ci(release): add Maven Central publishing workflow

.github/workflows/ci.yml

@@ -217,7 +217,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
         continue-on-error: true
 
-  release:
+  github-release:
     name: Release to GitHub Packages
     runs-on: ubuntu-latest
     needs: [build, security-scan]
@@ -266,20 +266,117 @@ jobs:
       - name: Build and Deploy to GitHub Packages
         run: |
           mvn clean deploy -B --no-transfer-progress \
-            -Prelease \
+            -Pgithub-release \
             -DperformRelease=true \
             -DskipTests=true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Download Build Artifacts
-        uses: actions/download-artifact@v4
+      - name: Notify GitHub Release Success
+        run: |
+          echo "✅ Successfully deployed logdash:${{ steps.version.outputs.version }} to GitHub Packages"
+          echo "📦 Available at: https://github.com/logdash-io/java-sdk/packages"
+
+  maven-central-release:
+    name: Release to Maven Central
+    runs-on: ubuntu-latest
+    needs: [build, security-scan]
+    timeout-minutes: 30
+    if: startsWith(github.ref, 'refs/tags/v')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: 'temurin'
+
+      - name: Import GPG key
+        run: |
+          echo "$GPG_PRIVATE_KEY" | base64 -d | gpg --batch --import --no-tty
+          gpg --list-secret-keys --keyid-format LONG
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+
+      - name: Configure Maven Settings for Central
+        uses: whelk-io/maven-settings-xml-action@v22
+        with:
+          servers: |
+            [
+              {
+                "id": "central",
+                "username": "${env.CENTRAL_TOKEN_USERNAME}",
+                "password": "${env.CENTRAL_TOKEN_PASSWORD}"
+              }
+            ]
+
+      - name: Extract Version Info
+        id: version
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+          # Validate version matches tag
+          if [[ "v$VERSION" != "${GITHUB_REF#refs/tags/}" ]]; then
+            echo "::error::Version mismatch: POM version ($VERSION) doesn't match tag (${GITHUB_REF#refs/tags/})"
+            exit 1
+          fi
+
+      - name: Build and Deploy to Maven Central
+        run: |
+          mvn clean deploy -B --no-transfer-progress \
+            -Pmaven-central-release \
+            -DskipTests=true
+        env:
+          CENTRAL_TOKEN_USERNAME: ${{ secrets.CENTRAL_TOKEN_USERNAME }}
+          CENTRAL_TOKEN_PASSWORD: ${{ secrets.CENTRAL_TOKEN_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Wait for Central Processing
+        run: |
+          echo "⏳ Waiting for Maven Central processing..."
+          sleep 60
+          echo "✅ Maven Central processing should be complete"
+
+      - name: Notify Maven Central Success
+        run: |
+          echo "✅ Successfully deployed logdash:${{ steps.version.outputs.version }} to Maven Central"
+          echo "📦 Will be available at: https://central.sonatype.com/artifact/io.logdash/logdash/${{ steps.version.outputs.version }}"
+          echo "🌐 Maven Central: https://search.maven.org/artifact/io.logdash/logdash/${{ steps.version.outputs.version }}"
+
+  create-github-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    needs: [github-release, maven-central-release]
+    timeout-minutes: 10
+    if: startsWith(github.ref, 'refs/tags/v')
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup JDK
+        uses: actions/setup-java@v4
         with:
-          pattern: build-artifacts-*
-          merge-multiple: true
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: 'temurin'
 
-      - name: Prepare Release Assets
+      - name: Extract Version Info
+        id: version
         run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Build Release Artifacts
+        run: |
+          mvn clean package -B --no-transfer-progress -DskipTests=true
           mkdir -p release-assets
           cp target/logdash-${{ steps.version.outputs.version }}.jar release-assets/
           cp target/logdash-${{ steps.version.outputs.version }}-sources.jar release-assets/
@@ -299,7 +396,7 @@ jobs:
           generate_release_notes: true
           draft: false
           body: |
-            # 🚀 Logdash Java SDK
+            # 🚀 Logdash Java SDK ${{ steps.version.outputs.version }}
 
             Official Java SDK for [Logdash.io](https://logdash.io) – Zero-configuration observability for developers.
 
@@ -314,7 +411,7 @@ jobs:
 
             ## 📦 Installation
 
-            **Maven**
+            **Maven Central**
             ```xml
             <dependency>
                 <groupId>io.logdash</groupId>
@@ -328,9 +425,6 @@ jobs:
             implementation 'io.logdash:logdash:${{ steps.version.outputs.version }}'
             ```
 
-            **Direct JAR Download:**  
-            [Download from GitHub Releases](https://github.com/logdash-io/java-sdk/releases)
-
             ## 🏁 Quick Start
 
             ```java
@@ -360,23 +454,27 @@ jobs:
 
             _See below for full release notes and change log._
 
-      - name: Notify Deployment Success
-        run: |
-          echo "✅ Successfully deployed logdash:${{ steps.version.outputs.version }} to GitHub Packages"
-          echo "📦 Available at: https://github.com/logdash-io/java-sdk/packages"
-
   notification:
     name: Notification
     runs-on: ubuntu-latest
-    needs: [validate, test, build, security-scan]
-    if: always() && github.ref == 'refs/heads/main'
+    needs: [validate, test, build, security-scan, github-release, maven-central-release]
+    if: always() && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
 
     steps:
       - name: Check Workflow Status
         run: |
           if [[ "${{ needs.validate.result }}" == "failure" || "${{ needs.test.result }}" == "failure" || "${{ needs.build.result }}" == "failure" ]]; then
-            echo "❌ Workflow failed on main branch"
-            echo "::error::Critical job failed on main branch"
+            echo "❌ Workflow failed"
+            echo "::error::Critical job failed"
+          elif [[ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ]]; then
+            if [[ "${{ needs.github-release.result }}" == "success" && "${{ needs.maven-central-release.result }}" == "success" ]]; then
+              echo "🎉 Release completed successfully!"
+              echo "📦 Available on GitHub Packages and Maven Central"
+            else
+              echo "⚠️ Release partially failed"
+              echo "GitHub Release: ${{ needs.github-release.result }}"
+              echo "Maven Central: ${{ needs.maven-central-release.result }}"
+            fi
           else
-            echo "✅ Workflow completed successfully"
+            echo "✅ Workflow completed successfully on main branch"
           fi

README.md

@@ -27,25 +27,13 @@ metrics without complex configurations. Just add the SDK and start monitoring yo
 
 ### Installation
 
-**Option 1: Download from GitHub Releases (Recommended)**
+**Maven Central**
 
-1. Download the latest JAR from [GitHub Releases](https://github.com/logdash-io/java-sdk/releases)
-2. Add to your project classpath
-
-**Option 2: GitHub Packages (Maven/Gradle)**
-
-Add GitHub Packages repository to your build configuration:
+Add the dependency to your project:
 
 **Maven:**
 
 ```xml
-<repositories>
-    <repository>
-        <id>github</id>
-        <url>https://maven.pkg.github.com/logdash-io/java-sdk</url>
-    </repository>
-</repositories>
-
 <dependency>
     <groupId>io.logdash</groupId>
     <artifactId>logdash</artifactId>
@@ -56,18 +44,20 @@ Add GitHub Packages repository to your build configuration:
 **Gradle:**
 
 ```gradle
-repositories {
-    maven {
-        url = uri("https://maven.pkg.github.com/logdash-io/java-sdk")
-    }
+dependencies {
+    implementation 'io.logdash:logdash:0.1.0'
 }
+```
+
+**Gradle (Kotlin DSL):**
 
+```kotlin
 dependencies {
-    implementation 'io.logdash:logdash:0.1.0'
+    implementation("io.logdash:logdash:0.1.0")
 }
 ```
 
-**Option 3: Local Installation**
+**Local Installation**
 
 ```bash
 # Clone and install locally
@@ -86,8 +76,6 @@ Then use in your project:
 </dependency>
 ```
 
-> **Note:** Maven Central publication is planned for future releases. For now, use GitHub Releases or GitHub Packages.
-
 ### Basic Usage
 
 ```java

check-deployed-package/Check.java

@@ -1,4 +1,4 @@
-package com.logdash.check;
+package io.logdash.check;
 
 import io.logdash.sdk.Logdash;
 

check-deployed-package/pom.xml

@@ -1,8 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0           https://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <groupId>com.logdash</groupId>
+    <groupId>io.logdash</groupId>
     <artifactId>check</artifactId>
     <version>1.0.0</version>
 
@@ -50,10 +49,7 @@
                 <artifactId>exec-maven-plugin</artifactId>
                 <version>3.1.0</version>
                 <configuration>
-                    <mainClass>com.logdash.check.Check</mainClass>
-                    <options>
-                        <option>-Dfile.encoding=UTF-8</option>
-                    </options>
+                    <mainClass>io.logdash.check.Check</mainClass>
                 </configuration>
             </plugin>
         </plugins>

pom.xml

@@ -75,6 +75,8 @@
         <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
         <maven-deploy-plugin.version>3.1.4</maven-deploy-plugin.version>
         <maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version>
+        <maven-gpg-plugin.version>3.2.7</maven-gpg-plugin.version>
+        <central-publishing-maven-plugin.version>0.7.0</central-publishing-maven-plugin.version>
     </properties>
 
     <dependencies>
@@ -481,9 +483,9 @@
     </build>
 
     <profiles>
-        <!-- Release Profile -->
+        <!-- GitHub Packages Release Profile -->
         <profile>
-            <id>release</id>
+            <id>github-release</id>
             <activation>
                 <property>
                     <name>performRelease</name>
@@ -505,6 +507,65 @@
             </build>
         </profile>
 
+        <!-- Maven Central Release Profile -->
+        <profile>
+            <id>maven-central-release</id>
+            <distributionManagement>
+                <repository>
+                    <id>central</id>
+                    <name>Central Repository</name>
+                    <url>https://central.sonatype.com/api/v1/publisher</url>
+                </repository>
+                <snapshotRepository>
+                    <id>central</id>
+                    <name>Central Repository Snapshots</name>
+                    <url>https://central.sonatype.com/api/v1/publisher</url>
+                </snapshotRepository>
+            </distributionManagement>
+            <build>
+                <plugins>
+                    <!-- Central Publishing Maven Plugin -->
+                    <plugin>
+                        <groupId>org.sonatype.central</groupId>
+                        <artifactId>central-publishing-maven-plugin</artifactId>
+                        <version>${central-publishing-maven-plugin.version}</version>
+                        <extensions>true</extensions>
+                        <configuration>
+                            <publishingServerId>central</publishingServerId>
+                            <autoPublish>true</autoPublish>
+                            <waitUntil>published</waitUntil>
+                            <checksums>required</checksums>
+                        </configuration>
+                    </plugin>
+
+                    <!-- GPG Signing Plugin -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-gpg-plugin</artifactId>
+                        <version>${maven-gpg-plugin.version}</version>
+                        <executions>
+                            <execution>
+                                <id>sign-artifacts</id>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                                <phase>verify</phase>
+                                <configuration>
+                                    <passphraseEnvVar>GPG_PASSPHRASE</passphraseEnvVar>
+                                    <gpgArguments>
+                                        <arg>--pinentry-mode</arg>
+                                        <arg>loopback</arg>
+                                        <arg>--batch</arg>
+                                        <arg>--no-tty</arg>
+                                    </gpgArguments>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
         <!-- Quality Profile -->
         <profile>
             <id>quality</id>