This API complies with the common-ci
approach.
Code Signing
We use Maven to package our Java APIs. The process of signing the result packages for Maven is different from Dotnet signing process.
- The signing process for Java uses
PGP ASCII Armored File
with file extension.asc
instead of.pfx
as in Dotnet. - The process requires the
.asc
file to be imported usinggpg
. - Then the result package will be signed as part of Maven
install
process usingmaven-gpg-plugin
.
Deploy External
The deployment to external of Java Maven packages must be done in the following order:
pipeline-java
device-detection-java
location-java
Steps for each java repo:
- Deploy packages to Nexus staging area - automatic.
- Deploy from Nexus staging to Maven Central - requires approval.
- Deploy to GitHub - requires approval.
All Java APIs share a staging area, so occasionally repositories are left in the staging area as a results of a possible cancellation or an unwanted pipeline termination, etc. This sometimes causes the deployment to staging to fail. In this case, it is the best to login to the Nexus staging area and manually drop all unwanted repositories and rerun the deployment process.