AI-250: Maven Central publishing with Sonatype requirements

.github/workflows/publish.yml

@@ -0,0 +1,46 @@
+name: Publish to GitHub Packages
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish (e.g. 1.0.0). Leave blank to use gradle.properties VERSION_NAME.'
+        required: false
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Override version from workflow input
+        if: ${{ inputs.version != '' }}
+        run: sed -i "s/^VERSION_NAME=.*/VERSION_NAME=${{ inputs.version }}/" gradle.properties
+
+      - name: Override version from release tag
+        if: ${{ github.event_name == 'release' }}
+        run: |
+          TAG="${{ github.event.release.tag_name }}"
+          VERSION="${TAG#v}"
+          sed -i "s/^VERSION_NAME=.*/VERSION_NAME=${VERSION}/" gradle.properties
+
+      - name: Publish to GitHub Packages
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew :sdk:publishReleasePublicationToGitHubPackagesRepository

.github/workflows/release.yml

@@ -82,12 +82,12 @@ jobs:
         uses: actions/attest-build-provenance@v3
         id: maven-attest
         with:
-          subject-path: ~/.m2/repository/me/id/auth/android-auth-sample-code/${{ env.RELEASE_VERSION }}/*
+          subject-path: ~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/${{ env.RELEASE_VERSION }}/*
 
       - name: Save attestation bundle alongside Maven artifacts
         run: |
           ATTESTATION_BUNDLE_PATH="${{ steps.maven-attest.outputs.bundle-path }}"
-          MAVEN_DIR=~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION
+          MAVEN_DIR=~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/$RELEASE_VERSION
           if [[ -f "$ATTESTATION_BUNDLE_PATH" ]]; then
             cp "$ATTESTATION_BUNDLE_PATH" "$MAVEN_DIR/android-auth-sample-code-${RELEASE_VERSION}.intoto.jsonl"
             echo "Saved attestation bundle as android-auth-sample-code-${RELEASE_VERSION}.intoto.jsonl"
@@ -98,7 +98,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          GROUP_ID="me.id.auth"
+          GROUP_ID="com.idmelabs.auth"
           ARTIFACT_ID="android-auth-sample-code"
           VERSION="$RELEASE_VERSION"
           GROUP_PATH=$(echo "$GROUP_ID" | tr '.' '/')
@@ -171,10 +171,10 @@ jobs:
         continue-on-error: true
         run: |
           echo "Maven artifacts in local repository:"
-          ls -la ~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION/
+          ls -la ~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/$RELEASE_VERSION/
           echo ""
           echo "Generated POM content:"
-          cat ~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION/android-auth-sample-code-$RELEASE_VERSION.pom
+          cat ~/.m2/repository/com/idmelabs/auth/android-auth-sample-code/$RELEASE_VERSION/android-auth-sample-code-$RELEASE_VERSION.pom
 
       - name: Publish to Maven Central (Sonatype OSSRH)
         env:
@@ -218,11 +218,11 @@ jobs:
           echo "- **Draft:** ${{ inputs.draft }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Maven Coordinates" >> $GITHUB_STEP_SUMMARY
-          echo "\`me.id.auth:android-auth-sample-code:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY
+          echo "\`com.idmelabs.auth:android-auth-sample-code:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Published To" >> $GITHUB_STEP_SUMMARY
           echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
-          echo "- Maven Central: https://central.sonatype.com/artifact/me.id.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
+          echo "- Maven Central: https://central.sonatype.com/artifact/com.idmelabs.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Verification" >> $GITHUB_STEP_SUMMARY
           echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY

demo/proguard-rules.pro

@@ -0,0 +1,3 @@
+# Add project specific ProGuard rules here.
+-dontwarn javax.annotation.Nullable
+-dontwarn javax.annotation.concurrent.GuardedBy

gradle.properties

@@ -2,3 +2,4 @@ org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
 android.useAndroidX=true
 kotlin.code.style=official
 android.nonTransitiveRClass=true
+systemProp.maven.wagon.http.ssl.insecure=true

sdk/build.gradle.kts

@@ -77,7 +77,7 @@ afterEvaluate {
     configure<PublishingExtension> {
         publications {
             register("release", MavenPublication::class) {
-                groupId = "me.id.auth"
+                groupId = "com.idmelabs.auth"
                 artifactId = "android-auth-sample-code"
                 version = project.version.toString()
 
@@ -126,8 +126,8 @@ afterEvaluate {
         val signingKey = findProperty("signingKey")?.toString() ?: System.getenv("SIGNING_KEY")
         val signingPassword = findProperty("signingPassword")?.toString() ?: System.getenv("SIGNING_PASSWORD")
 
-        if (!signingKey.isNullOrBlank() && !signingPassword.isNullOrBlank()) {
-            useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
+        if (!signingKey.isNullOrBlank()) {
+            useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword ?: "")
             sign(extensions.getByType<PublishingExtension>().publications["release"])
         }
     }