From bffa731aa1a8fe7898213e8753f6df90fc2c8710 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Wed, 28 May 2025 14:30:28 -0700 Subject: [PATCH 1/5] Update notes on releasing --- README.dev.md | 100 +++++++++++++------------------------------------- 1 file changed, 26 insertions(+), 74 deletions(-) diff --git a/README.dev.md b/README.dev.md index c0e89ccc..1cda7587 100644 --- a/README.dev.md +++ b/README.dev.md @@ -1,8 +1,8 @@ # Preparing your environment for a release - Ensure you have access to publish to the repository on - [Sonatype](https://oss.sonatype.org). - - See the section about Sonatype access. + [Central Portal](https://central.sonatype.org/). + - See the section about Central Portal access. - You need a GPG secret key. You need to publish it as well. - See the section about setting up GPG. - Ensure the SSH key you use on GitHub.com is available. @@ -10,68 +10,29 @@ - Ensure an appropriate `~/.gitconfig` is set up. - The release process generates commits. - Ensure you have the necessary dependencies available: - - e.g., `apt-get install maven openjdk-8-jdk git-core gpg` + - e.g., `apt-get install maven default-jdk git-core` - Ensure [gh](https://github.com/cli/cli) is set up and in your `PATH`. - An easy way to do this is get a release tarball and run `./install`. -## Setting up Sonatype access +## Setting up Central Portal access -To get this access, make an account on the [Sonatype JIRA issue -tracker](https://issues.sonatype.org/) and make an issue asking for access -[like so](https://issues.sonatype.org/browse/OSSRH-34414). +To get this access, first create a Central Portal account. You will then need +access to our namespace, but we have not added anyone since switching to +Central Portal. Previously you would need to make an account on the [Sonatype +JIRA issue tracker](https://issues.sonatype.org/) and make an issue asking for +access [like so](https://issues.sonatype.org/browse/OSSRH-34414). Ensure you inform MaxMind operations about your new access. -Put this information into `~/.m2/settings.xml` (Maven settings). Your -`settings.xml` should look something like (replace USERNAME and SECRET): - - - - - ossrh - USERNAME - SECRET - - - sonatype-nexus-snapshots - USERNAME - SECRET - - - sonatype-nexus-staging - USERNAME - SECRET - - - github-project-site - git - - - - - my_profile_id - - true - - - - - - - - -Some links about Sonatype: - -* http://central.sonatype.org/pages/ossrh-guide.html -* http://central.sonatype.org/pages/releasing-the-deployment.html -* http://central.sonatype.org/pages/apache-maven.html - -See the following documentation for details on specifying which gpg to use for -publishing in your local settings.xml: - -* https://central.sonatype.org/publish/requirements/gpg/ -* https://maven.apache.org/plugins/maven-gpg-plugin/usage.html +Configure your `~/.m2/settings.xml` file for releasing to Central Portal. See +[these instructions](https://central.sonatype.org/publish/publish-portal-maven/#credentials). + +Some links about Central Portal: + +* [Maven Central Repository homepage](https://central.sonatype.com/). You can + sign-in from here. +* [Publishing guide](https://central.sonatype.org/publish/publish-portal-maven/) ## Setting up GPG @@ -130,29 +91,20 @@ Add this to ~/.gnupg/gpg-agent.conf: version to the next development release, upload the release to GitHub and tag it, and upload to Sonatype. - This will prompt you several times. Generally you need to say `y` or `n`. -- You'll be prompted for your ssh key password, GPG key password, and - GitHub.com username and password several times depending on your - workspace. -- You may be prompted about "what is the next development version?". Hit - enter to use the default which should be fine. +- You may be prompted for your GitHub.com username and password several + times depending on your workspace. - You may be prompted about "The following dependencies in Dependencies have newer versions". See the section about updating dependencies if so. -- If you get HTTP 401 errors from Sonatype, you probably don't have a - correct `settings.xml`. Refer to the Sonatype section. - - If this happened, there are most likely pushed commits on GitHub.com. - You can potentially rebase and drop the commits and force push and - start over (you might want to talk about this before doing it). Note - you'll need to delete the release tag too: - `git push origin :refs/tags/vx.y.z && git tag -d vx.y.z`. -- If you get to this point, then a release is on GitHub.com and in the - staging repository on [Sonatype](https://oss.sonatype.org). The - nexus-staging-maven-plugin plugin should automatically close the staging - release as well as actually release it after. +- If you get HTTP 401 errors from Central Portal, you probably don't have a + correct `settings.xml`. Refer to the Central Portal section. +- If you get to this point, then a release is on GitHub.com and Maven + Central. - You're done! - If you want to check things over, look at the commits on GitHub.com, including to the `gh-pages` branch and release tags, and do an artifact - search on [Sonatype](https://oss.sonatype.org) to see the version is as - you expect. + search on [Maven Central](https://central.sonatype.com/) to see the version + is as you expect. It may take a few minutes for new releases to show up + on Maven Central. ## Updating dependencies From 93bf33c8713a3c8d9204b87877a5ef8bbb29fef6 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Wed, 28 May 2025 14:33:18 -0700 Subject: [PATCH 2/5] Update geoip2 --- CHANGELOG.md | 5 +++++ pom.xml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea970817..d0a48e33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +3.7.2 (2025-05-28) +------------------ + +* Update `geoip2` dependency. + 3.7.1 (2025-05-23) ------------------ diff --git a/pom.xml b/pom.xml index 4af9783f..1399fc09 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ com.maxmind.geoip2 geoip2 - 4.3.0 + 4.3.1 commons-validator From 8412c34e7be68699df7fe7f36819aea5fcb29b6e Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Wed, 28 May 2025 14:37:23 -0700 Subject: [PATCH 3/5] Release to Central Portal --- CHANGELOG.md | 1 + dev-bin/release.sh | 59 ++++++++++++++++++++++++++-------------------- pom.xml | 20 ++++------------ 3 files changed, 39 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0a48e33..4fd57892 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ CHANGELOG 3.7.2 (2025-05-28) ------------------ +* First release using Central Portal instead of Legacy OSSRH. * Update `geoip2` dependency. 3.7.1 (2025-05-23) diff --git a/dev-bin/release.sh b/dev-bin/release.sh index e9c7846a..0c8bcb30 100755 --- a/dev-bin/release.sh +++ b/dev-bin/release.sh @@ -5,7 +5,7 @@ set -eu -o pipefail changelog=$(cat CHANGELOG.md) regex=' -([0-9]+\.[0-9]+\.[0-9]+(-[^ ]+)?) \(([0-9]{4}-[0-9]{2}-[0-9]{2})\) +([0-9]+\.[0-9]+\.[0-9]+[a-zA-Z0-9\-]*) \(([0-9]{4}-[0-9]{2}-[0-9]{2})\) -* ((.| @@ -18,8 +18,8 @@ if [[ ! $changelog =~ $regex ]]; then fi version="${BASH_REMATCH[1]}" -date="${BASH_REMATCH[3]}" -notes="$(echo "${BASH_REMATCH[4]}" | sed -n -E '/^[0-9]+\.[0-9]+\.[0-9]+/,$!p')" +date="${BASH_REMATCH[2]}" +notes="$(echo "${BASH_REMATCH[3]}" | sed -n -e '/^[0-9]\+\.[0-9]\+\.[0-9]\+/,$!p')" if [[ "$date" != $(date +"%Y-%m-%d") ]]; then echo "$date is not today!" @@ -53,7 +53,16 @@ popd mvn versions:display-plugin-updates mvn versions:display-dependency-updates -read -e -p "Continue given above dependencies? (y/n) " should_continue +read -r -n 1 -p "Continue given above dependencies? (y/n) " should_continue + +if [ "$should_continue" != "y" ]; then + echo "Aborting" + exit 1 +fi + +mvn test + +read -r -n 1 -p "Continue given above tests? (y/n) " should_continue if [ "$should_continue" != "y" ]; then echo "Aborting" @@ -64,36 +73,36 @@ page=.gh-pages/index.md cat < $page --- layout: default -title: MaxMind minFraud Score and Insights Java API +title: MaxMind minFraud Java API language: java version: $tag --- EOF +mvn versions:set -DnewVersion="$version" + perl -pi -e "s/(?<=)[^<]*/$version/" README.md -perl -pi -e "s/(?<=com\.maxmind\.minfraud\:minfraud\:)\d+\.\d+\.\d+[^']*/$version/" README.md +perl -pi -e "s/(?<=com\.maxmind\.minfraud\:minfraud\:)\d+\.\d+\.\d+([\w\-]+)?/$version/" README.md cat README.md >> $page -if [ -n "$(git status --porcelain)" ]; then - git diff - - read -e -p "Commit README.md changes? " should_commit - if [ "$should_commit" != "y" ]; then - echo "Aborting" - exit 1 - fi - git add README.md - git commit -m 'update version number in README.md' +git diff + +read -r -n 1 -p "Commit changes? " should_commit +if [ "$should_commit" != "y" ]; then + echo "Aborting" + exit 1 fi +git add README.md pom.xml +git commit -m "Preparing for $version" + +mvn clean deploy -# could be combined with the primary build -mvn release:clean -mvn release:prepare -DreleaseVersion="$version" -Dtag="$tag" -mvn release:perform rm -fr ".gh-pages/doc/$tag" -cp -r target/checkout/target/reports/apidocs ".gh-pages/doc/$tag" +cp -r target/reports/apidocs ".gh-pages/doc/$tag" +rm -f .gh-pages/doc/latest +ln -fs "$tag" .gh-pages/doc/latest pushd .gh-pages @@ -105,8 +114,7 @@ echo "Release notes for $version: $notes " - -read -e -p "Push to origin? " should_push +read -r -n 1 -p "Push to origin? " should_push if [ "$should_push" != "y" ]; then echo "Aborting" @@ -118,8 +126,7 @@ git push popd git push -git push --tags gh release create --target "$(git branch --show-current)" -t "$version" -n "$notes" "$tag" \ - "target/checkout/target/minfraud-$version-with-dependencies.zip" \ - "target/checkout/target/minfraud-$version-with-dependencies.zip.asc" + "target/minfraud-$version-with-dependencies.zip" \ + "target/minfraud-$version-with-dependencies.zip.asc" diff --git a/pom.xml b/pom.xml index 1399fc09..b8b6e806 100644 --- a/pom.xml +++ b/pom.xml @@ -255,24 +255,14 @@ 2.18.0 - org.sonatype.plugins - nexus-staging-maven-plugin - 1.7.0 + org.sonatype.central + central-publishing-maven-plugin + 0.7.0 true - sonatype-nexus-staging - https://oss.sonatype.org/ - true + central + true - - - default-deploy - deploy - - deploy - - - From a877d81de6848f2eb805f421a8015f8cedad2c89 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Wed, 28 May 2025 14:45:47 -0700 Subject: [PATCH 4/5] Add pom.xml.versionsBackup to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 975ce155..528061d9 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ .settings doc hs_err*.log +pom.xml.versionsBackup target reports Main.java From c13b8db7d7b2669e097be0a4f21bc325f33addb2 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Wed, 28 May 2025 14:46:25 -0700 Subject: [PATCH 5/5] Preparing for 3.7.2 --- README.md | 4 ++-- pom.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b63509ec..8e1df0c0 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ To do this, add the dependency to your pom.xml: com.maxmind.minfraud minfraud - 3.7.1 + 3.7.2 ``` @@ -29,7 +29,7 @@ repositories { mavenCentral() } dependencies { - compile 'com.maxmind.minfraud:minfraud:3.7.1' + compile 'com.maxmind.minfraud:minfraud:3.7.2' } ``` diff --git a/pom.xml b/pom.xml index b8b6e806..1c199c74 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ com.maxmind.minfraud minfraud - 3.7.2-SNAPSHOT + 3.7.2 MaxMind minFraud API MaxMind minFraud Score, Insights, Factors and Report Transaction API http://dev.maxmind.com/minfraud