Automate Maven Central release with Gradle signing and GitHub Actions

[Copilot]

Implements complete Maven Central publishing workflow for RosettaNet Jakarta JAXB artifacts, addressing the lack of documented release automation and credential management.

Changes

Gradle Configuration (build.gradle)

• Added signing plugin with conditional GPG signing (skips when credentials absent)
• Configured OSSRH repository with snapshot/release URL routing
• Enhanced POM with developers section for Maven Central requirements

signing {
    def signingKey = project.findProperty("signingKey") ?: System.getenv("SIGNING_KEY")
    def signingPassword = project.findProperty("signingPassword") ?: System.getenv("SIGNING_PASSWORD")
    
    if (signingKey && signingPassword) {
        useInMemoryPgpKeys(signingKey, signingPassword)
        sign publishing.publications.mavenJava
    }
    required { gradle.taskGraph.hasTask("publish") }
}

Release Documentation (RELEASE.md)

• Prerequisites: OSSRH account setup, GPG key generation and keyserver publication
• Secrets management: Environment variables and Gradle properties for OSSRH_USERNAME, OSSRH_PASSWORD, SIGNING_KEY, SIGNING_PASSWORD
• Validation workflow: publishToMavenLocal → signature verification → OSSRH staging → close/release
• Troubleshooting: 10+ common issues (401 auth failures, signature verification, missing metadata)
• OSSRH staging workflow: Close staging repository → validation → release to Maven Central

CI/CD Automation

• .github/workflows/release.yml: Tag-triggered or manual release workflow with version validation, test execution, OSSRH publishing, GitHub release creation
• .github/workflows/build.yml: PR/branch CI with build validation and local Maven publishing test

Quick Reference (issues/3.md)

• Agent checklist for prerequisites and validation commands
• Common issues with solutions
• Local vs. automated release comparison

Key Features

Conditional signing: Local development works without GPG keys; signing enforced only for publish task
Version routing: Snapshots → snapshots repository, releases → staging repository
Security: Minimal workflow permissions, in-memory PGP key handling, no credentials in version control

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Automate Maven Central Release for RosettaNet Jakarta JAXB</issue_title>
<issue_description>

Automate Maven Central Release for RosettaNet Jakarta JAXB

--
 

Summary

Document and automate a repeatable workflow that allows agents to publish the RosettaNet Jakarta JAXB artifacts to Maven Central without manual intervention.
 

Background

The project currently produces RosettaNet Jakarta JAXB bindings but lacks a documented path for shipping them to Maven Central. Missing guidance around Gradle configuration, credentials, signing, and staging makes it difficult for agents to execute reliable releases.
 

Requirements

• Describe the Gradle configuration that is required to publish artifacts, including plugins, publishing and signing blocks, versioning strategy, and artifact metadata.
• List the secrets that must be provisioned both locally and in CI (OSSRH_USERNAME, OSSRH_PASSWORD, SIGNING_KEY, SIGNING_PASSWORD, etc.) and explain how agents should configure them.
• Provide validation steps (for example ./gradlew publishToMavenLocal, integration tests, signature verification) that must be completed before a release.
• Outline how to stage a release with OSSRH, close and promote the staging repository, and verify that components appear on Maven Central.
• Include rollback and troubleshooting guidance for common problems such as credential failures, signature mismatches, or rejected staging repositories.
• Recommend CI automation (e.g., GitHub Actions) that coordinates version tagging, signing, artifact upload, and release approvals.
   

Acceptance Criteria

• Issue contains a checklist that an agent can follow to complete a release from start to finish.
• All referenced Gradle tasks, plugins, and OSSRH endpoints are accurate for the current toolchain.
• Automation guidance includes trigger conditions, environment variables, and safety checks to prevent accidental releases.
• Reviewers can confirm that both local and CI release scenarios are fully documented.
   

Resources

• OSSRH Guide
• Gradle Publishing Documentation
• Gradle Signing Plugin

</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Automate Maven Central Release for RosettaNet Jakarta JAXB #2

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull Request Overview

This PR implements comprehensive Maven Central release automation for the RosettaNet Jakarta JAXB project. The solution enables both manual and automated releases through GitHub Actions, with proper signing, credential management, and validation.

Key Changes:

• Added signing plugin and OSSRH repository configuration to build.gradle for Maven Central publishing
• Created extensive 855-line RELEASE.md documentation covering setup, release processes, validation, and troubleshooting
• Implemented GitHub Actions workflows for automated releases (release.yml) and CI builds (build.yml)

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
issues/3.md	Quick reference guide documenting the resolution of Maven Central release automation with checklists and implementation status
build.gradle	Added signing plugin, OSSRH repositories configuration, developers section in POM, and conditional signing based on credential availability
RELEASE.md	Comprehensive documentation for Maven Central publishing covering prerequisites, configuration, local/CI processes, validation, staging, and troubleshooting
README.md	Added Publishing to Maven Central section with link to RELEASE.md
.github/workflows/release.yml	Automated release workflow triggered by tags or manual dispatch, with version validation, testing, and artifact publishing
.github/workflows/build.yml	CI workflow for PRs and branches with build validation, testing, and artifact upload

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The -w 0 flag for base64 encoding is Linux-specific and will not work on macOS. On macOS, the equivalent is base64 -i private-key.asc -o private-key.base64 or base64 < private-key.asc without the -w flag. Consider adding a note about platform differences or providing both command variants.

Suggested change

	# Convert to base64 for use as SIGNING_KEY secret
	cat private-key.asc | base64 -w 0 > private-key.base64
	# Upload public key to keyserver
	gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID
	```
	# Convert to base64 for use as SIGNING_KEY secret
	# Linux:
	cat private-key.asc | base64 -w 0 > private-key.base64
	# macOS:
	base64 < private-key.asc > private-key.base64
	# Upload public key to keyserver
	gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID

Note: The -w 0 flag for base64 is only available on Linux. On macOS, use base64 < private-key.asc > private-key.base64 instead.