From 8929395c4bf42eb7e51479efe56338dc504e45a9 Mon Sep 17 00:00:00 2001 From: alexeid Date: Tue, 5 May 2026 10:39:06 +1200 Subject: [PATCH 1/2] Bump beast.version to 2.8.0-beta5 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 396d7b8..fc98586 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ UTF-8 25 - 2.8.0-beta4 + 2.8.0-beta5 25.0.2 5.8.2 From 5d0976c9fa96f61859ea8ea97f25f4090fed4931 Mon Sep 17 00:00:00 2001 From: alexeid Date: Mon, 4 May 2026 09:41:47 +1200 Subject: [PATCH 2/2] ci: clean-deploy on tag and skip redundant verify - Gate "Build and test" to non-tag pushes (the same mvn verify runs as part of the deploy lifecycle on tag). - Replace two-step `mvn deploy -Prelease -DskipTests` with single `mvn -Prelease clean deploy`. The previous flow left unsigned package outputs in target/ from an earlier run, so the second invocation could deploy artifact bytes that did not match the freshly generated .asc files. Sonatype rejected such tag releases with "Invalid signature" on zip/sources/javadoc while jar/pom verified. A single clean deploy from the tag avoids that. --- .github/workflows/ci-publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-publish.yml b/.github/workflows/ci-publish.yml index 1023d05..d9e0027 100644 --- a/.github/workflows/ci-publish.yml +++ b/.github/workflows/ci-publish.yml @@ -44,11 +44,12 @@ jobs: mvn versions:set -DnewVersion=$VERSION -DgenerateBackupPoms=false - name: Build and test + if: "!startsWith(github.ref, 'refs/tags/v')" run: mvn verify - name: Publish to Maven Central if: startsWith(github.ref, 'refs/tags/v') - run: mvn deploy -Prelease -DskipTests + run: mvn -Prelease clean deploy env: CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }} CENTRAL_TOKEN: ${{ secrets.CENTRAL_TOKEN }}