ORG_GRADLE_PROJECT_signingInMemoryKeyPassword Required secrets (generate from https://central.sonatype.com/account): - MAVEN_CENTRAL_USERNAME: Username from token generation - MAVEN_CENTRAL_PASSWORD: Password from token generation Fixes PER-13671 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .github/workflows/javadoc.yaml | 14 +-- .github/workflows/publish.yaml | 11 +-- build.gradle | 110 ++++++++++------------- gradle/wrapper/gradle-wrapper.properties | 2 +- 4 files changed, 62 insertions(+), 75 deletions(-) diff --git a/.github/workflows/javadoc.yaml b/.github/workflows/javadoc.yaml index 0b00df5..2090191 100644 --- a/.github/workflows/javadoc.yaml +++ b/.github/workflows/javadoc.yaml @@ -11,16 +11,18 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-java@v3.11.0 with: - java-version: '8' + fetch-depth: 0 # Required for git-version plugin + - uses: actions/setup-java@v4 + with: + java-version: '11' distribution: 'corretto' - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/wrapper-validation-action@v2 + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 - name: Generate Javadoc - uses: gradle/gradle-build-action@v2 - with: - arguments: javadoc + run: ./gradlew javadoc - name: Check Javadoc generation run: | if [ -d "build/docs/javadoc" ]; then diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index f416011..1b460b2 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -16,7 +16,7 @@ jobs: fetch-depth: 0 # Required for git-version plugin - uses: actions/setup-java@v4 with: - java-version: '8' + java-version: '11' distribution: 'corretto' - name: Validate Gradle wrapper uses: gradle/wrapper-validation-action@v2 @@ -38,8 +38,9 @@ jobs: GITHUB_ACTOR: ${{ github.actor }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Publish to Maven Central - run: ./gradlew publishToMavenCentralPortal + run: ./gradlew publishAndReleaseToMavenCentral env: - MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} - GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} - GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }} + ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }} + ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} + ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY }} + ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SIGNING_PASSPHRASE }} diff --git a/build.gradle b/build.gradle index aba5794..33a0fa8 100644 --- a/build.gradle +++ b/build.gradle @@ -9,14 +9,13 @@ plugins { // Apply the java-library plugin for API and implementation separation. id 'java-library' - // Maven publish plugins helps us to publish our library to maven repos - id 'maven-publish' // the signing plugin helps us to crypto-sign on our package (PGP key) id 'signing' // the git-version plugin helps us to publish an auto version (taken from git tags) id 'com.palantir.git-version' version '0.13.0' - // New Maven Central Portal publishing (replaces legacy OSSRH/Nexus) - id 'tech.yanand.maven-central-publish' version '1.2.0' + // Maven Central Portal publishing (community plugin, recommended by Sonatype) + // See: https://vanniktech.github.io/gradle-maven-publish-plugin/central/ + id 'com.vanniktech.maven.publish' version '0.28.0' // translate json schemas to java classes // id "org.jsonschema2pojo" version "1.1.3" } @@ -147,6 +146,50 @@ dependencies { // initializeCollections = false //} +// Maven Central Portal publishing configuration +// See: https://vanniktech.github.io/gradle-maven-publish-plugin/central/ +mavenPublishing { + // Publish to Maven Central Portal (new system replacing OSSRH) + publishToMavenCentral(com.vanniktech.maven.publish.SonatypeHost.CENTRAL_PORTAL) + + // Sign all publications with GPG + signAllPublications() + + // Artifact coordinates + coordinates("io.permit", "permit-sdk-java", version.toString()) + + // POM configuration required by Maven Central + pom { + name = "Permit.io Java SDK" + description = "Java SDK for Permit.io: fullstack permissions for cloud native applications" + url = "https://permit.io" + inceptionYear = "2021" + + licenses { + license { + name = "The Apache License, Version 2.0" + url = "http://www.apache.org/licenses/LICENSE-2.0.txt" + distribution = "repo" + } + } + + developers { + developer { + id = "asafc" + name = "Asaf Cohen" + email = "asaf@permit.io" + } + } + + scm { + connection = "scm:git:git://github.com/permitio/permit-java.git" + developerConnection = "scm:git:ssh://github.com/permitio/permit-java.git" + url = "https://github.com/permitio/permit-java" + } + } +} + +// GitHub Packages publishing (separate from Maven Central) publishing { repositories { maven { @@ -158,65 +201,6 @@ publishing { } } } - - publications { - maven(MavenPublication) { - groupId = 'io.permit' - artifactId = 'permit-sdk-java' - - from components.java - - pom { - name = "Permit.io Java SDK" - description = 'Java SDK for Permit.io: fullstack permissions for cloud native applications' - url = 'https://permit.io' - licenses { - license { - name = 'The Apache License, Version 2.0' - url = 'http://www.apache.org/licenses/LICENSE-2.0.txt' - } - } - developers { - developer { - id = 'asafc' - name = 'Asaf Cohen' - email = 'asaf@permit.io' - } - } - scm { - connection = 'scm:git:git://github.com/permitio/permit-java.git' - developerConnection = 'scm:git:ssh://github.com/permitio/permit-java.git' - url = 'https://github.com/permitio/permit-java' - } - } - } - } -} - -// Maven Central Portal publishing configuration -// See: https://github.com/yananhub/flying-gradle-plugin -mavenCentral { - // Local staging directory where artifacts are collected before upload. - // The plugin publishes JARs, POM, and signatures here first, then zips - // and uploads the bundle to Maven Central Portal. - repoDir = layout.buildDirectory.dir("staging-deploy") - - // Authentication token from Maven Central Portal. - // Generate at: https://central.sonatype.com/account -> Generate User Token - // The token is a base64-encoded "username:password" string. - authToken = System.getenv("MAVEN_CENTRAL_TOKEN") - - // Publishing mode: - // - "AUTOMATIC": Artifacts are automatically published after validation - // - "USER_MANAGED": Artifacts stay in pending state for manual release - publishingType = "AUTOMATIC" -} - -signing { - def GPG_SIGNING_KEY = findProperty("signingKey") ?: System.getenv("GPG_SIGNING_KEY") - def GPG_SIGNING_PASSPHRASE = findProperty("signingPassword") ?: System.getenv("GPG_SIGNING_PASSPHRASE") - useInMemoryPgpKeys(GPG_SIGNING_KEY, GPG_SIGNING_PASSPHRASE) - sign publishing.publications.maven } tasks.named('test') { diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 2e6e589..a595206 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From 756d44138b0f9bef159c484d68f03613a07a682f Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:47:31 +0200 Subject: [PATCH 05/19] wip --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 33a0fa8..fa3f58a 100644 --- a/build.gradle +++ b/build.gradle @@ -175,9 +175,9 @@ mavenPublishing { developers { developer { - id = "asafc" - name = "Asaf Cohen" - email = "asaf@permit.io" + id = "permit-io" + name = "Permit Team" + email = "support@permit.io" } } From 21bedeba5f9b33894a30792f2053b2c881e1631a Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:49:18 +0200 Subject: [PATCH 06/19] Add publishing documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Document Maven Central and GitHub Packages publishing process, including credentials setup, Gradle tasks, and troubleshooting. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- PUBLISHING.md | 149 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 PUBLISHING.md diff --git a/PUBLISHING.md b/PUBLISHING.md new file mode 100644 index 0000000..3853700 --- /dev/null +++ b/PUBLISHING.md @@ -0,0 +1,149 @@ +# Publishing Guide + +This document describes how to publish the Permit.io Java SDK to Maven Central and GitHub Packages. + +## Overview + +The SDK is published to two repositories: +- **Maven Central** - Primary distribution for public consumption +- **GitHub Packages** - Secondary distribution for GitHub-based workflows + +## Prerequisites + +### Maven Central Portal Account +1. Create an account at [central.sonatype.com](https://central.sonatype.com) +2. Verify ownership of the `io.permit` namespace +3. Generate a User Token: Account → Generate User Token + +### GPG Signing Key +Maven Central requires all artifacts to be signed with GPG: +```bash +# Generate a key (if you don't have one) +gpg --full-generate-key + +# Export the private key (base64 encoded for CI) +gpg --armor --export-secret-keys YOUR_KEY_ID | base64 +``` + +## GitHub Secrets + +Configure these secrets in your GitHub repository: + +| Secret | Description | +|--------|-------------| +| `MAVEN_CENTRAL_USERNAME` | Username from Central Portal token | +| `MAVEN_CENTRAL_PASSWORD` | Password from Central Portal token | +| `GPG_SIGNING_KEY` | Base64-encoded GPG private key | +| `GPG_SIGNING_PASSPHRASE` | Passphrase for the GPG key | + +## Publishing Methods + +### Automatic (CI/CD) + +Publishing is triggered automatically when: +- A GitHub Release is created +- The workflow is manually dispatched + +The workflow (`.github/workflows/publish.yaml`) handles: +1. Javadoc verification +2. Publishing to GitHub Packages +3. Publishing to Maven Central + +### Manual (Local) + +#### Publish to Local Maven Repository +Test artifact generation without uploading: +```bash +./gradlew publishToMavenLocal +``` +Artifacts are published to `~/.m2/repository/io/permit/permit-sdk-java/` + +#### Publish to Maven Central (Staging Only) +Upload to Central Portal without releasing: +```bash +./gradlew publishToMavenCentral \ + -PmavenCentralUsername=USERNAME \ + -PmavenCentralPassword=PASSWORD \ + -PsigningInMemoryKey="$(cat key.asc)" \ + -PsigningInMemoryKeyPassword=PASSPHRASE +``` +Review at [Central Portal Deployments](https://central.sonatype.com/publishing/deployments) + +#### Publish and Release to Maven Central +Full publish with automatic release: +```bash +./gradlew publishAndReleaseToMavenCentral \ + -PmavenCentralUsername=USERNAME \ + -PmavenCentralPassword=PASSWORD \ + -PsigningInMemoryKey="$(cat key.asc)" \ + -PsigningInMemoryKeyPassword=PASSPHRASE +``` + +#### Publish to GitHub Packages +```bash +GITHUB_ACTOR=username GITHUB_TOKEN=token ./gradlew publish +``` + +## Publishing Types + +The `mavenPublishing` block in `build.gradle` supports different publishing modes: + +### CENTRAL_PORTAL (Current) +```groovy +publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL) +``` +Uses the new Maven Central Portal API at `central.sonatype.com`. This is the current recommended method as Sonatype has deprecated the legacy OSSRH system. + +### S01 (Legacy OSSRH) +```groovy +publishToMavenCentral(SonatypeHost.S01) +``` +Uses the legacy Sonatype OSSRH at `s01.oss.sonatype.org`. This method is deprecated and may stop working. + +### DEFAULT (Legacy OSSRH) +```groovy +publishToMavenCentral(SonatypeHost.DEFAULT) +``` +Uses the original Sonatype OSSRH at `oss.sonatype.org`. This is for older projects and is deprecated. + +## Gradle Tasks + +| Task | Description | +|------|-------------| +| `publishToMavenLocal` | Publish to local Maven cache (~/.m2) | +| `publishToMavenCentral` | Upload to Central Portal (staging) | +| `publishAndReleaseToMavenCentral` | Upload and release to Maven Central | +| `publish` | Publish to all configured repositories (GitHub Packages) | + +## Versioning + +Version is automatically determined by the `com.palantir.git-version` plugin based on git tags: +- Tagged commit: `2.2.0` +- Commits after tag: `2.2.0-1-gabcdef` +- Dirty working directory: `2.2.0-1-gabcdef.dirty` + +To release a new version: +```bash +git tag 2.3.0 +git push origin 2.3.0 +``` + +## Troubleshooting + +### 403 Forbidden +- Credentials may be invalid or expired +- Regenerate token at Central Portal + +### Signature Verification Failed +- GPG key may be malformed +- Ensure key is base64 encoded without line breaks + +### Version Already Exists +- Maven Central doesn't allow overwriting versions +- Bump the version and try again + +## References + +- [Maven Central Portal](https://central.sonatype.com) +- [vanniktech/gradle-maven-publish-plugin](https://vanniktech.github.io/gradle-maven-publish-plugin/central/) +- [Sonatype Publishing Guide](https://central.sonatype.org/publish/publish-portal-gradle/) From e7012f5456fab6a1b60f3fe3b864106480f48f1d Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:50:00 +0200 Subject: [PATCH 07/19] fmt --- PUBLISHING.md | 49 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index 3853700..b2ac890 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -5,18 +5,22 @@ This document describes how to publish the Permit.io Java SDK to Maven Central a ## Overview The SDK is published to two repositories: + - **Maven Central** - Primary distribution for public consumption - **GitHub Packages** - Secondary distribution for GitHub-based workflows ## Prerequisites ### Maven Central Portal Account + 1. Create an account at [central.sonatype.com](https://central.sonatype.com) 2. Verify ownership of the `io.permit` namespace 3. Generate a User Token: Account → Generate User Token ### GPG Signing Key + Maven Central requires all artifacts to be signed with GPG: + ```bash # Generate a key (if you don't have one) gpg --full-generate-key @@ -29,22 +33,24 @@ gpg --armor --export-secret-keys YOUR_KEY_ID | base64 Configure these secrets in your GitHub repository: -| Secret | Description | -|--------|-------------| +| Secret | Description | +|--------------------------|------------------------------------| | `MAVEN_CENTRAL_USERNAME` | Username from Central Portal token | | `MAVEN_CENTRAL_PASSWORD` | Password from Central Portal token | -| `GPG_SIGNING_KEY` | Base64-encoded GPG private key | -| `GPG_SIGNING_PASSPHRASE` | Passphrase for the GPG key | +| `GPG_SIGNING_KEY` | Base64-encoded GPG private key | +| `GPG_SIGNING_PASSPHRASE` | Passphrase for the GPG key | ## Publishing Methods ### Automatic (CI/CD) Publishing is triggered automatically when: + - A GitHub Release is created - The workflow is manually dispatched The workflow (`.github/workflows/publish.yaml`) handles: + 1. Javadoc verification 2. Publishing to GitHub Packages 3. Publishing to Maven Central @@ -52,14 +58,19 @@ The workflow (`.github/workflows/publish.yaml`) handles: ### Manual (Local) #### Publish to Local Maven Repository + Test artifact generation without uploading: + ```bash ./gradlew publishToMavenLocal ``` + Artifacts are published to `~/.m2/repository/io/permit/permit-sdk-java/` #### Publish to Maven Central (Staging Only) + Upload to Central Portal without releasing: + ```bash ./gradlew publishToMavenCentral \ -PmavenCentralUsername=USERNAME \ @@ -67,10 +78,13 @@ Upload to Central Portal without releasing: -PsigningInMemoryKey="$(cat key.asc)" \ -PsigningInMemoryKeyPassword=PASSPHRASE ``` + Review at [Central Portal Deployments](https://central.sonatype.com/publishing/deployments) #### Publish and Release to Maven Central + Full publish with automatic release: + ```bash ./gradlew publishAndReleaseToMavenCentral \ -PmavenCentralUsername=USERNAME \ @@ -80,6 +94,7 @@ Full publish with automatic release: ``` #### Publish to GitHub Packages + ```bash GITHUB_ACTOR=username GITHUB_TOKEN=token ./gradlew publish ``` @@ -89,40 +104,49 @@ GITHUB_ACTOR=username GITHUB_TOKEN=token ./gradlew publish The `mavenPublishing` block in `build.gradle` supports different publishing modes: ### CENTRAL_PORTAL (Current) + ```groovy publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL) ``` -Uses the new Maven Central Portal API at `central.sonatype.com`. This is the current recommended method as Sonatype has deprecated the legacy OSSRH system. + +Uses the new Maven Central Portal API at `central.sonatype.com`. This is the current recommended method as Sonatype has +deprecated the legacy OSSRH system. ### S01 (Legacy OSSRH) + ```groovy publishToMavenCentral(SonatypeHost.S01) ``` + Uses the legacy Sonatype OSSRH at `s01.oss.sonatype.org`. This method is deprecated and may stop working. ### DEFAULT (Legacy OSSRH) + ```groovy publishToMavenCentral(SonatypeHost.DEFAULT) ``` + Uses the original Sonatype OSSRH at `oss.sonatype.org`. This is for older projects and is deprecated. ## Gradle Tasks -| Task | Description | -|------|-------------| -| `publishToMavenLocal` | Publish to local Maven cache (~/.m2) | -| `publishToMavenCentral` | Upload to Central Portal (staging) | -| `publishAndReleaseToMavenCentral` | Upload and release to Maven Central | -| `publish` | Publish to all configured repositories (GitHub Packages) | +| Task | Description | +|-----------------------------------|----------------------------------------------------------| +| `publishToMavenLocal` | Publish to local Maven cache (~/.m2) | +| `publishToMavenCentral` | Upload to Central Portal (staging) | +| `publishAndReleaseToMavenCentral` | Upload and release to Maven Central | +| `publish` | Publish to all configured repositories (GitHub Packages) | ## Versioning Version is automatically determined by the `com.palantir.git-version` plugin based on git tags: + - Tagged commit: `2.2.0` - Commits after tag: `2.2.0-1-gabcdef` - Dirty working directory: `2.2.0-1-gabcdef.dirty` To release a new version: + ```bash git tag 2.3.0 git push origin 2.3.0 @@ -131,14 +155,17 @@ git push origin 2.3.0 ## Troubleshooting ### 403 Forbidden + - Credentials may be invalid or expired - Regenerate token at Central Portal ### Signature Verification Failed + - GPG key may be malformed - Ensure key is base64 encoded without line breaks ### Version Already Exists + - Maven Central doesn't allow overwriting versions - Bump the version and try again From 06b48f9e71f69abb2aceaec3b29aee5bf61e9ce6 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 21:57:43 +0200 Subject: [PATCH 08/19] Fix Gradle 8.x task dependency and duplicate artifact issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add task dependency fix for plainJavadocJar -> generateMetadataFileForMavenPublication - Remove duplicate withSourcesJar/withJavadocJar (handled by vanniktech plugin) - Add -PskipSigning flag for local testing without GPG keys - Update PUBLISHING.md with skipSigning documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- PUBLISHING.md | 4 +++- build.gradle | 18 ++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index b2ac890..f88dc0d 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -62,11 +62,13 @@ The workflow (`.github/workflows/publish.yaml`) handles: Test artifact generation without uploading: ```bash -./gradlew publishToMavenLocal +./gradlew publishToMavenLocal -PskipSigning ``` Artifacts are published to `~/.m2/repository/io/permit/permit-sdk-java/` +Note: Use `-PskipSigning` for local testing without GPG keys. This flag is not available for Maven Central publishing (signing is required). + #### Publish to Maven Central (Staging Only) Upload to Central Portal without releasing: diff --git a/build.gradle b/build.gradle index fa3f58a..e39132d 100644 --- a/build.gradle +++ b/build.gradle @@ -37,10 +37,7 @@ java { toolchain { languageVersion = JavaLanguageVersion.of(8) } - // sources are required by maven central in order to accept the package - withSourcesJar() - // javadoc jar is required by maven central in order to accept the package - withJavadocJar() + // Note: sources and javadoc JARs are created by the vanniktech maven-publish plugin } // package dependencies @@ -152,8 +149,11 @@ mavenPublishing { // Publish to Maven Central Portal (new system replacing OSSRH) publishToMavenCentral(com.vanniktech.maven.publish.SonatypeHost.CENTRAL_PORTAL) - // Sign all publications with GPG - signAllPublications() + // Sign all publications with GPG (required for Maven Central) + // For local testing without GPG, use: ./gradlew publishToMavenLocal -PskipSigning + if (!project.hasProperty('skipSigning')) { + signAllPublications() + } // Artifact coordinates coordinates("io.permit", "permit-sdk-java", version.toString()) @@ -218,3 +218,9 @@ tasks.named('jar') { attributes('Implementation-Title': project.name, 'Implementation-Version': project.version) } } + +// Fix Gradle 8.x task dependency validation issue with vanniktech plugin +// The plainJavadocJar task must run before generateMetadataFileForMavenPublication +tasks.withType(GenerateModuleMetadata).configureEach { + dependsOn tasks.matching { it.name == 'plainJavadocJar' } +} From 7126c2f2bb20438c4b4116e2a2ae3effe7c23f08 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 22:04:54 +0200 Subject: [PATCH 09/19] fmt --- PUBLISHING.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index f88dc0d..0c526a2 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -67,7 +67,8 @@ Test artifact generation without uploading: Artifacts are published to `~/.m2/repository/io/permit/permit-sdk-java/` -Note: Use `-PskipSigning` for local testing without GPG keys. This flag is not available for Maven Central publishing (signing is required). +Note: Use `-PskipSigning` for local testing without GPG keys. This flag is not available for Maven Central publishing ( +signing is required). #### Publish to Maven Central (Staging Only) From 8fa704f58d0829601bd229da66eea77728e76f53 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 22:08:06 +0200 Subject: [PATCH 10/19] Add detailed GPG key generation instructions to PUBLISHING.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- PUBLISHING.md | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index 0c526a2..e789985 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -19,16 +19,45 @@ The SDK is published to two repositories: ### GPG Signing Key -Maven Central requires all artifacts to be signed with GPG: +Maven Central requires all artifacts to be signed with GPG. + +#### Generate a new key (if you don't have one) ```bash -# Generate a key (if you don't have one) gpg --full-generate-key +``` + +When prompted: +1. **Key type**: Select `1` (RSA and RSA) +2. **Key size**: Enter `4096` +3. **Expiration**: Enter `0` (doesn't expire) or set a reasonable expiration +4. **Name and email**: Use the same email as your Maven Central account +5. **Passphrase**: Set a strong passphrase (this is your `signingInMemoryKeyPassword`) + +#### List your keys + +```bash +gpg --list-secret-keys --keyid-format LONG +``` + +#### Export the private key -# Export the private key (base64 encoded for CI) +For local use: +```bash +gpg --armor --export-secret-keys YOUR_KEY_ID > key.asc +``` + +For CI/CD (base64 encoded): +```bash gpg --armor --export-secret-keys YOUR_KEY_ID | base64 ``` +#### Publish your public key (required for Maven Central verification) + +```bash +gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID +``` + ## GitHub Secrets Configure these secrets in your GitHub repository: From eaa3aa65072b70067b188bcb061d6e230bf866f4 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 22:43:19 +0200 Subject: [PATCH 11/19] wip --- .gitignore | 1 + PUBLISHING.md | 29 +++++++++++++++++------------ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 9b21127..f9b596c 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ build # Ignore stg schemas stg-schemas/ bin +/key.asc diff --git a/PUBLISHING.md b/PUBLISHING.md index e789985..cdbb6a7 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -20,6 +20,7 @@ The SDK is published to two repositories: ### GPG Signing Key Maven Central requires all artifacts to be signed with GPG. +[For more info see here.](https://central.sonatype.org/publish/requirements/gpg/) #### Generate a new key (if you don't have one) @@ -28,6 +29,7 @@ gpg --full-generate-key ``` When prompted: + 1. **Key type**: Select `1` (RSA and RSA) 2. **Key size**: Enter `4096` 3. **Expiration**: Enter `0` (doesn't expire) or set a reasonable expiration @@ -43,11 +45,13 @@ gpg --list-secret-keys --keyid-format LONG #### Export the private key For local use: + ```bash gpg --armor --export-secret-keys YOUR_KEY_ID > key.asc ``` For CI/CD (base64 encoded): + ```bash gpg --armor --export-secret-keys YOUR_KEY_ID | base64 ``` @@ -56,18 +60,19 @@ gpg --armor --export-secret-keys YOUR_KEY_ID | base64 ```bash gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID +# Note: in case you are getting "no route to host" error, ping this server and use the IP. ``` ## GitHub Secrets Configure these secrets in your GitHub repository: -| Secret | Description | -|--------------------------|------------------------------------| -| `MAVEN_CENTRAL_USERNAME` | Username from Central Portal token | -| `MAVEN_CENTRAL_PASSWORD` | Password from Central Portal token | -| `GPG_SIGNING_KEY` | Base64-encoded GPG private key | -| `GPG_SIGNING_PASSPHRASE` | Passphrase for the GPG key | +| Secret | Description | +|--------------------------|--------------------------------------------------------| +| `MAVEN_CENTRAL_USERNAME` | Username from Central Portal TOKEN (not the user) | +| `MAVEN_CENTRAL_PASSWORD` | Password from Central Portal TOKEN (not user password) | +| `GPG_SIGNING_KEY` | Base64-encoded GPG private key | +| `GPG_SIGNING_PASSPHRASE` | Passphrase for the GPG key | ## Publishing Methods @@ -105,10 +110,10 @@ Upload to Central Portal without releasing: ```bash ./gradlew publishToMavenCentral \ - -PmavenCentralUsername=USERNAME \ - -PmavenCentralPassword=PASSWORD \ + -PmavenCentralUsername=TOKEN_USERNAME \ + -PmavenCentralPassword=TOKEN_PASSWORD \ -PsigningInMemoryKey="$(cat key.asc)" \ - -PsigningInMemoryKeyPassword=PASSPHRASE + -PsigningInMemoryKeyPassword=KEY_PASSPHRASE ``` Review at [Central Portal Deployments](https://central.sonatype.com/publishing/deployments) @@ -119,10 +124,10 @@ Full publish with automatic release: ```bash ./gradlew publishAndReleaseToMavenCentral \ - -PmavenCentralUsername=USERNAME \ - -PmavenCentralPassword=PASSWORD \ + -PmavenCentralUsername=TOKEN_USERNAME \ + -PmavenCentralPassword=TOKEN_PASSWORD \ -PsigningInMemoryKey="$(cat key.asc)" \ - -PsigningInMemoryKeyPassword=PASSPHRASE + -PsigningInMemoryKeyPassword=KEY_PASSPHRASE ``` #### Publish to GitHub Packages From 3c1d1810192b2700caf4394da17a12cf28c1f64c Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 22:45:53 +0200 Subject: [PATCH 12/19] Remove legacy OSSRH publishing references MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove S01 and DEFAULT publishing types from PUBLISHING.md - Update build.gradle comments to reference maven-publish plugin 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- PUBLISHING.md | 29 ----------------------------- build.gradle | 4 ++-- 2 files changed, 2 insertions(+), 31 deletions(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index cdbb6a7..59f36b7 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -136,35 +136,6 @@ Full publish with automatic release: GITHUB_ACTOR=username GITHUB_TOKEN=token ./gradlew publish ``` -## Publishing Types - -The `mavenPublishing` block in `build.gradle` supports different publishing modes: - -### CENTRAL_PORTAL (Current) - -```groovy -publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL) -``` - -Uses the new Maven Central Portal API at `central.sonatype.com`. This is the current recommended method as Sonatype has -deprecated the legacy OSSRH system. - -### S01 (Legacy OSSRH) - -```groovy -publishToMavenCentral(SonatypeHost.S01) -``` - -Uses the legacy Sonatype OSSRH at `s01.oss.sonatype.org`. This method is deprecated and may stop working. - -### DEFAULT (Legacy OSSRH) - -```groovy -publishToMavenCentral(SonatypeHost.DEFAULT) -``` - -Uses the original Sonatype OSSRH at `oss.sonatype.org`. This is for older projects and is deprecated. - ## Gradle Tasks | Task | Description | diff --git a/build.gradle b/build.gradle index e39132d..3f8cae4 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ plugins { } // It is important to set the group and the version to the root project -// so the nexus-publish plugin can detect if it is a snapshot version +// so the maven-publish plugin can detect if it is a snapshot version // or not in order to select the correct repository where artifacts will // be published group = 'io.permit' @@ -146,7 +146,7 @@ dependencies { // Maven Central Portal publishing configuration // See: https://vanniktech.github.io/gradle-maven-publish-plugin/central/ mavenPublishing { - // Publish to Maven Central Portal (new system replacing OSSRH) + // Publish to Maven Central Portal publishToMavenCentral(com.vanniktech.maven.publish.SonatypeHost.CENTRAL_PORTAL) // Sign all publications with GPG (required for Maven Central) From 5f656530c84324ee92ef045b134cdaa0dc01531c Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 22:51:33 +0200 Subject: [PATCH 13/19] Update README with version range and latest javadoc links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use 2.2.+ version range to auto-select latest patch version - Link to Maven Central for explicit version lookup - Update Javadoc URLs to use /latest/ path 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8547414..0e90a66 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ For [Maven](https://maven.apache.org/) projects, use: io.permit permit-sdk-java - 2.0.0 + 2.2.+ ``` @@ -25,10 +25,12 @@ For [Gradle](https://gradle.org/) projects, configure `permit-sdk-java` as a dep dependencies { // ... - implementation 'io.permit:permit-sdk-java:2.0.0' + implementation 'io.permit:permit-sdk-java:2.2.+' } ``` +> **Note**: The `2.2.+` version range automatically selects the latest patch version. For explicit versions, check [Maven Central](https://central.sonatype.com/artifact/io.permit/permit-sdk-java). + ## Usage ### Initializing the SDK @@ -149,6 +151,6 @@ CreateOrUpdateResult result = permit.api.users.sync(new UserCreate("[U ## Javadoc reference -To view the javadoc reference, [click here](https://javadoc.io/doc/io.permit/permit-sdk-java/2.0.0/index.html). +To view the javadoc reference, [click here](https://javadoc.io/doc/io.permit/permit-sdk-java/latest/index.html). -It's easiest to start with the root [Permit](https://javadoc.io/static/io.permit/permit-sdk-java/2.0.0/io/permit/sdk/Permit.html) class. +It's easiest to start with the root [Permit](https://javadoc.io/doc/io.permit/permit-sdk-java/latest/io/permit/sdk/Permit.html) class. From 3495d4dce28ee0b028685c4cc93b2dfa330b1b5a Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 23:02:10 +0200 Subject: [PATCH 14/19] Update PUBLISHING.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- PUBLISHING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index 59f36b7..bcd41b4 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -60,7 +60,7 @@ gpg --armor --export-secret-keys YOUR_KEY_ID | base64 ```bash gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID -# Note: in case you are getting "no route to host" error, ping this server and use the IP. +# Note: if you get a "no route to host" error, try an alternative keyserver such as keys.openpgp.org or pgp.mit.edu. ``` ## GitHub Secrets From d4a0755259cc286b7c5d5ba225f67d90516a76b1 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 23:02:57 +0200 Subject: [PATCH 15/19] Update PUBLISHING.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- PUBLISHING.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/PUBLISHING.md b/PUBLISHING.md index bcd41b4..882e1ca 100644 --- a/PUBLISHING.md +++ b/PUBLISHING.md @@ -101,8 +101,7 @@ Test artifact generation without uploading: Artifacts are published to `~/.m2/repository/io/permit/permit-sdk-java/` -Note: Use `-PskipSigning` for local testing without GPG keys. This flag is not available for Maven Central publishing ( -signing is required). +Note: Use `-PskipSigning` for local testing without GPG keys. This flag is not available for Maven Central publishing (signing is required). #### Publish to Maven Central (Staging Only) From d2787f6f9269f9fc86d8a5ff43726120d997429e Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 23:03:56 +0200 Subject: [PATCH 16/19] wip --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0e90a66..aa3039e 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ For [Maven](https://maven.apache.org/) projects, use: io.permit permit-sdk-java - 2.2.+ + 2.2.2 ``` @@ -25,12 +25,10 @@ For [Gradle](https://gradle.org/) projects, configure `permit-sdk-java` as a dep dependencies { // ... - implementation 'io.permit:permit-sdk-java:2.2.+' + implementation 'io.permit:permit-sdk-java:2.2.2' } ``` -> **Note**: The `2.2.+` version range automatically selects the latest patch version. For explicit versions, check [Maven Central](https://central.sonatype.com/artifact/io.permit/permit-sdk-java). - ## Usage ### Initializing the SDK From 8b8231c1b108188dd85f41c08d23010c2c9e1770 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 23:10:27 +0200 Subject: [PATCH 17/19] wip --- .github/workflows/publish.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 1b460b2..d9eb08f 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -40,7 +40,8 @@ jobs: - name: Publish to Maven Central run: ./gradlew publishAndReleaseToMavenCentral env: - ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }} - ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} + # The "OSSRH_*" varaibles were created before this project migrated to Maven Central. + ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }} + ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }} ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY }} ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SIGNING_PASSPHRASE }} From 4cd0db52486783ae92af8f6f497a2a317d1bf1b1 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 23:16:20 +0200 Subject: [PATCH 18/19] Use NEXUS_TOKEN secrets for Maven Central publishing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The NEXUS_TOKEN_* secrets contain the Central Portal token credentials. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .github/workflows/publish.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index d9eb08f..9440971 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -40,8 +40,7 @@ jobs: - name: Publish to Maven Central run: ./gradlew publishAndReleaseToMavenCentral env: - # The "OSSRH_*" varaibles were created before this project migrated to Maven Central. - ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }} - ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }} + ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.NEXUS_TOKEN_USERNAME }} + ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.NEXUS_TOKEN_PASSWORD }} ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY }} ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SIGNING_PASSPHRASE }} From 309c591743217c14a2959b66b7fe273c86631485 Mon Sep 17 00:00:00 2001 From: Zeev Manilovich Date: Sun, 4 Jan 2026 23:21:13 +0200 Subject: [PATCH 19/19] wip --- .github/workflows/publish.yaml | 2 + build.gradle | 68 ---------------------------------- 2 files changed, 2 insertions(+), 68 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 9440971..853f1bd 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -40,6 +40,8 @@ jobs: - name: Publish to Maven Central run: ./gradlew publishAndReleaseToMavenCentral env: + # Nexus tokens were generated before we migrated to the new Maven Central, + # it's backward compatible. ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.NEXUS_TOKEN_USERNAME }} ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.NEXUS_TOKEN_PASSWORD }} ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY }} diff --git a/build.gradle b/build.gradle index 3f8cae4..917ee97 100644 --- a/build.gradle +++ b/build.gradle @@ -75,74 +75,6 @@ dependencies { } -//jsonSchema2Pojo { -// // Location of the JSON Schema file(s). This may refer to a single file or a directory of files. -// source = files("schemas/") -// -// // Target directory for generated Java source files. The plugin will add this directory to the -// // java source set so the compiler will find and compile the newly generated source files. -// targetDirectory = file("src/main/java") -// -// // Package name used for generated Java classes (for types where a fully qualified name has not -// // been supplied in the schema using the 'javaType' property). -// targetPackage = 'io.permit.sdk.openapi.models' -// -// // Whether to allow 'additional' properties to be supported in classes by adding a map to -// // hold these. This is true by default, meaning that the schema rule 'additionalProperties' -// // controls whether the map is added. Set this to false to globally disable additional properties. -// includeAdditionalProperties = false -// -// // Whether to include a javax.annotation.Generated (Java 8 and lower) or -// // javax.annotation.processing.Generated (Java 9+) in on generated types (default true). -// // See also: targetVersion. -// includeGeneratedAnnotation = true -// -// // Whether to use the 'title' property of the schema to decide the class name (if not -// // set to true, the filename and property names are used). -// useTitleAsClassname = true -// -// // Whether to empty the target directory before generation occurs, to clear out all source files -// // that have been generated previously. Be warned, when activated this option -// // will cause jsonschema2pojo to indiscriminately delete the entire contents of the target -// // directory (all files and folders) before it begins generating sources. -// removeOldOutput = false -// -// // Whether to generate builder-style methods of the form withXxx(value) (that return this), -// // alongside the standard, void-return setters. -// generateBuilders = true -// -// // If set to true, then the gang of four builder pattern will be used to generate builders on -// // generated classes. Note: This property works in collaboration with generateBuilders. -// // If generateBuilders is false then this property will not do anything. -// useInnerClassBuilders = false -// -// // Whether to include hashCode and equals methods in generated Java types. -// includeHashcodeAndEquals = false -// -// // Whether to include a toString method in generated Java types. -// includeToString = false -// -// // Whether to include getters or to omit these accessor methods and create public fields instead. -// includeGetters = false -// -// // Whether to include setters or to omit these accessor methods and create public fields instead. -// includeSetters = false -// -// // Whether to use java.util.Optional for getters on properties that are not required -// useOptionalForGetters = true -// -// // Whether to generate constructors or not. -// includeConstructors = true -// -// // Whether to include only 'required' fields in generated constructors -// constructorsRequiredPropertiesOnly = true -// -// annotationStyle = 'gson' -// -// // Whether to initialize Set and List fields as empty collections, or leave them as null. -// initializeCollections = false -//} - // Maven Central Portal publishing configuration // See: https://vanniktech.github.io/gradle-maven-publish-plugin/central/ mavenPublishing {