Update mvn publish workflow

Author: danoSF

.github/workflows/maven-publish.yml

@@ -1,12 +1,13 @@
-# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
-# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
+# Publishes to Maven Central (Sonatype) when you push a tag v* (e.g. v0.6.17).
+# Trigger: push tag v* OR run manually via Actions tab ("Run workflow").
+# For a production release: set pom <version> to a release (e.g. 0.6.17, no -SNAPSHOT), commit, then tag and push: git tag v0.6.17 && git push origin v0.6.17
 
 name: Maven Package
 
 on:
   push:
     tags:
-      - 'v*' # Push events to matching v*
+      - 'v*'
   workflow_dispatch: {}
 
 jobs:
@@ -19,19 +20,30 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
+
+    - name: Require release version when triggered by tag
+      if: startsWith(github.ref, 'refs/tags/')
+      run: |
+        V=$(grep -oP '(?<=<version>)[^<]+' pom.xml | head -1)
+        if [[ "$V" == *-SNAPSHOT ]]; then
+          echo "::error::Publishing from a tag requires a release version in pom.xml (no -SNAPSHOT). Current: $V"
+          exit 1
+        fi
+
     - name: Set up Apache Maven Central
       uses: actions/setup-java@v2
       with: # running setup-java again overwrites the settings.xml
         distribution: 'zulu'
         java-version: '11'
-        server-username: MAVEN_USERNAME # env variable for username in deploy
-        server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
-        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-        gpg-passphrase:  MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+        server-id: sonatype-nexus-staging
+        server-username: MAVEN_USERNAME
+        server-password: MAVEN_CENTRAL_TOKEN
+        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+        gpg-passphrase: MAVEN_GPG_PASSPHRASE
         settings-path: ${{ github.workspace }}/generated-settings
 
     - name: Release to Apache Maven Central
-      run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
+      run: mvn deploy -s $GITHUB_WORKSPACE/generated-settings/settings.xml
       env:
         SONATYPE_USERNAME:    ${{ secrets.MAVEN_CENTRAL_USER   }}
         SONATYPE_PASSWORD:    ${{ secrets.MAVEN_CENTRAL_TOKEN  }}

README.md

@@ -255,8 +255,19 @@ objectName="mirus:type=connector-task-metrics,connector=*" attribute="task-faile
 
 ## Developer Info
 
-To preform a release: `mvn release:prepare release:perform`
-GPG Keys may need to be passed to maven with `-Darguments='-Dgpg.passphrase= -Dgpg.keyname=55Z32RD1'`
+### Releasing to Maven Central (GitHub Actions)
+
+1. In `pom.xml`, set `<version>` to a **release** value (e.g. `0.6.17`) — **no** `-SNAPSHOT`.
+2. Commit and push to `master`.
+3. Tag that commit and push the tag:  
+   `git tag v0.6.17 && git push origin v0.6.17`
+4. The **Maven Package** workflow runs on tag push and deploys to Maven Central. Ensure repo secrets are set: `MAVEN_CENTRAL_USER`, `MAVEN_CENTRAL_TOKEN`, `MAVEN_GPG_PRIVATE_KEY`, `MAVEN_GPG_PASSPHRASE`.
+5. After the release, bump the version back to the next SNAPSHOT (e.g. `0.6.18-SNAPSHOT`) on `master`.
+
+### Releasing locally
+
+To perform a release locally: `mvn release:prepare release:perform`  
+GPG keys may need to be passed to Maven with `-Darguments='-Dgpg.passphrase= -Dgpg.keyname=55Z32RD1'`
 
 # Discussion