Skip to content

feat(IDPLATF-6508): publish to GitHub Packages via Woodpecker#15

Open
rodrigo-rufino wants to merge 3 commits into
masterfrom
IDPLATF-6508/publish-github-packages
Open

feat(IDPLATF-6508): publish to GitHub Packages via Woodpecker#15
rodrigo-rufino wants to merge 3 commits into
masterfrom
IDPLATF-6508/publish-github-packages

Conversation

@rodrigo-rufino

@rodrigo-rufino rodrigo-rufino commented Jun 19, 2026

Copy link
Copy Markdown

Why

Distributing JARs by committing them to mvn-repo/ and serving via raw GitHub URL breaks when the repo goes private. GitHub Packages (maven.pkg.github.com/quintoandar/repository) is already proxied by Nexus via 5a-maven-github-packages, so migrating there removes the dependency on the repo being public without requiring changes in consumer services.

Gradle 4.x was also blocking this migration: it does not perform preemptive Basic auth, causing every ./gradlew publish call to GitHub Packages to fail with 401. Upgrading to Gradle 8.12 resolves this.

What

  • build.gradle publishing target changed from local mvn-repo/ to maven.pkg.github.com/quintoandar/repository; credentials read from env vars; hardcoded version removed from the publishing block (injected via -Pversion= by CI)
  • Gradle upgraded from 4.10.2 to 8.12: java plugin replaced by java-library; compile/testCompile replaced by api/testImplementation; archiveClassifier syntax and checkstyle required flags updated for compatibility — no behavioral change for consumers (generated POM retains all deps as <scope>compile</scope>)
  • .woodpecker/build.yml added: runs gradlew check on push, PR, and tag events
  • .woodpecker/publish.yml added: triggers on tag java-jwt@X.Y.Z, depends on build pipeline passing first
  • Removed javadoc { options.addBooleanOption('html4', true) } block (flag removed in Java 13+)

How

  • publish.yml uses shell parameter expansion ${CI_COMMIT_TAG##java-jwt@} to strip the tag prefix and pass the bare version to Gradle
  • api configuration (instead of implementation) preserves transitive dependencies as <scope>compile</scope> in the generated POM, maintaining backward compatibility for consumers on Maven
  • All credentials injected via from_secret — no secrets in source

Verification

  1. Enable repo in Woodpecker and confirm github_packages_token secret is available
  2. Create tag java-jwt@X.Y.Z and confirm build then publish pipelines run successfully
  3. Confirm java-jwt appears at https://github.com/orgs/quintoandar/packages

@snyk-io

snyk-io Bot commented Jun 19, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@rodrigo-rufino rodrigo-rufino marked this pull request as ready for review June 19, 2026 14:16
anabcuelbas
anabcuelbas previously approved these changes Jun 19, 2026
…ish pipeline

- Migrate plugin from java to java-library; compile/testCompile to api/testImplementation
- Update archiveClassifier and checkstyle required flags for Gradle 8 compatibility
- Upgrade wrapper to Gradle 8.12
- Remove publish-historical.yml (all historical versions already published to GitHub Packages)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants