You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, releases are created and verified manually on a maintainer’s machine since they need to be signed with a PGP key when publishing to Maven Central. Since the build is reproducible, this task will introduce automation that will rebuild the artifacts (without signing) prior to promoting the release from the staging repository to Maven Central and verify that they’re identical. Moreover, manual release steps such as verifying the artifacts can be consumed by build tools like Gradle and Maven will be automated as part of this task. This will improve the “truck factor” of the project and make it more sustainable.
Motivation
Currently, releases are created and verified manually on a maintainer’s machine since they need to be signed with a PGP key when publishing to Maven Central. Since the build is reproducible, this task will introduce automation that will rebuild the artifacts (without signing) prior to promoting the release from the staging repository to Maven Central and verify that they’re identical. Moreover, manual release steps such as verifying the artifacts can be consumed by build tools like Gradle and Maven will be automated as part of this task. This will improve the “truck factor” of the project and make it more sustainable.
Deliverables
The text was updated successfully, but these errors were encountered: