Release is done on github. Do not release from your local machine.
Create a release issue using the release template
Tag the release at the version you wish (ex v0.5.3), this MUST match the project version (0.5.3). See version info in gradle.properties.
- Use the "Release sigstore-java and sigstore-maven-plugin to Maven Central" action against the tagged version `v0.5.3'. This action builds, signs and pushes the artifacts to Maven Central.
Releasing to maven central is a permanent action, it cannot be reverted
Release the bundle:
- Log into sonatype (s01)
- Click "Staging Repositories" on the left navbar
- Select your artifact, "close" it to begin checks
- After all checks have passed, "release" it
- If checks are failing, "drop" the bundle and fix the release process
- Releases show up on Maven Central roughly 1-2 hours after release
- Use the "Release sigstore gradle plugins to Gradle Plugin Portal" action against the tagged version `v0.5.3'. This action builds, signs and pushes the artifacts to the Gradle Plugin Portal
- There is no follow up here, plugins are auto released on the plugin portal.## Reverting a failed release (Github only)
If a release build fails for any reason or the resulting artifacts are not as expected, you must clean-up any tags or releases built during the action
You can try to contact support but typically releases are permanent.
If you wish to revert a release, you must login to the portal using sigstore-java-releasers within 7 days to delete a release.