chore: deploy to maven central

[junjiem]

Summary by CodeRabbit

• Chores
  • Reorganized build and plugin configuration for clearer lifecycle handling.
  • Added a central-profile for controlled publishing, signing, and source attachment.
  • Introduced global handling for javadoc/reporting and test-skip behavior during packaging.
  • Adjusted deployment settings to disable automatic deploy by default.
  • Updated SCM metadata (tag) and related release metadata.

[coderabbitai]

Walkthrough

Reorganizes Maven build configuration across root and submodule POMs: moves deploy plugin into build/plugins with skip, adds central publishing, signing, source-attachment and javadoc/reporting configuration, and introduces a central profile that controls central-publishing execution and related plugins.

Changes

Cohort / File(s)	Change Summary
Root POM / Top-level build pom.xml	Added top-level <build> with pluginManagement and plugins; added <reporting> for javadoc; added <tag>HEAD</tag> in <scm>; reintroduced profiles with a central profile containing maven-source-plugin, maven-gpg-plugin, central-publishing-maven-plugin, flatten-maven-plugin (v1.5.0) and moved test-skip/javadoc handling into new structure.
CLI module dat-cli/pom.xml	Moved maven-deploy-plugin from pluginManagement to build/plugins with <skip>true</skip>; removed deploy entry from pluginManagement; removed commented central-publishing block.
Servers module dat-servers/pom.xml	Added build/plugins with maven-deploy-plugin (skip=true); added central profile that disables central-publishing-maven-plugin executions by setting an execution phase to none (central-publishing-maven-plugin v0.9.0).

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant Maven as Maven Build
  participant Root as Root POM (build/plugins)
  participant Module as Module POM (dat-cli / dat-servers)
  participant Central as Central Publishing Plugin

  Dev->>Maven: mvn clean deploy (-Pcentral?)
  Maven->>Root: load top-level build/plugins & reporting
  Maven->>Module: load module build/plugins
  alt Profile: central active
    Module->>Central: execute central-publishing-maven-plugin (sign, source attach, publish)
    Central-->>Maven: publish artifacts to Central
  else Profile: central inactive
    Module->>Central: central-publishing execution phase = none (no-op)
    note right of Module #D3F6D8: deploy plugin present but<br/>configured with <skip>true</skip>
  end
  Maven->>Dev: build result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

• Extra attention areas:
  • Verify consistency of plugin versions (flatten, central-publishing, gpg) across POMs
  • Confirm intended behavior of maven-deploy-plugin with <skip>true</skip> in modules
  • Confirm central profile execution phase none is the intended mechanism to disable executions

Possibly related PRs

• chore: deploy maven central #114 — Changes to maven-gpg-plugin configuration (artifact signing) closely related to signing additions here.
• Chore/deploy maven central #116 — Changes to central-publishing-maven-plugin and deployment settings; overlaps with central profile and plugin versioning.
• chore: deploy maven central #112 — Adjusts Maven Central deployment and GPG signing setup; relevant to this PR's publishing/signing changes.

Poem

🐰
The POMs hop, rearranged and neat,
Plugins find their new-built seat.
Sources, javadoc, signed and ready,
Central waits; the build is steady.
A rabbit cheers—deployments sweet.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: deploy to maven central" directly and clearly reflects the primary objective of the changeset. The PR introduces comprehensive Maven Central deployment configuration across multiple pom.xml files, including the central-publishing-maven-plugin, maven-gpg-plugin for signing, and reorganization of build plugins specifically to enable deployment to Maven Central Repository. The title is concise, uses specific terminology, and clearly communicates the main purpose without vague language or unnecessary noise, making it immediately understandable to someone scanning the repository history.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/maven_central

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

dat-cli/pom.xml (1)

259-279: Consider using <skip>true</skip> instead of <phase>none</phase> to disable central-publishing-maven-plugin.

Setting the execution phase to "none" works but is unconventional. The more idiomatic Maven approach is to use <skip>true</skip> configuration, which is clearer and aligns with how the deploy plugin is disabled elsewhere in this PR.

Consider applying this refactor if you want to standardize the disabling strategy:

-                    <plugin>
-                        <groupId>org.sonatype.central</groupId>
-                        <artifactId>central-publishing-maven-plugin</artifactId>
-                        <version>0.9.0</version>
-                        <executions>
-                            <execution>
-                                <id>injected-central-publishing</id>
-                                <phase>none</phase>
-                            </execution>
-                        </executions>
-                    </plugin>
+                    <plugin>
+                        <groupId>org.sonatype.central</groupId>
+                        <artifactId>central-publishing-maven-plugin</artifactId>
+                        <version>0.9.0</version>
+                        <configuration>
+                            <skip>true</skip>
+                        </configuration>
+                    </plugin>

dat-servers/pom.xml (1)

33-54: Consider using <skip>true</skip> instead of <phase>none</phase> to disable central-publishing-maven-plugin.

For consistency with dat-cli/pom.xml and the deploy plugin disabling strategy, consider using <skip>true</skip> instead of <phase>none</phase>.

pom.xml (2)

89-117: Javadoc configuration with doclint=none may suppress important warnings.

Setting <doclint>none</doclint> disables Javadoc linting entirely. While this prevents build failures, it also hides potential documentation quality issues. Consider using selective lint targets (e.g., <doclint>syntax,reference</doclint>) if you want stricter documentation checks.

---

202-223: GPG configuration with pinentry-mode loopback is appropriate for CI/CD.

This allows GPG to accept passphrases non-interactively, which is essential for unattended release automation. However, ensure that:

• The GPG key and passphrase are securely stored in CI/CD secrets (e.g., GitHub Secrets)
• The GPG private key is accessible in the build environment
• Only the central profile uses this configuration (limiting signing exposure)

If you need help setting up GPG keys or CI/CD secrets for the release pipeline, I can assist with guidance or scripts.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4387904 and 8f723b8.

📒 Files selected for processing (3)

• dat-cli/pom.xml (1 hunks)
• dat-servers/pom.xml (1 hunks)
• pom.xml (4 hunks)

🔇 Additional comments (7)

dat-cli/pom.xml (1)

247-256: Verify parent pom.xml defines maven-deploy-plugin version in pluginManagement.

The plugin configuration here omits the version tag, which relies on parent inheritance. Ensure the root pom.xml has maven-deploy-plugin declared in pluginManagement with an explicit version (this should be enforced by Maven best practices to avoid version conflicts).

dat-servers/pom.xml (1)

20-31: Verify parent pom.xml defines maven-deploy-plugin version in pluginManagement.

Same as dat-cli/pom.xml: this plugin configuration relies on parent inheritance for the version. Ensure consistency with the root pom.xml pluginManagement declaration.

pom.xml (5)

41-41: SCM tag addition looks good for release automation.

The <tag>HEAD</tag> entry is appropriate for Git-based release workflows and will be used during Maven Release Plugin or similar tooling.

---

77-87: Maven Deploy Plugin version declaration is correctly placed in pluginManagement.

This allows child modules to inherit the version (3.1.4) without re-declaring it, following Maven best practices. Ensure all child modules that reference maven-deploy-plugin omit the version tag to use this inherited value.

---

120-145: Reporting section with dual javadoc report sets looks appropriate.

The aggregate and default reportSets allow for both aggregated and module-level documentation generation, which is good for multi-module projects.

---

163-176: Maven Source Plugin configuration is correct for Maven Central.

Attaching sources via jar-no-fork goal in the central profile is the standard requirement for Maven Central publishing. This ensures source JARs are generated alongside compiled artifacts.

---

224-237: Central Publishing Maven Plugin configuration aligns with new Maven Central publishing model.

The use of org.sonatype.central:central-publishing-maven-plugin (v0.9.0) with autoPublish=true and waitUntil=published is the recommended approach for modern Maven Central deployments (replacing the legacy Maven Deploy Plugin approach).

Verify that the publishingServerId value central matches the corresponding <server> entry in your Maven settings.xml or CI/CD credentials configuration (e.g., via GitHub Actions setup-java action).

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

pom.xml (1)

100-116: Consider whether javadoc attachment should apply to all modules.

The maven-javadoc-plugin is configured in the main build lifecycle with an attach-javadocs execution (lines 108–115). This will attach javadoc JARs to all modules by default, which increases build time and artifact size.

If javadoc attachments should only occur during central deployment, consider moving this execution into the central profile, or verify that this behavior aligns with your project's requirements.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f723b8 and 96240f0.

📒 Files selected for processing (1)

• pom.xml (3 hunks)

🔇 Additional comments (2)

pom.xml (2)

41-41: SCM tag metadata added for Maven Central.

Adding <tag>HEAD</tag> to the SCM section aligns with Maven Central repository requirements for proper release tracking.

---

147-241: Central profile configuration is well-structured for Maven Central deployment.

The central profile correctly isolates all central-specific plugins and configurations:

• maven-source-plugin: Attaches source JARs (required for central).
• flatten-maven-plugin v1.5.0: Resolves CI-friendly properties (${revision}).
• maven-gpg-plugin v3.2.8: Signs artifacts with GPG; pinentry-mode loopback configuration supports CI environments.
• central-publishing-maven-plugin v0.9.0: Handles publication with auto-publish and wait-for-published settings, appropriate for CI workflows.

The isolation via profile ensures these steps only execute when explicitly activated (mvn -P central ...), which is the correct approach.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

⚠️ Critical: Test skipping in root pom affects all modules by default.

Configuring maven-surefire-plugin with <skip>true</skip> in the root pom's main build lifecycle will skip tests for all child modules unless they explicitly override this configuration. This breaks the standard Maven workflow where mvn clean package is expected to run tests.

This configuration should be moved to the central profile (lines 147–241) if tests should only be skipped during central deployment, or removed entirely if tests should always run.

Apply one of these fixes:

Option 1 (recommended): Move test skipping to the central profile only.

-        <plugins>
-            <!-- 打包时跳过测试 -->
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.3</version>
-                <configuration>
-                    <skip>true</skip>
-                </configuration>
-            </plugin>

Then add it inside the central profile's <build><plugins> section (around line 152):

+            <!-- 打包时跳过测试 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>3.5.3</version>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>

Option 2: Remove test skipping entirely and ensure tests always run.

-        <plugins>
-            <!-- 打包时跳过测试 -->
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.3</version>
-                <configuration>
-                    <skip>true</skip>
-                </configuration>
-            </plugin>

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In pom.xml around lines 91 to 98, the root build config sets
maven-surefire-plugin with <skip>true</skip>, which causes all modules to skip
tests; move this skip configuration into the existing central profile's
build->plugins section (around lines 147–241) so tests are only skipped during
central deployment, or remove the <skip>true</skip> entry entirely if tests
should always run; ensure child modules inherit the root pom behavior correctly
or explicitly override if needed.