-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Propose release cycle / process for binary artifacts #43
Comments
consider ( in order of my personal priority) |
we can also use sonatype OSS / Maven central, see https://github.com/baloise/ossrh-pipeline-demo Shall we update
Bintray will be discontinued by 1st of May Also we do have 2 bintray namespaces:
Github has it's own disadvantages
Known current users Github
Maven central
|
I started to collect features / pro / con @ https://github.com/baloise/open-source/wiki/Public-Maven-repository |
If your favorite is Github react to this comment |
If your favorite is Central react to this comment |
I am not that deep into all the possible registries. In the past I had some issues with maven, because at least the initial effort for creating a component was quite high, but that's years ago. |
Bintray is shutting down (https://twitter.com/droy_eclipse/status/1357034875409354753) |
IMHO if we're publishing on maven central we have to make sure to "only" publish IP clean artifacts with respect to open-source best practices. Being on maven central will potentially lead to a quick distribution. |
for github and for maven central you need credentials to deploy. There is a working demo @ https://github.com/baloise/ossrh-pipeline-demo |
@MarkusTiede : I get your point about quality. My conclusion is slightly different: we already publish the source code (= IP ) on github, which is currently the platform with the most public attention. Should we make life hard with binaries, when source is already available? Is it better to have hidden (IP) bugs that open ones? IMHO quality is precisely one argument for going open source, and Maven Central does have some quality checks in their deployment process ( code signing, POM quality, javadoc ). Release early, release often, build quality in > security ( safety) by obscurity |
IMHO we should improve the quality in our process first
I'm just cautious here due to my experience within the releng context of the Eclipse Foundation ; this is how the EF releases to maven central: https://git.eclipse.org/c/platform/eclipse.platform.releng.git/tree/publish-to-maven-central |
Maybe we should also broaden the scope here a bit to e.g. also cover releasing of
|
Github Package registry example: baloise/repository-template-java#4
The text was updated successfully, but these errors were encountered: