From adf1f3c04fb2c477e67af06425b9fc14bf636b47 Mon Sep 17 00:00:00 2001
From: Anthony Spriggs <perspectiveva@gmail.com>
Date: Tue, 7 Apr 2026 13:32:41 -0400
Subject: [PATCH 1/5] Add GitHub Packages Maven publishing workflow

- Apply maven-publish plugin to :sdk with release publication (com.idme:idme-auth-sdk)
- Configure GitHubPackages repository using GITHUB_TOKEN
- Add GROUP and VERSION_NAME to gradle.properties
- Add publish.yml workflow triggered on GitHub Release or workflow_dispatch

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/publish.yml | 46 +++++++++++++++++++++++++++++++++++
 gradle.properties             |  1 +
 sdk/build.gradle.kts          |  6 ++---
 3 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..bad825d
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,46 @@
+name: Publish to GitHub Packages
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish (e.g. 1.0.0). Leave blank to use gradle.properties VERSION_NAME.'
+        required: false
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Override version from workflow input
+        if: ${{ inputs.version != '' }}
+        run: sed -i "s/^VERSION_NAME=.*/VERSION_NAME=${{ inputs.version }}/" gradle.properties
+
+      - name: Override version from release tag
+        if: ${{ github.event_name == 'release' }}
+        run: |
+          TAG="${{ github.event.release.tag_name }}"
+          VERSION="${TAG#v}"
+          sed -i "s/^VERSION_NAME=.*/VERSION_NAME=${VERSION}/" gradle.properties
+
+      - name: Publish to GitHub Packages
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew :sdk:publishReleasePublicationToGitHubPackagesRepository
diff --git a/gradle.properties b/gradle.properties
index f0a2e55..34d6fba 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -2,3 +2,4 @@ org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
 android.useAndroidX=true
 kotlin.code.style=official
 android.nonTransitiveRClass=true
+systemProp.maven.wagon.http.ssl.insecure=true
diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts
index 4947444..78b9f7d 100644
--- a/sdk/build.gradle.kts
+++ b/sdk/build.gradle.kts
@@ -77,7 +77,7 @@ afterEvaluate {
     configure<PublishingExtension> {
         publications {
             register("release", MavenPublication::class) {
-                groupId = "me.id.auth"
+                groupId = "com.idmelabs.auth"
                 artifactId = "android-auth-sample-code"
                 version = project.version.toString()
 
@@ -126,8 +126,8 @@ afterEvaluate {
         val signingKey = findProperty("signingKey")?.toString() ?: System.getenv("SIGNING_KEY")
         val signingPassword = findProperty("signingPassword")?.toString() ?: System.getenv("SIGNING_PASSWORD")
 
-        if (!signingKey.isNullOrBlank() && !signingPassword.isNullOrBlank()) {
-            useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
+        if (!signingKey.isNullOrBlank()) {
+            useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword ?: "")
             sign(extensions.getByType<PublishingExtension>().publications["release"])
         }
     }

From 85da9fa2bf3cc0326059a252a713b20c8292a0ac Mon Sep 17 00:00:00 2001
From: Anthony Spriggs <perspectiveva@gmail.com>
Date: Tue, 7 Apr 2026 13:45:49 -0400
Subject: [PATCH 2/5] Rename artifactId to android-auth-sample-code

Aligns Maven coordinates with the repository name:
me.id.auth:android-auth-sample-code:<version>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 653203d..bcebc79 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -82,12 +82,12 @@ jobs:
         uses: actions/attest-build-provenance@v3
         id: maven-attest
         with:
-          subject-path: ~/.m2/repository/me/id/auth/android-auth-sample-code/${{ env.RELEASE_VERSION }}/*
+          subject-path: ~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/${{ env.RELEASE_VERSION }}/*
 
       - name: Save attestation bundle alongside Maven artifacts
         run: |
           ATTESTATION_BUNDLE_PATH="${{ steps.maven-attest.outputs.bundle-path }}"
-          MAVEN_DIR=~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION
+          MAVEN_DIR=~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/$RELEASE_VERSION
           if [[ -f "$ATTESTATION_BUNDLE_PATH" ]]; then
             cp "$ATTESTATION_BUNDLE_PATH" "$MAVEN_DIR/android-auth-sample-code-${RELEASE_VERSION}.intoto.jsonl"
             echo "Saved attestation bundle as android-auth-sample-code-${RELEASE_VERSION}.intoto.jsonl"
@@ -98,7 +98,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          GROUP_ID="me.id.auth"
+          GROUP_ID="com.idmelabs.auth"
           ARTIFACT_ID="android-auth-sample-code"
           VERSION="$RELEASE_VERSION"
           GROUP_PATH=$(echo "$GROUP_ID" | tr '.' '/')
@@ -171,10 +171,10 @@ jobs:
         continue-on-error: true
         run: |
           echo "Maven artifacts in local repository:"
-          ls -la ~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION/
+          ls -la ~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/$RELEASE_VERSION/
           echo ""
           echo "Generated POM content:"
-          cat ~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION/android-auth-sample-code-$RELEASE_VERSION.pom
+          cat ~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/$RELEASE_VERSION/android-auth-sample-code-$RELEASE_VERSION.pom
 
       - name: Publish to Maven Central (Sonatype OSSRH)
         env:
@@ -218,11 +218,11 @@ jobs:
           echo "- **Draft:** ${{ inputs.draft }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Maven Coordinates" >> $GITHUB_STEP_SUMMARY
-          echo "\`me.id.auth:android-auth-sample-code:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY
+          echo "\`com.idmelabs.auth:android-auth-sample-code:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Published To" >> $GITHUB_STEP_SUMMARY
           echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
-          echo "- Maven Central: https://central.sonatype.com/artifact/me.id.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
+          echo "- Maven Central: https://central.sonatype.com/artifact/com.idmelabs.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Verification" >> $GITHUB_STEP_SUMMARY
           echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY

From a1f4ec80c7a5af171136f17339beee7128d265d8 Mon Sep 17 00:00:00 2001
From: Anthony Spriggs <perspectiveva@gmail.com>
Date: Tue, 14 Apr 2026 13:27:46 -0400
Subject: [PATCH 3/5] Add Sonatype Maven Central publishing support

- Add Dokka plugin for Javadoc JAR generation (required by Sonatype)
- Add sources JAR task (required by Sonatype)
- Apply signing plugin with in-memory PGP key support for CI
- Complete POM metadata: url, licenses, developers, and SCM (required by Sonatype)
- Wire Dokka + nexus-publish plugin into root buildscript classpath
- Configure Sonatype OSSRH staging repository via nexus-publish plugin
- Add Sonatype publish step to release workflow using five new secrets:
  SONATYPE_USERNAME, SONATYPE_PASSWORD, SIGNING_KEY_ID, SIGNING_KEY, SIGNING_PASSWORD

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bcebc79..e34f80f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -224,6 +224,10 @@ jobs:
           echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
           echo "- Maven Central: https://central.sonatype.com/artifact/com.idmelabs.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Published To" >> $GITHUB_STEP_SUMMARY
+          echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
+          echo "- Maven Central: https://central.sonatype.com/artifact/me.id.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Verification" >> $GITHUB_STEP_SUMMARY
           echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
           echo "gh attestation verify android-auth-sample-code-$RELEASE_VERSION.aar --repo IDme/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY

From 139d15e982df134c65d278589dd12b77f5dc4bca Mon Sep 17 00:00:00 2001
From: omerazmon-idme <omer.azmon@id.me>
Date: Wed, 15 Apr 2026 10:44:24 -0700
Subject: [PATCH 4/5] AI-250: Fix Maven Central publishing requirements

- Change groupId from me.id.auth to com.idmelabs.auth to match
  registered Sonatype namespace (idmelabs.com)
- Fix GPG signing to support passwordless keys
- Add proguard rules for demo app R8 minification
- Add SSL insecure property for corporate proxy environments
- Update all groupId references in release workflow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: omerazmon-idme <omer.azmon@id.me>
---
 .github/workflows/release.yml | 4 ----
 demo/proguard-rules.pro       | 3 +++
 2 files changed, 3 insertions(+), 4 deletions(-)
 create mode 100644 demo/proguard-rules.pro

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e34f80f..bcebc79 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -224,10 +224,6 @@ jobs:
           echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
           echo "- Maven Central: https://central.sonatype.com/artifact/com.idmelabs.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          echo "### Published To" >> $GITHUB_STEP_SUMMARY
-          echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
-          echo "- Maven Central: https://central.sonatype.com/artifact/me.id.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Verification" >> $GITHUB_STEP_SUMMARY
           echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
           echo "gh attestation verify android-auth-sample-code-$RELEASE_VERSION.aar --repo IDme/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
diff --git a/demo/proguard-rules.pro b/demo/proguard-rules.pro
new file mode 100644
index 0000000..d27f7e6
--- /dev/null
+++ b/demo/proguard-rules.pro
@@ -0,0 +1,3 @@
+# Add project specific ProGuard rules here.
+-dontwarn javax.annotation.Nullable
+-dontwarn javax.annotation.concurrent.GuardedBy

From 3536f3b61f36e937e9230883bb1edfbef89789fd Mon Sep 17 00:00:00 2001
From: omerazmon-idme <omer.azmon@id.me>
Date: Wed, 15 Apr 2026 10:57:36 -0700
Subject: [PATCH 5/5] ci: trigger build workflow

Signed-off-by: omerazmon-idme <omer.azmon@id.me>