Release to Central Portal

.gitignore

@@ -13,6 +13,7 @@
 .settings
 doc
 hs_err*.log
+pom.xml.versionsBackup
 target
 reports
 Main.java

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+3.7.2 (2025-05-28)
+------------------
+
+* First release using Central Portal instead of Legacy OSSRH.
+* Update `geoip2` dependency.
+
 3.7.1 (2025-05-23)
 ------------------
 

README.dev.md

@@ -1,77 +1,38 @@
 # Preparing your environment for a release
 
 - Ensure you have access to publish to the repository on
-  [Sonatype](https://oss.sonatype.org).
-  - See the section about Sonatype access.
+  [Central Portal](https://central.sonatype.org/).
+  - See the section about Central Portal access.
 - You need a GPG secret key. You need to publish it as well.
   - See the section about setting up GPG.
 - Ensure the SSH key you use on GitHub.com is available.
   - e.g., `~/.ssh/id_rsa`.
 - Ensure an appropriate `~/.gitconfig` is set up.
   - The release process generates commits.
 - Ensure you have the necessary dependencies available:
-  - e.g., `apt-get install maven openjdk-8-jdk git-core gpg`
+  - e.g., `apt-get install maven default-jdk git-core`
 - Ensure [gh](https://github.com/cli/cli) is set up and in your
   `PATH`.
   - An easy way to do this is get a release tarball and run `./install`.
 
-## Setting up Sonatype access
+## Setting up Central Portal access
 
-To get this access, make an account on the [Sonatype JIRA issue
-tracker](https://issues.sonatype.org/) and make an issue asking for access
-[like so](https://issues.sonatype.org/browse/OSSRH-34414).
+To get this access, first create a Central Portal account. You will then need
+access to our namespace, but we have not added anyone since switching to
+Central Portal. Previously you would need to make an account on the [Sonatype
+JIRA issue tracker](https://issues.sonatype.org/) and make an issue asking for
+access [like so](https://issues.sonatype.org/browse/OSSRH-34414).
 
 Ensure you inform MaxMind operations about your new access.
 
-Put this information into `~/.m2/settings.xml` (Maven settings). Your
-`settings.xml` should look something like (replace USERNAME and SECRET):
-
-    <settings>
-      <servers>
-        <server>
-          <id>ossrh</id>
-          <username>USERNAME</username>
-          <password>SECRET</password>
-        </server>
-        <server>
-          <id>sonatype-nexus-snapshots</id>
-          <username>USERNAME</username>
-          <password>SECRET</password>
-        </server>
-        <server>
-          <id>sonatype-nexus-staging</id>
-          <username>USERNAME</username>
-          <password>SECRET</password>
-        </server>
-        <server>
-          <id>github-project-site</id>
-          <username>git</username>
-        </server>
-      </servers>
-      <profiles>
-        <profile>
-          <id>my_profile_id</id>
-          <activation>
-            <activeByDefault>true</activeByDefault>
-          </activation>
-          <properties>
-            <gpg.keyname><!-- The GPG ID of your publishing key --></gpg.keyname>
-          </properties>
-        </profile>
-      </profiles>
-    </settings>
-
-Some links about Sonatype:
-
-* http://central.sonatype.org/pages/ossrh-guide.html
-* http://central.sonatype.org/pages/releasing-the-deployment.html
-* http://central.sonatype.org/pages/apache-maven.html
-
-See the following documentation for details on specifying which gpg to use for
-publishing in your local settings.xml:
-
-* https://central.sonatype.org/publish/requirements/gpg/
-* https://maven.apache.org/plugins/maven-gpg-plugin/usage.html
+Configure your `~/.m2/settings.xml` file for releasing to Central Portal. See
+[these instructions](https://central.sonatype.org/publish/publish-portal-maven/#credentials).
+
+Some links about Central Portal:
+
+* [Maven Central Repository homepage](https://central.sonatype.com/). You can
+  sign-in from here.
+* [Publishing guide](https://central.sonatype.org/publish/publish-portal-maven/)
 
 ## Setting up GPG
 
@@ -130,29 +91,20 @@ Add this to ~/.gnupg/gpg-agent.conf:
     version to the next development release, upload the release to GitHub
     and tag it, and upload to Sonatype.
 - This will prompt you several times. Generally you need to say `y` or `n`.
-- You'll be prompted for your ssh key password, GPG key password, and
-  GitHub.com username and password several times depending on your
-  workspace.
-- You may be prompted about "what is the next development version?". Hit
-  enter to use the default which should be fine.
+- You may be prompted for your GitHub.com username and password several
+  times depending on your workspace.
 - You may be prompted about "The following dependencies in Dependencies
   have newer versions". See the section about updating dependencies if so.
-- If you get HTTP 401 errors from Sonatype, you probably don't have a
-  correct `settings.xml`. Refer to the Sonatype section.
-  - If this happened, there are most likely pushed commits on GitHub.com.
-    You can potentially rebase and drop the commits and force push and
-    start over (you might want to talk about this before doing it). Note
-    you'll need to delete the release tag too:
-    `git push origin :refs/tags/vx.y.z && git tag -d vx.y.z`.
-- If you get to this point, then a release is on GitHub.com and in the
-  staging repository on [Sonatype](https://oss.sonatype.org). The
-  nexus-staging-maven-plugin plugin should automatically close the staging
-  release as well as actually release it after.
+- If you get HTTP 401 errors from Central Portal, you probably don't have a
+  correct `settings.xml`. Refer to the Central Portal section.
+- If you get to this point, then a release is on GitHub.com and Maven
+  Central.
 - You're done!
 - If you want to check things over, look at the commits on GitHub.com,
   including to the `gh-pages` branch and release tags, and do an artifact
-  search on [Sonatype](https://oss.sonatype.org) to see the version is as
-  you expect.
+  search on [Maven Central](https://central.sonatype.com/) to see the version
+  is as you expect. It may take a few minutes for new releases to show up
+  on Maven Central.
 
 ## Updating dependencies
 

README.md

@@ -16,7 +16,7 @@ To do this, add the dependency to your pom.xml:
     <dependency>
         <groupId>com.maxmind.minfraud</groupId>
         <artifactId>minfraud</artifactId>
-        <version>3.7.1</version>
+        <version>3.7.2</version>
     </dependency>
 ```
 
@@ -29,7 +29,7 @@ repositories {
     mavenCentral()
 }
 dependencies {
-    compile 'com.maxmind.minfraud:minfraud:3.7.1'
+    compile 'com.maxmind.minfraud:minfraud:3.7.2'
 }
 ```
 

dev-bin/release.sh

@@ -5,7 +5,7 @@ set -eu -o pipefail
 changelog=$(cat CHANGELOG.md)
 
 regex='
-([0-9]+\.[0-9]+\.[0-9]+(-[^ ]+)?) \(([0-9]{4}-[0-9]{2}-[0-9]{2})\)
+([0-9]+\.[0-9]+\.[0-9]+[a-zA-Z0-9\-]*) \(([0-9]{4}-[0-9]{2}-[0-9]{2})\)
 -*
 
 ((.|
@@ -18,8 +18,8 @@ if [[ ! $changelog =~ $regex ]]; then
 fi
 
 version="${BASH_REMATCH[1]}"
-date="${BASH_REMATCH[3]}"
-notes="$(echo "${BASH_REMATCH[4]}" | sed -n -E '/^[0-9]+\.[0-9]+\.[0-9]+/,$!p')"
+date="${BASH_REMATCH[2]}"
+notes="$(echo "${BASH_REMATCH[3]}" | sed -n -e '/^[0-9]\+\.[0-9]\+\.[0-9]\+/,$!p')"
 
 if [[ "$date" != $(date +"%Y-%m-%d") ]]; then
     echo "$date is not today!"
@@ -53,7 +53,16 @@ popd
 mvn versions:display-plugin-updates
 mvn versions:display-dependency-updates
 
-read -e -p "Continue given above dependencies? (y/n) " should_continue
+read -r -n 1 -p "Continue given above dependencies? (y/n) " should_continue
+
+if [ "$should_continue" != "y" ]; then
+    echo "Aborting"
+    exit 1
+fi
+
+mvn test
+
+read -r -n 1 -p "Continue given above tests? (y/n) " should_continue
 
 if [ "$should_continue" != "y" ]; then
     echo "Aborting"
@@ -64,36 +73,36 @@ page=.gh-pages/index.md
 cat <<EOF > $page
 ---
 layout: default
-title: MaxMind minFraud Score and Insights Java API
+title: MaxMind minFraud Java API
 language: java
 version: $tag
 ---
 
 EOF
 
+mvn versions:set -DnewVersion="$version"
+
 perl -pi -e "s/(?<=<version>)[^<]*/$version/" README.md
-perl -pi -e "s/(?<=com\.maxmind\.minfraud\:minfraud\:)\d+\.\d+\.\d+[^']*/$version/" README.md
+perl -pi -e "s/(?<=com\.maxmind\.minfraud\:minfraud\:)\d+\.\d+\.\d+([\w\-]+)?/$version/" README.md
 
 cat README.md >> $page
 
-if [ -n "$(git status --porcelain)" ]; then
-    git diff
-
-    read -e -p "Commit README.md changes? " should_commit
-    if [ "$should_commit" != "y" ]; then
-        echo "Aborting"
-        exit 1
-    fi
-    git add README.md
-    git commit -m 'update version number in README.md'
+git diff
+
+read -r -n 1 -p "Commit changes? " should_commit
+if [ "$should_commit" != "y" ]; then
+    echo "Aborting"
+    exit 1
 fi
+git add README.md pom.xml
+git commit -m "Preparing for $version"
+
+mvn clean deploy
 
-# could be combined with the primary build
-mvn release:clean
-mvn release:prepare -DreleaseVersion="$version" -Dtag="$tag"
-mvn release:perform
 rm -fr ".gh-pages/doc/$tag"
-cp -r target/checkout/target/reports/apidocs ".gh-pages/doc/$tag"
+cp -r target/reports/apidocs ".gh-pages/doc/$tag"
+rm -f .gh-pages/doc/latest
+ln -fs "$tag" .gh-pages/doc/latest
 
 pushd .gh-pages
 
@@ -105,8 +114,7 @@ echo "Release notes for $version:
 $notes
 
 "
-
-read -e -p "Push to origin? " should_push
+read -r -n 1 -p "Push to origin? " should_push
 
 if [ "$should_push" != "y" ]; then
     echo "Aborting"
@@ -118,8 +126,7 @@ git push
 popd
 
 git push
-git push --tags
 
 gh release create --target "$(git branch --show-current)" -t "$version" -n "$notes" "$tag" \
-    "target/checkout/target/minfraud-$version-with-dependencies.zip" \
-    "target/checkout/target/minfraud-$version-with-dependencies.zip.asc"
+    "target/minfraud-$version-with-dependencies.zip" \
+    "target/minfraud-$version-with-dependencies.zip.asc"

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>com.maxmind.minfraud</groupId>
     <artifactId>minfraud</artifactId>
-    <version>3.7.2-SNAPSHOT</version>
+    <version>3.7.2</version>
     <name>MaxMind minFraud API</name>
     <description>MaxMind minFraud Score, Insights, Factors and Report Transaction API</description>
     <url>http://dev.maxmind.com/minfraud</url>
@@ -60,7 +60,7 @@
         <dependency>
             <groupId>com.maxmind.geoip2</groupId>
             <artifactId>geoip2</artifactId>
-            <version>4.3.0</version>
+            <version>4.3.1</version>
         </dependency>
         <dependency>
             <groupId>commons-validator</groupId>
@@ -255,24 +255,14 @@
                 <version>2.18.0</version>
             </plugin>
             <plugin>
-                <groupId>org.sonatype.plugins</groupId>
-                <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.7.0</version>
+                <groupId>org.sonatype.central</groupId>
+                <artifactId>central-publishing-maven-plugin</artifactId>
+                <version>0.7.0</version>
                 <extensions>true</extensions>
                 <configuration>
-                    <serverId>sonatype-nexus-staging</serverId>
-                    <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-                    <autoReleaseAfterClose>true</autoReleaseAfterClose>
+                    <publishingServerId>central</publishingServerId>
+                    <autoPublish>true</autoPublish>
                 </configuration>
-                <executions>
-                    <execution>
-                        <id>default-deploy</id>
-                        <phase>deploy</phase>
-                        <goals>
-                            <goal>deploy</goal>
-                        </goals>
-                    </execution>
-                </executions>
             </plugin>
         </plugins>
     </build>