add publishing job to automatically publish releases to maven central (!5) · Merge requests · GitLab.org / security-products / analyzers / gemnasium-maven-plugin

Hannes Rosenögger requested to merge haynes/gemnasium-maven-plugin:maven_central_builds into master Nov 15, 2019

This MR adds all necessary changes to automatically publish new releases to maven central.
Once configured correctly, a new version will be released to maven central for every tag you create.

The version will always equal the tag name to prevent accidental overwrites.
If you want to release a snapshot version to test things make sure the tag name ends with -SNAPSHOT for example 0.4.0-SNAPSHOT.
Maven will automatically publish it to the snapshot repository instead of the releases repository.

To set this up you will need to configure 4 secret variables:

Keyy	Value
OSSRH_USER	the username used to login to oss.sonatype.org (can be the user value of an access token as well)
OSSRH_PWD	the password used to login to oss.sonatype.org (can be the password value of an access token as well)
GPG_PASSPHRASE	The passphrase for the private gpg key
GPG_PRIVATE_KEY	The private gpg key

The gpg key can be a newly created key. Only requirement is, that the public key is published to a keyserver.
See this link for how to do that.
https://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key
Keep in mind that it can take a few hours to propagate the key to the different keyservers after you publish it.

closes #5

/cc @gonzoyumo @fcatteau

add publishing job to automatically publish releases to maven central

Merge request reports