Built by Maven

Releasing

Releases publish to Maven Central from CI: you run one command locally, then approve the deploy in GitHub Actions. Driven by maven-release-plugin (parent POM) and release.yml.

Prerequisites (one-time)

  • Repo secrets: CENTRAL_USERNAME, CENTRAL_TOKEN, GPG_PRIVATE_KEY, GPG_PASSPHRASE.
  • A release GitHub environment with yourself as a required reviewer — this is the approval gate before publish.
  • Docker running locally: release:prepare runs verify, which includes the archetype integration test.

Snapshot deployment

Every successful main build deploys the -SNAPSHOT to Maven Central via deploy-snapshot.yml. No action needed.

Releasing

  1. Run release:prepare locally. It runs clean verify, strips -SNAPSHOT, commits the release version, tags v<version>, bumps to the next snapshot, and pushes the commits and tag automatically (pushChanges defaults to true):
    .\mvnw.cmd release:prepare

    Prompts for the release version, tag (v<version>), and next development version; the defaults are usually right.

  2. The pushed v* tag triggers release.yml, which waits for your approval on the release environment. Approve the run in the Actions tab. It then deploys with -Prelease (GPG-signed, sources + javadoc) and auto-publishes to Central. Tests are not re-run (-DskipTests -Darchetype.test.skip=true); release:prepare already verified them.
  3. Confirm the artifacts under io.github.database-audits:database-audits-spring-boot-integration (and …-archetype). main now carries the next -SNAPSHOT, and publish-docs.yml redeploys the site after the following main build.

Aborting

Because release:prepare pushes immediately, the approval gate is the stop point: reject the pending release deployment in the Actions tab so nothing publishes, then drop what prepare pushed — delete the remote tag (git push --delete origin v<version>) and revert the two release commits on main. (release:rollback only helps if a prepare fails before it pushes.)