commons-bom

A Bill of Materials (BOM) descriptor for JVM-based projects that provides centralized dependency management for ReportPortal components. This repository contains version definitions for all ReportPortal dependencies, ensuring consistent versions across the entire ecosystem.

Overview

The commons-bom serves as a parent POM that defines dependency versions for:

• Spring Boot and related frameworks
• Database drivers and ORM tools
• Testing frameworks
• Utility libraries
• ReportPortal-specific components

Publishing to Maven Central

This project uses the centralized Maven publishing workflow from the ReportPortal organization for automated publishing to Maven Central.

Maven Publish Workflow

Source: ReportPortal Maven Publish Workflow

Purpose: Publishes artifacts directly to Maven Central using the new Sonatype Central API with full automation.

Features:

• Downloads artifacts from GitHub Packages
• Creates deployment bundles with proper Maven repository structure
• Uploads to Sonatype Central with USER_MANAGED publishing
• Automatically publishes validated deployments
• Monitors deployment status with automatic retry
• Clean, production-ready logging

Usage:

1. Go to the Actions tab in GitHub
2. Select "Maven Publish to Central" workflow
3. Click "Run workflow"
4. Enter the version to publish (e.g., 5.14.4)
5. Click "Run workflow"

Required Secrets:

• SONATYPE_USER: Your Sonatype Central username
• SONATYPE_PASSWORD: Your Sonatype Central password (not API token)
• GITHUB_TOKEN: Automatically provided by GitHub Actions

Artifacts Downloaded:

• commons-bom-{version}.pom
• commons-bom-{version}.pom.asc (GPG signature)

Bundle Structure: The workflow creates a ZIP bundle with proper Maven repository structure:

commons-bom-{version}.zip
└── com/epam/reportportal/commons-bom/{version}/
    ├── commons-bom-{version}.pom
    └── commons-bom-{version}.pom.asc

API References

• Sonatype Central API Documentation
• Central Publisher API Guide

Authentication

The workflows use token-based authentication with Sonatype Central:

• Username and password are base64 encoded using base64(username:password)
• Bearer token authentication is used for API requests
• Uses standard Sonatype Central credentials (not API tokens)

Publishing Process

The workflow follows this automated process:

1. Upload → USER_MANAGED publishing type (requires manual publish)
2. Monitor → Wait for VALIDATED state
3. Auto-publish → Automatically trigger publish via API when validated
4. Wait → Continue monitoring until PUBLISHED state
5. Success → Display published package URLs

Deployment States

The workflow monitors these deployment states:

• PENDING: Uploaded and waiting for processing
• VALIDATING: Being processed by validation service
• VALIDATED: Passed validation, automatically triggers publish
• PUBLISHING: Being uploaded to Maven Central
• PUBLISHED: Successfully published to Maven Central
• FAILED: Encountered an error during processing

Bundle Format

• File format: ZIP archive
• Naming: commons-bom-{version}.zip
• Structure: Follows Maven repository layout
• Validation: Passes Sonatype Central requirements