From cc9d3a3e3520c53c3888d88459273fab1696931e Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Tue, 4 Nov 2025 14:02:16 -0600
Subject: [PATCH 01/41] Update dry run version input in workflow

---
 .github/workflows/extension-attach-artifact-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 02abd964..8075f1bb 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -175,7 +175,7 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         shell: bash
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
 

From a8e2a7fd05209df8be236168699a87d0094da5e2 Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Tue, 4 Nov 2025 14:07:57 -0600
Subject: [PATCH 02/41] Update dry-run version input for release artifacts

---
 .github/workflows/extension-attach-artifact-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 8075f1bb..290a2600 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -440,7 +440,7 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           # Determine the default branch (master or main)
           if git rev-parse --verify origin/master >/dev/null 2>&1; then

From 03c70b77415be8c243ac8a905112bea20b455439 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Tue, 4 Nov 2025 14:29:25 -0600
Subject: [PATCH 03/41] feat: extract release version from POM and handle dry
 run versioning in workflow

---
 .../extension-attach-artifact-release.yml     | 71 ++++++++++++++++---
 1 file changed, 62 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 290a2600..9f64b53f 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -163,11 +163,34 @@ jobs:
         run: |
           ${{ inputs.extraLinuxCommand }}
 
+      - name: Get Release Version from POM
+        id: get-release-version
+        shell: bash
+        run: |
+          RELEASE_VERSION=$(grep -m2 '<version>' pom.xml | tail -n 1 | awk -F'[><]' '{print $3}' | sed 's/-SNAPSHOT//')
+          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
+          echo "Release version extracted from pom.xml: $RELEASE_VERSION"
+
+      - name: Determine Release Version for Dry Run
+        if: ${{ inputs.dry_run == true }}
+        id: determine-dry-run-version
+        shell: bash
+        run: |
+          # Use dry_run_version input if provided, otherwise use version from POM
+          if [ -n "${{ inputs.dry_run_version }}" ]; then
+            DRY_RUN_VERSION="${{ inputs.dry_run_version }}"
+            echo "Using provided dry_run_version: $DRY_RUN_VERSION"
+          else
+            DRY_RUN_VERSION="${{ steps.get-release-version.outputs.RELEASE_VERSION }}"
+            echo "Using version from pom.xml: $DRY_RUN_VERSION"
+          fi
+          echo "DRY_RUN_VERSION=$DRY_RUN_VERSION" >> $GITHUB_OUTPUT
+
       - name: Build and Package
         if: ${{ inputs.dry_run == false }}
         shell: bash
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.get-release-version.outputs.RELEASE_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
 
@@ -175,7 +198,7 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         shell: bash
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.determine-dry-run-version.outputs.DRY_RUN_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
 
@@ -207,7 +230,13 @@ jobs:
         id: get-artifact-version-dry-run
         shell: bash
         run: |
-          echo "artifact_version=${{ inputs.dry_run_version }}" >> $GITHUB_OUTPUT
+          # Use dry_run_version input if provided, otherwise use version from POM
+          if [ -n "${{ inputs.dry_run_version }}" ]; then
+            artifact_version="${{ inputs.dry_run_version }}"
+          else
+            artifact_version="${{ steps.get-release-version.outputs.RELEASE_VERSION }}"
+          fi
+          echo "artifact_version=$artifact_version" >> $GITHUB_OUTPUT
 
       - name: Save Artifacts
         uses: actions/upload-artifact@v4
@@ -394,13 +423,22 @@ jobs:
         run: |
           ${{ inputs.extraCommand }}
 
+      - name: Get Release Version from POM
+        if: ${{ inputs.dry_run == false }}
+        id: get-release-version-attach
+        shell: bash
+        run: |
+          RELEASE_VERSION=$(grep -m2 '<version>' pom.xml | tail -n 1 | awk -F'[><]' '{print $3}' | sed 's/-SNAPSHOT//')
+          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
+          echo "Release version extracted from pom.xml: $RELEASE_VERSION"
+
       - name: Check and download artifacts from GPM
         if: ${{ inputs.dry_run == false }}
         id: check-download-artifacts
         env:
           ARTIFACT_NAME: ${{ github.event.repository.name }}
         run: |
-          RELEASE_VERSION=$(grep -m2 '<version>' pom.xml | tail -n 1 | awk -F'[><]' '{print $3}' | sed 's/-SNAPSHOT//')
+          RELEASE_VERSION=${{ steps.get-release-version-attach.outputs.RELEASE_VERSION }}
           echo "RELEASE_VERSION=$RELEASE_VERSION"
           mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=${{ env.ARTIFACT_NAME }} -Dversion=$RELEASE_VERSION -Dtransitive=false || echo "Failed to download artifact"
           mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=${{ env.ARTIFACT_NAME }} -Dversion=$RELEASE_VERSION -Dpackaging=pom -Dtransitive=false || echo "Failed to download pom artifact"
@@ -422,7 +460,7 @@ jobs:
         if: ${{ env.ARTIFACT_FOUND == '0' && inputs.dry_run == false }}
         id: build-release-artifacts
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.get-release-version-attach.outputs.RELEASE_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           # Determine the default branch (master or main)
           if git rev-parse --verify origin/master >/dev/null 2>&1; then
@@ -436,11 +474,26 @@ jobs:
           LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH)
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
 
+      - name: Determine Dry Run Version for Attach Release
+        if: ${{ inputs.dry_run == true }}
+        id: determine-dry-run-version-attach
+        shell: bash
+        run: |
+          # Use dry_run_version input if provided, otherwise use version from POM
+          if [ -n "${{ inputs.dry_run_version }}" ]; then
+            DRY_RUN_VERSION="${{ inputs.dry_run_version }}"
+            echo "Using provided dry_run_version: $DRY_RUN_VERSION"
+          else
+            DRY_RUN_VERSION="${{ steps.get-release-version-attach.outputs.RELEASE_VERSION }}"
+            echo "Using version from pom.xml: $DRY_RUN_VERSION"
+          fi
+          echo "DRY_RUN_VERSION=$DRY_RUN_VERSION" >> $GITHUB_OUTPUT
+
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           # Determine the default branch (master or main)
           if git rev-parse --verify origin/master >/dev/null 2>&1; then
@@ -531,7 +584,7 @@ jobs:
         working-directory: ${{ inputs.artifactPath }}
         run: |
           gpg -K
-          version=${{ inputs.dry_run_version }}
+          version=${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }}
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.jar
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.pom
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-javadoc.jar
@@ -562,9 +615,9 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: v${{ inputs.dry_run_version }}
+          tag_name: v${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }}
           fail_on_unmatched_files: true
-          body: Dry Run ${{ inputs.dry_run_version }}
+          body: Dry Run ${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }}
           generate_release_notes: true
           draft: true
           files: ./target/*

From 109c0b23813a477fcc208f6c033cb61e11dcedff Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Tue, 4 Nov 2025 14:42:02 -0600
Subject: [PATCH 04/41] fix: remove conditional check for dry run in Get
 Release Version step

---
 .github/workflows/extension-attach-artifact-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 9f64b53f..cc791042 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -424,7 +424,6 @@ jobs:
           ${{ inputs.extraCommand }}
 
       - name: Get Release Version from POM
-        if: ${{ inputs.dry_run == false }}
         id: get-release-version-attach
         shell: bash
         run: |

From 09af19c42700cd4d4fca691ed84df24b883236d7 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 11:54:31 -0600
Subject: [PATCH 05/41] refactor: streamline release version handling and dry
 run logic in workflow

---
 .../extension-attach-artifact-release.yml     | 83 +++----------------
 1 file changed, 11 insertions(+), 72 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index cc791042..d1f0ae24 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -1,4 +1,4 @@
-name: Attach Artifact to Release
+# Attach Artifact to Release
 
 # Add permissions for the default GITHUB_TOKEN
 permissions:
@@ -163,34 +163,11 @@ jobs:
         run: |
           ${{ inputs.extraLinuxCommand }}
 
-      - name: Get Release Version from POM
-        id: get-release-version
-        shell: bash
-        run: |
-          RELEASE_VERSION=$(grep -m2 '<version>' pom.xml | tail -n 1 | awk -F'[><]' '{print $3}' | sed 's/-SNAPSHOT//')
-          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
-          echo "Release version extracted from pom.xml: $RELEASE_VERSION"
-
-      - name: Determine Release Version for Dry Run
-        if: ${{ inputs.dry_run == true }}
-        id: determine-dry-run-version
-        shell: bash
-        run: |
-          # Use dry_run_version input if provided, otherwise use version from POM
-          if [ -n "${{ inputs.dry_run_version }}" ]; then
-            DRY_RUN_VERSION="${{ inputs.dry_run_version }}"
-            echo "Using provided dry_run_version: $DRY_RUN_VERSION"
-          else
-            DRY_RUN_VERSION="${{ steps.get-release-version.outputs.RELEASE_VERSION }}"
-            echo "Using version from pom.xml: $DRY_RUN_VERSION"
-          fi
-          echo "DRY_RUN_VERSION=$DRY_RUN_VERSION" >> $GITHUB_OUTPUT
-
       - name: Build and Package
         if: ${{ inputs.dry_run == false }}
         shell: bash
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.get-release-version.outputs.RELEASE_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
 
@@ -198,8 +175,7 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         shell: bash
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.determine-dry-run-version.outputs.DRY_RUN_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
-          git reset HEAD~ --hard
+          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
 
       - name: Get Artifact ID
@@ -216,25 +192,14 @@ jobs:
           echo "artifact_id=$artifact_id" >> $GITHUB_OUTPUT
 
       - name: Get Artifact Version
-        if: ${{ inputs.dry_run == false }}
         working-directory: ${{ inputs.artifactPath }}
         id: get-artifact-version
         shell: bash
         run: |
-          artifact_version=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
-          echo "artifact_version=$artifact_version" >> $GITHUB_OUTPUT
-
-      - name: Get Artifact Version
-        if: ${{ inputs.dry_run == true }}
-        working-directory: ${{ inputs.artifactPath }}
-        id: get-artifact-version-dry-run
-        shell: bash
-        run: |
-          # Use dry_run_version input if provided, otherwise use version from POM
-          if [ -n "${{ inputs.dry_run_version }}" ]; then
+          if [ "${{ inputs.dry_run }}" == "true" ]; then
             artifact_version="${{ inputs.dry_run_version }}"
           else
-            artifact_version="${{ steps.get-release-version.outputs.RELEASE_VERSION }}"
+            artifact_version=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
           fi
           echo "artifact_version=$artifact_version" >> $GITHUB_OUTPUT
 
@@ -423,21 +388,13 @@ jobs:
         run: |
           ${{ inputs.extraCommand }}
 
-      - name: Get Release Version from POM
-        id: get-release-version-attach
-        shell: bash
-        run: |
-          RELEASE_VERSION=$(grep -m2 '<version>' pom.xml | tail -n 1 | awk -F'[><]' '{print $3}' | sed 's/-SNAPSHOT//')
-          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
-          echo "Release version extracted from pom.xml: $RELEASE_VERSION"
-
       - name: Check and download artifacts from GPM
         if: ${{ inputs.dry_run == false }}
         id: check-download-artifacts
         env:
           ARTIFACT_NAME: ${{ github.event.repository.name }}
         run: |
-          RELEASE_VERSION=${{ steps.get-release-version-attach.outputs.RELEASE_VERSION }}
+          RELEASE_VERSION=$(grep -m2 '<version>' pom.xml | tail -n 1 | awk -F'[><]' '{print $3}' | sed 's/-SNAPSHOT//')
           echo "RELEASE_VERSION=$RELEASE_VERSION"
           mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=${{ env.ARTIFACT_NAME }} -Dversion=$RELEASE_VERSION -Dtransitive=false || echo "Failed to download artifact"
           mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=${{ env.ARTIFACT_NAME }} -Dversion=$RELEASE_VERSION -Dpackaging=pom -Dtransitive=false || echo "Failed to download pom artifact"
@@ -459,7 +416,7 @@ jobs:
         if: ${{ env.ARTIFACT_FOUND == '0' && inputs.dry_run == false }}
         id: build-release-artifacts
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.get-release-version-attach.outputs.RELEASE_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           git reset HEAD~ --hard
           # Determine the default branch (master or main)
           if git rev-parse --verify origin/master >/dev/null 2>&1; then
@@ -473,27 +430,11 @@ jobs:
           LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH)
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
 
-      - name: Determine Dry Run Version for Attach Release
-        if: ${{ inputs.dry_run == true }}
-        id: determine-dry-run-version-attach
-        shell: bash
-        run: |
-          # Use dry_run_version input if provided, otherwise use version from POM
-          if [ -n "${{ inputs.dry_run_version }}" ]; then
-            DRY_RUN_VERSION="${{ inputs.dry_run_version }}"
-            echo "Using provided dry_run_version: $DRY_RUN_VERSION"
-          else
-            DRY_RUN_VERSION="${{ steps.get-release-version-attach.outputs.RELEASE_VERSION }}"
-            echo "Using version from pom.xml: $DRY_RUN_VERSION"
-          fi
-          echo "DRY_RUN_VERSION=$DRY_RUN_VERSION" >> $GITHUB_OUTPUT
-
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
-          git reset HEAD~ --hard
+          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
           # Determine the default branch (master or main)
           if git rev-parse --verify origin/master >/dev/null 2>&1; then
             DEFAULT_BRANCH="master"
@@ -520,7 +461,6 @@ jobs:
           LATEST_DRAFT_RELEASE=$(curl -X GET -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/releases?per_page=1" | jq -r 'if .[].draft == true then .[].id else empty end')
           echo "Latest Draft Release ID: $LATEST_DRAFT_RELEASE"
           echo "RELEASE_ID=$LATEST_DRAFT_RELEASE" >> $GITHUB_ENV
-          
 
       - name: List artifacts in release
         if: ${{ env.RELEASE_ID != '' && env.RELEASE_ID != null && inputs.dry_run == false }}
@@ -542,7 +482,6 @@ jobs:
             curl -X DELETE -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/releases/assets/$value"
             echo "Deleted artifact ID: $value"
           done
-  
       - name: Convert escaped newlines and set GPG key
         run: |
           GPG_KEY_CONTENT="$(printf '%b' "${{ env.GPG_SECRET }}")"
@@ -583,7 +522,7 @@ jobs:
         working-directory: ${{ inputs.artifactPath }}
         run: |
           gpg -K
-          version=${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }}
+          version=${{ inputs.dry_run_version }}
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.jar
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.pom
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-javadoc.jar
@@ -614,9 +553,9 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: v${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }}
+          tag_name: v${{ inputs.dry_run_version }}
           fail_on_unmatched_files: true
-          body: Dry Run ${{ steps.determine-dry-run-version-attach.outputs.DRY_RUN_VERSION }}
+          body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
           files: ./target/*

From 3a7b737d3ba3b6a59b9727214c754d6b32369d23 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 12:14:21 -0600
Subject: [PATCH 06/41] refactor: simplify dry run logic by using GitHub's
 default branch setting

---
 .../extension-attach-artifact-release.yml     | 34 +++++++------------
 1 file changed, 13 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index d1f0ae24..06f57d65 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -416,34 +416,26 @@ jobs:
         if: ${{ env.ARTIFACT_FOUND == '0' && inputs.dry_run == false }}
         id: build-release-artifacts
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
+          -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
+          -DscmServerId=liquibase
           git reset HEAD~ --hard
-          # Determine the default branch (master or main)
-          if git rev-parse --verify origin/master >/dev/null 2>&1; then
-            DEFAULT_BRANCH="master"
-          elif git rev-parse --verify origin/main >/dev/null 2>&1; then
-            DEFAULT_BRANCH="main"
-          else
-            echo "Neither master nor main branch found. Exiting."
-            exit 1
-          fi
-          LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH)
+          # Use GitHub's default branch from repository settings
+          DEFAULT_BRANCH="${{ github.event.repository.default_branch }}"
+          echo "Using default branch: $DEFAULT_BRANCH"
+          LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH || git rev-parse HEAD)
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
 
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
         run: |
-          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
-          # Determine the default branch (master or main)
-          if git rev-parse --verify origin/master >/dev/null 2>&1; then
-            DEFAULT_BRANCH="master"
-          elif git rev-parse --verify origin/main >/dev/null 2>&1; then
-            DEFAULT_BRANCH="main"
-          else
-            echo "Neither master nor main branch found. Exiting."
-            exit 1
-          fi
+          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
+          -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
+          -DscmServerId=liquibase
+          # Use GitHub's default branch from repository settings
+          DEFAULT_BRANCH="${{ github.event.repository.default_branch }}"
+          echo "Using default branch: $DEFAULT_BRANCH"
           LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH)
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
 

From 0c6a2ace629164125b2cf20cc663a83e07052a31 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 12:20:07 -0600
Subject: [PATCH 07/41] fix: handle fallback for last commit hash retrieval in
 artifact release workflow

---
 .github/workflows/extension-attach-artifact-release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 06f57d65..6b9b94f4 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -1,4 +1,4 @@
-# Attach Artifact to Release
+name: Attach Artifact to Release
 
 # Add permissions for the default GITHUB_TOKEN
 permissions:
@@ -436,7 +436,7 @@ jobs:
           # Use GitHub's default branch from repository settings
           DEFAULT_BRANCH="${{ github.event.repository.default_branch }}"
           echo "Using default branch: $DEFAULT_BRANCH"
-          LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH)
+          LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH || git rev-parse HEAD)
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
 
       - name: Download multiarchitecture release artifacts

From e33f147e26a47f7b33a103b3badf981d24eee14f Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 12:25:49 -0600
Subject: [PATCH 08/41] refactor: use current branch name for dry runs instead
 of default branch in build command

---
 .../workflows/extension-attach-artifact-release.yml  | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 6b9b94f4..c3c73d3e 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -423,8 +423,7 @@ jobs:
           # Use GitHub's default branch from repository settings
           DEFAULT_BRANCH="${{ github.event.repository.default_branch }}"
           echo "Using default branch: $DEFAULT_BRANCH"
-          LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH || git rev-parse HEAD)
-          mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
+          mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$DEFAULT_BRANCH
 
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
@@ -433,11 +432,10 @@ jobs:
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
-          # Use GitHub's default branch from repository settings
-          DEFAULT_BRANCH="${{ github.event.repository.default_branch }}"
-          echo "Using default branch: $DEFAULT_BRANCH"
-          LAST_COMMIT_HASH=$(git rev-parse origin/$DEFAULT_BRANCH || git rev-parse HEAD)
-          mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$LAST_COMMIT_HASH
+          # Use current branch name for dry runs
+          CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+          echo "Using current branch: $CURRENT_BRANCH"
+          mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$CURRENT_BRANCH
 
       - name: Download multiarchitecture release artifacts
         if: inputs.combineJars

From b3acd18de2a5f6f7a76f6886ad77f4aaeced0cb9 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 12:31:20 -0600
Subject: [PATCH 09/41] fix: dynamically retrieve project version for artifact
 signing instead of using input

---
 .github/workflows/extension-attach-artifact-release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index c3c73d3e..bf47ae0a 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -512,7 +512,8 @@ jobs:
         working-directory: ${{ inputs.artifactPath }}
         run: |
           gpg -K
-          version=${{ inputs.dry_run_version }}
+          version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "Signing artifacts for version: $version"
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.jar
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.pom
           ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-javadoc.jar

From e1b1711e4a540f4166484279f79b0b6816415ecc Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 12:46:33 -0600
Subject: [PATCH 10/41] feat: add generation of source and javadoc jars, and
 versioned POM file in artifact release workflow

---
 .../extension-attach-artifact-release.yml      | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index bf47ae0a..ef785706 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -425,6 +425,15 @@ jobs:
           echo "Using default branch: $DEFAULT_BRANCH"
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$DEFAULT_BRANCH
 
+          # Generate source and javadoc jars
+          mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
+
+          # Copy POM to target directory with versioned name
+          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
+          echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
+
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
@@ -437,6 +446,15 @@ jobs:
           echo "Using current branch: $CURRENT_BRANCH"
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$CURRENT_BRANCH
 
+          # Generate source and javadoc jars
+          mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
+
+          # Copy POM to target directory with versioned name
+          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
+          echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
+
       - name: Download multiarchitecture release artifacts
         if: inputs.combineJars
         uses: actions/download-artifact@v6

From a275c21d737a645b0c32d055aa4151f4f0725a7b Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 12:54:04 -0600
Subject: [PATCH 11/41] feat: add version retrieval for dry-run releases in
 artifact attachment workflow

---
 .../extension-attach-artifact-release.yml         | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index ef785706..9f0d758e 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -557,17 +557,26 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
+      - name: Get version for dry-run release
+        if: ${{ inputs.dry_run == true }}
+        id: get-dry-run-version
+        working-directory: ${{ inputs.artifactPath }}
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Dry run version: $VERSION"
+
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
         if: ${{ inputs.dry_run == true }}
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: v${{ inputs.dry_run_version }}
+          tag_name: v${{ steps.get-dry-run-version.outputs.version }}
           fail_on_unmatched_files: true
-          body: Dry Run ${{ inputs.dry_run_version }}
+          body: Dry Run ${{ steps.get-dry-run-version.outputs.version }}
           generate_release_notes: true
           draft: true
-          files: ./target/*
+          files: ${{ inputs.artifactPath }}/target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From c1c6babfb95a1786502ac4b16ba0ef1f3535c7c4 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 13:36:57 -0600
Subject: [PATCH 12/41] fix: enhance dry-run deployment logging and use
 environment variables for credentials

---
 .github/workflows/extension-release-published.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 190d1acc..cf70fa1f 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -318,14 +318,15 @@ jobs:
 
       - name: Publish to Maven Central
         working-directory: ${{ inputs.artifactPath }}
-        env:
-          MAVEN_USERNAME: ${{ env.REPO_LIQUIBASE_NET_USER }}
-          MAVEN_PASSWORD: ${{ env.REPO_LIQUIBASE_NET_PASSWORD }}
         run: |
-          version=${{ inputs.dry_run_version }}         
+          version=${{ inputs.dry_run_version }}
+          echo "Deploying version: $version"
+          echo "Repository: https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/"
           mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
                       -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
                       -DrepositoryId=dry-run-sonatype-nexus-staging \
+                      -Dusername="${REPO_LIQUIBASE_NET_USER}" \
+                      -Dpassword="${REPO_LIQUIBASE_NET_PASSWORD}" \
                       -DpomFile=${{ env.artifact_id }}-${version}.pom \
                       -DgeneratePom=false \
                       -Dfile=${{ env.artifact_id }}-${version}.jar \

From 66a386c8a310b423d2a3ef6dee4699f5d9e24ed5 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 15:16:22 -0600
Subject: [PATCH 13/41] debug: add credential validation before Maven deploy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Check if REPO_LIQUIBASE_NET_USER and REPO_LIQUIBASE_NET_PASSWORD are set
- Display credential length for verification
- Exit early if credentials are missing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/extension-release-published.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index cf70fa1f..c7e553a8 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -316,12 +316,24 @@ jobs:
           fileName: "${{ env.artifact_id }}-*"
           out-file-path: ${{ inputs.artifactPath }}
 
-      - name: Publish to Maven Central
+      - name: Publish to Maven Central (dry_run)
         working-directory: ${{ inputs.artifactPath }}
         run: |
           version=${{ inputs.dry_run_version }}
           echo "Deploying version: $version"
           echo "Repository: https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/"
+
+          # Debug: Check if credentials are set
+          if [ -z "$REPO_LIQUIBASE_NET_USER" ]; then
+            echo "ERROR: REPO_LIQUIBASE_NET_USER is not set!"
+            exit 1
+          fi
+          if [ -z "$REPO_LIQUIBASE_NET_PASSWORD" ]; then
+            echo "ERROR: REPO_LIQUIBASE_NET_PASSWORD is not set!"
+            exit 1
+          fi
+          echo "Credentials are set (user length: ${#REPO_LIQUIBASE_NET_USER}, pass length: ${#REPO_LIQUIBASE_NET_PASSWORD})"
+
           mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
                       -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
                       -DrepositoryId=dry-run-sonatype-nexus-staging \

From c9c8ca5d9dde44a67cb66a0a56d9c07f00fe43a0 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 15:25:56 -0600
Subject: [PATCH 14/41] fix: enable snapshots for extension release in workflow
 configuration

---
 .github/workflows/extension-release-published.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index c7e553a8..66641d45 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -276,7 +276,7 @@ jobs:
                   "enabled": "true"
                 },
                 "snapshots": {
-                  "enabled": "false"
+                  "enabled": "true"
                 }
               }
             ]

From dd5f8f8ea952b0e4004816083979417a19e4c4ae Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Wed, 5 Nov 2025 15:44:23 -0600
Subject: [PATCH 15/41] fix: update dry-run deployment to strip -SNAPSHOT
 suffix and rename artifacts for Maven Central

---
 .../workflows/extension-release-published.yml | 35 +++++++++++++++----
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 66641d45..9d0ac7d7 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -319,8 +319,11 @@ jobs:
       - name: Publish to Maven Central (dry_run)
         working-directory: ${{ inputs.artifactPath }}
         run: |
-          version=${{ inputs.dry_run_version }}
-          echo "Deploying version: $version"
+          snapshot_version=${{ inputs.dry_run_version }}
+          # Strip -SNAPSHOT suffix for Nexus deployment (release repository doesn't accept SNAPSHOTs)
+          release_version=${snapshot_version%-SNAPSHOT}
+          echo "Original version: $snapshot_version"
+          echo "Release version for deployment: $release_version"
           echo "Repository: https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/"
 
           # Debug: Check if credentials are set
@@ -334,17 +337,35 @@ jobs:
           fi
           echo "Credentials are set (user length: ${#REPO_LIQUIBASE_NET_USER}, pass length: ${#REPO_LIQUIBASE_NET_PASSWORD})"
 
+          # Rename artifacts to remove -SNAPSHOT for deployment
+          echo "Renaming artifacts to release version..."
+          for file in ${{ env.artifact_id }}-${snapshot_version}*; do
+            if [ -f "$file" ]; then
+              new_file=$(echo "$file" | sed "s/${snapshot_version}/${release_version}/g")
+              mv "$file" "$new_file"
+              echo "Renamed: $file -> $new_file"
+            fi
+          done
+
+          # Update POM version to remove -SNAPSHOT
+          echo "Updating POM version from $snapshot_version to $release_version..."
+          sed -i "s|<version>${snapshot_version}</version>|<version>${release_version}</version>|g" ${{ env.artifact_id }}-${release_version}.pom
+
+          # List files to verify
+          echo "Files to deploy:"
+          ls -lh ${{ env.artifact_id }}-${release_version}*
+
           mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
                       -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
                       -DrepositoryId=dry-run-sonatype-nexus-staging \
                       -Dusername="${REPO_LIQUIBASE_NET_USER}" \
                       -Dpassword="${REPO_LIQUIBASE_NET_PASSWORD}" \
-                      -DpomFile=${{ env.artifact_id }}-${version}.pom \
+                      -DpomFile=${{ env.artifact_id }}-${release_version}.pom \
                       -DgeneratePom=false \
-                      -Dfile=${{ env.artifact_id }}-${version}.jar \
-                      -Dsources=${{ env.artifact_id }}-${version}-sources.jar \
-                      -Djavadoc=${{ env.artifact_id }}-${version}-javadoc.jar \
-                      -Dfiles=${{ env.artifact_id }}-${version}.jar.asc,${{ env.artifact_id }}-${version}-sources.jar.asc,${{ env.artifact_id }}-${version}-javadoc.jar.asc,${{ env.artifact_id }}-${version}.pom.asc \
+                      -Dfile=${{ env.artifact_id }}-${release_version}.jar \
+                      -Dsources=${{ env.artifact_id }}-${release_version}-sources.jar \
+                      -Djavadoc=${{ env.artifact_id }}-${release_version}-javadoc.jar \
+                      -Dfiles=${{ env.artifact_id }}-${release_version}.jar.asc,${{ env.artifact_id }}-${release_version}-sources.jar.asc,${{ env.artifact_id }}-${release_version}-javadoc.jar.asc,${{ env.artifact_id }}-${release_version}.pom.asc \
                       -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
                       -Dclassifiers=,sources,javadoc,
 

From 2f35844ced5b1a6eddb4e1ad61378e94de18fbf3 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 11:05:35 -0600
Subject: [PATCH 16/41] fix: update dry-run release version retrieval to use
 input parameter instead of Maven command

---
 .../extension-attach-artifact-release.yml     | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 9f0d758e..0eeaa857 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -557,23 +557,23 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
-      - name: Get version for dry-run release
-        if: ${{ inputs.dry_run == true }}
-        id: get-dry-run-version
-        working-directory: ${{ inputs.artifactPath }}
-        run: |
-          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-          echo "Dry run version: $VERSION"
+      # - name: Get version for dry-run release
+      #   if: ${{ inputs.dry_run == true }}
+      #   id: get-dry-run-version
+      #   working-directory: ${{ inputs.artifactPath }}
+      #   run: |
+      #     VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+      #     echo "version=$VERSION" >> $GITHUB_OUTPUT
+      #     echo "Dry run version: $VERSION"
 
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
         if: ${{ inputs.dry_run == true }}
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: v${{ steps.get-dry-run-version.outputs.version }}
+          tag_name: v${{ inputs.dry_run_version }}
           fail_on_unmatched_files: true
-          body: Dry Run ${{ steps.get-dry-run-version.outputs.version }}
+          body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
           files: ${{ inputs.artifactPath }}/target/*

From 0c70e67eeb1f4e2019ce1b4fc24458326314df2d Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 11:14:42 -0600
Subject: [PATCH 17/41] fix: streamline dry-run deployment by removing
 unnecessary steps and using environment variables for credentials

---
 .../workflows/extension-release-published.yml | 56 ++++---------------
 1 file changed, 11 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 9d0ac7d7..7df5c353 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -316,59 +316,25 @@ jobs:
           fileName: "${{ env.artifact_id }}-*"
           out-file-path: ${{ inputs.artifactPath }}
 
-      - name: Publish to Maven Central (dry_run)
+      - name: Publish to Maven Central
         working-directory: ${{ inputs.artifactPath }}
+        env:
+          MAVEN_USERNAME: ${{ env.REPO_LIQUIBASE_NET_USER }}
+          MAVEN_PASSWORD: ${{ env.REPO_LIQUIBASE_NET_PASSWORD }}
         run: |
-          snapshot_version=${{ inputs.dry_run_version }}
-          # Strip -SNAPSHOT suffix for Nexus deployment (release repository doesn't accept SNAPSHOTs)
-          release_version=${snapshot_version%-SNAPSHOT}
-          echo "Original version: $snapshot_version"
-          echo "Release version for deployment: $release_version"
-          echo "Repository: https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/"
-
-          # Debug: Check if credentials are set
-          if [ -z "$REPO_LIQUIBASE_NET_USER" ]; then
-            echo "ERROR: REPO_LIQUIBASE_NET_USER is not set!"
-            exit 1
-          fi
-          if [ -z "$REPO_LIQUIBASE_NET_PASSWORD" ]; then
-            echo "ERROR: REPO_LIQUIBASE_NET_PASSWORD is not set!"
-            exit 1
-          fi
-          echo "Credentials are set (user length: ${#REPO_LIQUIBASE_NET_USER}, pass length: ${#REPO_LIQUIBASE_NET_PASSWORD})"
-
-          # Rename artifacts to remove -SNAPSHOT for deployment
-          echo "Renaming artifacts to release version..."
-          for file in ${{ env.artifact_id }}-${snapshot_version}*; do
-            if [ -f "$file" ]; then
-              new_file=$(echo "$file" | sed "s/${snapshot_version}/${release_version}/g")
-              mv "$file" "$new_file"
-              echo "Renamed: $file -> $new_file"
-            fi
-          done
-
-          # Update POM version to remove -SNAPSHOT
-          echo "Updating POM version from $snapshot_version to $release_version..."
-          sed -i "s|<version>${snapshot_version}</version>|<version>${release_version}</version>|g" ${{ env.artifact_id }}-${release_version}.pom
-
-          # List files to verify
-          echo "Files to deploy:"
-          ls -lh ${{ env.artifact_id }}-${release_version}*
-
+          version=${{ inputs.dry_run_version }}         
           mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
                       -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
                       -DrepositoryId=dry-run-sonatype-nexus-staging \
-                      -Dusername="${REPO_LIQUIBASE_NET_USER}" \
-                      -Dpassword="${REPO_LIQUIBASE_NET_PASSWORD}" \
-                      -DpomFile=${{ env.artifact_id }}-${release_version}.pom \
+                      -DpomFile=${{ env.artifact_id }}-${version}.pom \
                       -DgeneratePom=false \
-                      -Dfile=${{ env.artifact_id }}-${release_version}.jar \
-                      -Dsources=${{ env.artifact_id }}-${release_version}-sources.jar \
-                      -Djavadoc=${{ env.artifact_id }}-${release_version}-javadoc.jar \
-                      -Dfiles=${{ env.artifact_id }}-${release_version}.jar.asc,${{ env.artifact_id }}-${release_version}-sources.jar.asc,${{ env.artifact_id }}-${release_version}-javadoc.jar.asc,${{ env.artifact_id }}-${release_version}.pom.asc \
+                      -Dfile=${{ env.artifact_id }}-${version}.jar \
+                      -Dsources=${{ env.artifact_id }}-${version}-sources.jar \
+                      -Djavadoc=${{ env.artifact_id }}-${version}-javadoc.jar \
+                      -Dfiles=${{ env.artifact_id }}-${version}.jar.asc,${{ env.artifact_id }}-${version}-sources.jar.asc,${{ env.artifact_id }}-${version}-javadoc.jar.asc,${{ env.artifact_id }}-${version}.pom.asc \
                       -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
                       -Dclassifiers=,sources,javadoc,
-
+                      
   deploy_xsd:
     if: inputs.nameSpace != '' && inputs.deployToMavenCentral == true && inputs.dry_run == false
     name: Upload xsds

From e99f9bb6011523f81abf832683e1705be0e55052 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 11:31:58 -0600
Subject: [PATCH 18/41] fix: update artifact path in release attachment step to
 use relative path

---
 .github/workflows/extension-attach-artifact-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 0eeaa857..a8857cb1 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -576,7 +576,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ${{ inputs.artifactPath }}/target/*
+          files: ./target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From af41605f33c864996d020ade2dc1b4d9feeb314c Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 11:47:27 -0600
Subject: [PATCH 19/41] fix: update artifact file paths in release step to use
 dynamic inputs

---
 .../workflows/extension-attach-artifact-release.yml    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index a8857cb1..1e9a9948 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -576,7 +576,15 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ./target/*
+          files: |
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.jar
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.jar.asc
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom.asc
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-javadoc.jar
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-javadoc.jar.asc
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-sources.jar
+            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-sources.jar.asc
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From ed9243151d5e340d7cf32f147b54b108362dd0d1 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 12:01:42 -0600
Subject: [PATCH 20/41] fix: add preparation step for dry-run release artifacts
 and update attachment paths

---
 .../extension-attach-artifact-release.yml     | 30 ++++++++++++++-----
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 1e9a9948..c4410079 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -566,6 +566,20 @@ jobs:
       #     echo "version=$VERSION" >> $GITHUB_OUTPUT
       #     echo "Dry run version: $VERSION"
 
+      - name: Prepare artifacts for dry-run release
+        id: prepare-artifacts-dry-run
+        if: ${{ inputs.dry_run == true }}
+        working-directory: ${{ inputs.artifactPath }}
+        run: |
+          # Get the artifact ID from the current module (not parent POM)
+          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "Detected artifact_id: $ARTIFACT_ID"
+          echo "artifact_id_dry_run=$ARTIFACT_ID" >> $GITHUB_OUTPUT
+
+          # List the files that will be attached
+          echo "Files to attach from $(pwd)/target:"
+          ls -la target/${ARTIFACT_ID}-${{ inputs.dry_run_version }}* 2>/dev/null || echo "No artifacts found matching ${ARTIFACT_ID}-${{ inputs.dry_run_version }}*"
+
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
         if: ${{ inputs.dry_run == true }}
@@ -577,14 +591,14 @@ jobs:
           generate_release_notes: true
           draft: true
           files: |
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.jar
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.jar.asc
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom.asc
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-javadoc.jar
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-javadoc.jar.asc
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-sources.jar
-            ${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${{ inputs.dry_run_version }}-sources.jar.asc
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.jar
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.jar.asc
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.pom
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.pom.asc
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-javadoc.jar
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-javadoc.jar.asc
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-sources.jar
+            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-sources.jar.asc
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From cf2f2e334a6184e43aa5c121d34f77a89f94e3b2 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 12:06:27 -0600
Subject: [PATCH 21/41] fix: update dry-run artifact preparation by removing
 redundant steps and using wildcard for file attachments

---
 .../extension-attach-artifact-release.yml     | 34 ++-----------------
 1 file changed, 2 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index c4410079..ab51e081 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -437,6 +437,7 @@ jobs:
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
+        working-directory: ${{ inputs.artifactPath }}
         run: |
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
@@ -557,29 +558,6 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
-      # - name: Get version for dry-run release
-      #   if: ${{ inputs.dry_run == true }}
-      #   id: get-dry-run-version
-      #   working-directory: ${{ inputs.artifactPath }}
-      #   run: |
-      #     VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-      #     echo "version=$VERSION" >> $GITHUB_OUTPUT
-      #     echo "Dry run version: $VERSION"
-
-      - name: Prepare artifacts for dry-run release
-        id: prepare-artifacts-dry-run
-        if: ${{ inputs.dry_run == true }}
-        working-directory: ${{ inputs.artifactPath }}
-        run: |
-          # Get the artifact ID from the current module (not parent POM)
-          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "Detected artifact_id: $ARTIFACT_ID"
-          echo "artifact_id_dry_run=$ARTIFACT_ID" >> $GITHUB_OUTPUT
-
-          # List the files that will be attached
-          echo "Files to attach from $(pwd)/target:"
-          ls -la target/${ARTIFACT_ID}-${{ inputs.dry_run_version }}* 2>/dev/null || echo "No artifacts found matching ${ARTIFACT_ID}-${{ inputs.dry_run_version }}*"
-
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
         if: ${{ inputs.dry_run == true }}
@@ -590,15 +568,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: |
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.jar
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.jar.asc
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.pom
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}.pom.asc
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-javadoc.jar
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-javadoc.jar.asc
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-sources.jar
-            ${{ inputs.artifactPath }}/target/${{ steps.prepare-artifacts-dry-run.outputs.artifact_id_dry_run }}-${{ inputs.dry_run_version }}-sources.jar.asc
+          files: ./target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From f1dcc7bd99d8cb237de4c0b820c468b744e205e1 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 12:15:59 -0600
Subject: [PATCH 22/41] fix: enhance dry-run artifact handling by detecting
 multi-module projects and adjusting module paths

---
 .../extension-attach-artifact-release.yml     | 50 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index ab51e081..c98e0b76 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -439,6 +439,23 @@ jobs:
         id: build-release-artifacts-dry-run
         working-directory: ${{ inputs.artifactPath }}
         run: |
+          # Detect if this is a multi-module project and find the actual module
+          CURRENT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "Current artifactId: $CURRENT_ARTIFACT_ID"
+
+          # Check if this is a parent/aggregator POM (ends with build-pom or has modules)
+          if [[ "$CURRENT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
+            echo "Detected parent POM, looking for module..."
+            # Find the module directory (first subdirectory with a pom.xml that's not a build-pom)
+            MODULE_DIR=$(find . -maxdepth 1 -type d ! -name "." ! -name ".." ! -name "target" ! -name ".*" | head -1 | sed 's|^./||')
+            if [ -n "$MODULE_DIR" ]; then
+              echo "Found module directory: $MODULE_DIR"
+              cd "$MODULE_DIR"
+              MODULE_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+              echo "Module artifactId: $MODULE_ARTIFACT_ID"
+            fi
+          fi
+
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
@@ -558,6 +575,37 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
+      - name: Detect module path for dry-run
+        id: detect-module-dry-run
+        if: ${{ inputs.dry_run == true }}
+        working-directory: ${{ inputs.artifactPath }}
+        run: |
+          # Detect if this is a multi-module project and find the actual module
+          CURRENT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "Current artifactId: $CURRENT_ARTIFACT_ID"
+
+          MODULE_PATH="${{ inputs.artifactPath }}"
+
+          # Check if this is a parent/aggregator POM (ends with build-pom or has modules)
+          if [[ "$CURRENT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
+            echo "Detected parent POM, looking for module..."
+            # Find the module directory (first subdirectory with a pom.xml that's not a build-pom)
+            MODULE_DIR=$(find . -maxdepth 1 -type d ! -name "." ! -name ".." ! -name "target" ! -name ".*" | head -1 | sed 's|^./||')
+            if [ -n "$MODULE_DIR" ]; then
+              echo "Found module directory: $MODULE_DIR"
+              if [ "${{ inputs.artifactPath }}" = "." ]; then
+                MODULE_PATH="$MODULE_DIR"
+              else
+                MODULE_PATH="${{ inputs.artifactPath }}/$MODULE_DIR"
+              fi
+              echo "Module path: $MODULE_PATH"
+            fi
+          fi
+
+          echo "module_path=$MODULE_PATH" >> $GITHUB_OUTPUT
+          echo "Artifacts will be attached from: $MODULE_PATH/target"
+          ls -la "$MODULE_PATH/target" 2>/dev/null || echo "Target directory not found"
+
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
         if: ${{ inputs.dry_run == true }}
@@ -568,7 +616,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ./target/*
+          files: ${{ steps.detect-module-dry-run.outputs.module_path }}/target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From 29544b48c6b4c7da26ed2f94aeb550fc51f10b33 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 13:30:56 -0600
Subject: [PATCH 23/41] fix: simplify dry-run artifact path detection and
 streamline artifact attachment process

---
 .../extension-attach-artifact-release.yml     | 52 ++-----------------
 1 file changed, 4 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index c98e0b76..7f6ee9f7 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -437,25 +437,7 @@ jobs:
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
-        working-directory: ${{ inputs.artifactPath }}
         run: |
-          # Detect if this is a multi-module project and find the actual module
-          CURRENT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "Current artifactId: $CURRENT_ARTIFACT_ID"
-
-          # Check if this is a parent/aggregator POM (ends with build-pom or has modules)
-          if [[ "$CURRENT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
-            echo "Detected parent POM, looking for module..."
-            # Find the module directory (first subdirectory with a pom.xml that's not a build-pom)
-            MODULE_DIR=$(find . -maxdepth 1 -type d ! -name "." ! -name ".." ! -name "target" ! -name ".*" | head -1 | sed 's|^./||')
-            if [ -n "$MODULE_DIR" ]; then
-              echo "Found module directory: $MODULE_DIR"
-              cd "$MODULE_DIR"
-              MODULE_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-              echo "Module artifactId: $MODULE_ARTIFACT_ID"
-            fi
-          fi
-
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
@@ -575,36 +557,10 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
-      - name: Detect module path for dry-run
-        id: detect-module-dry-run
+      - name: Set artifact path
+        id: set-artifact-path
         if: ${{ inputs.dry_run == true }}
-        working-directory: ${{ inputs.artifactPath }}
-        run: |
-          # Detect if this is a multi-module project and find the actual module
-          CURRENT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "Current artifactId: $CURRENT_ARTIFACT_ID"
-
-          MODULE_PATH="${{ inputs.artifactPath }}"
-
-          # Check if this is a parent/aggregator POM (ends with build-pom or has modules)
-          if [[ "$CURRENT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
-            echo "Detected parent POM, looking for module..."
-            # Find the module directory (first subdirectory with a pom.xml that's not a build-pom)
-            MODULE_DIR=$(find . -maxdepth 1 -type d ! -name "." ! -name ".." ! -name "target" ! -name ".*" | head -1 | sed 's|^./||')
-            if [ -n "$MODULE_DIR" ]; then
-              echo "Found module directory: $MODULE_DIR"
-              if [ "${{ inputs.artifactPath }}" = "." ]; then
-                MODULE_PATH="$MODULE_DIR"
-              else
-                MODULE_PATH="${{ inputs.artifactPath }}/$MODULE_DIR"
-              fi
-              echo "Module path: $MODULE_PATH"
-            fi
-          fi
-
-          echo "module_path=$MODULE_PATH" >> $GITHUB_OUTPUT
-          echo "Artifacts will be attached from: $MODULE_PATH/target"
-          ls -la "$MODULE_PATH/target" 2>/dev/null || echo "Target directory not found"
+        run: echo "ARTIFACT_PATH=${{ inputs.artifactPath || '.' }}" >> $GITHUB_OUTPUT
 
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
@@ -616,7 +572,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ${{ steps.detect-module-dry-run.outputs.module_path }}/target/*
+          files: ${{ steps.set-artifact-path.outputs.ARTIFACT_PATH }}/target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From 1d13c6a13951d0a111ade691227f63b1ba8e1b94 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 16:12:17 -0600
Subject: [PATCH 24/41] fix: enhance dry-run artifact handling for multi-module
 projects and streamline artifact path detection

---
 .../extension-attach-artifact-release.yml     | 162 ++++++++++++++++--
 1 file changed, 143 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 7f6ee9f7..60c6f837 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -436,24 +436,67 @@ jobs:
 
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
+        working-directory: ${{ inputs.artifactPath }}
         id: build-release-artifacts-dry-run
         run: |
+          # Build all modules from root
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
+
           # Use current branch name for dry runs
           CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
           echo "Using current branch: $CURRENT_BRANCH"
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$CURRENT_BRANCH
 
-          # Generate source and javadoc jars
-          mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
-
-          # Copy POM to target directory with versioned name
-          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-          cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
-          echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
+          # Detect if this is a multi-module project
+          ROOT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "Root artifactId: $ROOT_ARTIFACT_ID"
+
+          # Use the dry_run_version input
+          VERSION="${{ inputs.dry_run_version }}"
+          echo "Using dry-run version: $VERSION"
+
+          # Check if this is a parent/aggregator POM (contains build-pom or has modules)
+          if [[ "$ROOT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
+            echo "Detected multi-module project with parent POM"
+
+            # Extract base name by removing -build-pom suffix
+            BASE_NAME=$(echo "$ROOT_ARTIFACT_ID" | sed 's/-build-pom$//')
+            echo "Base name: $BASE_NAME"
+
+            # Look for module directory with the base name
+            if [ -d "$BASE_NAME" ]; then
+              MODULE_DIR="$BASE_NAME"
+              echo "Found extension module directory: $MODULE_DIR"
+
+              # Navigate into the module and generate source/javadoc jars there
+              cd "$MODULE_DIR"
+              mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
+
+              # Get artifact ID from the actual extension module
+              ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+              echo "Extension module artifactId: $ARTIFACT_ID"
+              echo "Extension module version: $VERSION"
+
+              # Copy the module's POM to its target directory
+              cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
+              echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION} in module ${MODULE_DIR}"
+            else
+              echo "WARNING: Module directory $BASE_NAME not found, falling back to root"
+              mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
+              ARTIFACT_ID=$ROOT_ARTIFACT_ID
+              cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
+              echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
+            fi
+          else
+            # Single module project
+            echo "Single module project"
+            mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
+            ARTIFACT_ID=$ROOT_ARTIFACT_ID
+            cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
+            echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
+          fi
 
       - name: Download multiarchitecture release artifacts
         if: inputs.combineJars
@@ -490,7 +533,8 @@ jobs:
             curl -X DELETE -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/releases/assets/$value"
             echo "Deleted artifact ID: $value"
           done
-      - name: Convert escaped newlines and set GPG key
+      
+          - name: Convert escaped newlines and set GPG key
         run: |
           GPG_KEY_CONTENT="$(printf '%b' "${{ env.GPG_SECRET }}")"
           {
@@ -530,12 +574,50 @@ jobs:
         working-directory: ${{ inputs.artifactPath }}
         run: |
           gpg -K
-          version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-          echo "Signing artifacts for version: $version"
-          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.jar
-          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.pom
-          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-javadoc.jar
-          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-sources.jar
+
+          # Detect if this is a multi-module project
+          ROOT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "Root artifactId: $ROOT_ARTIFACT_ID"
+
+          # Use the dry_run_version input
+          VERSION="${{ inputs.dry_run_version }}"
+          echo "Using dry-run version: $VERSION"
+
+          # Check if this is a parent/aggregator POM (contains build-pom or has modules)
+          if [[ "$ROOT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
+            echo "Detected multi-module project"
+
+            # Extract base name by removing -build-pom suffix
+            BASE_NAME=$(echo "$ROOT_ARTIFACT_ID" | sed 's/-build-pom$//')
+            echo "Base name: $BASE_NAME"
+
+            # Look for module directory
+            if [ -d "$BASE_NAME" ]; then
+              cd "$BASE_NAME"
+              ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+              echo "Signing artifacts for module: $ARTIFACT_ID version: $VERSION"
+
+              # Sign artifacts in module directory
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}.jar
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}.pom
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}-javadoc.jar
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}-sources.jar
+            else
+              echo "Module directory not found, signing from root"
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.jar
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.pom
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-javadoc.jar
+              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-sources.jar
+            fi
+          else
+            # Single module project
+            echo "Single module project"
+            echo "Signing artifacts for version: $VERSION"
+            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.jar
+            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.pom
+            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-javadoc.jar
+            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-sources.jar
+          fi
 
       - name: Set draft release title
         if: ${{ inputs.dry_run == false }}
@@ -557,10 +639,52 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
-      - name: Set artifact path
-        id: set-artifact-path
+      - name: Detect module path for artifact attachment
+        id: detect-module-path
         if: ${{ inputs.dry_run == true }}
-        run: echo "ARTIFACT_PATH=${{ inputs.artifactPath || '.' }}" >> $GITHUB_OUTPUT
+        working-directory: ${{ inputs.artifactPath }}
+        run: |
+          # Detect if this is a multi-module project
+          ROOT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "Root artifactId: $ROOT_ARTIFACT_ID"
+
+          ARTIFACT_PATH="${{ inputs.artifactPath }}"
+          if [ -z "$ARTIFACT_PATH" ] || [ "$ARTIFACT_PATH" = "." ]; then
+            ARTIFACT_PATH="."
+          fi
+
+          # Check if this is a parent/aggregator POM (contains build-pom or has modules)
+          if [[ "$ROOT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
+            echo "Detected multi-module project"
+
+            # Extract base name by removing -build-pom suffix
+            BASE_NAME=$(echo "$ROOT_ARTIFACT_ID" | sed 's/-build-pom$//')
+            echo "Base name: $BASE_NAME"
+
+            # Look for module directory with the base name
+            if [ -d "$BASE_NAME" ]; then
+              if [ "$ARTIFACT_PATH" = "." ]; then
+                FULL_PATH="$BASE_NAME"
+              else
+                FULL_PATH="$ARTIFACT_PATH/$BASE_NAME"
+              fi
+              echo "Found module at: $FULL_PATH"
+              echo "ARTIFACT_PATH=$FULL_PATH" >> $GITHUB_OUTPUT
+
+              # List artifacts for debugging
+              echo "Artifacts in module target directory:"
+              ls -la "$FULL_PATH/target" 2>/dev/null || echo "Target directory not found"
+            else
+              echo "Module directory not found, using root path: $ARTIFACT_PATH"
+              echo "ARTIFACT_PATH=$ARTIFACT_PATH" >> $GITHUB_OUTPUT
+              ls -la "$ARTIFACT_PATH/target" 2>/dev/null || echo "Target directory not found"
+            fi
+          else
+            # Single module project
+            echo "Single module project, using path: $ARTIFACT_PATH"
+            echo "ARTIFACT_PATH=$ARTIFACT_PATH" >> $GITHUB_OUTPUT
+            ls -la "$ARTIFACT_PATH/target" 2>/dev/null || echo "Target directory not found"
+          fi
 
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
@@ -572,7 +696,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ${{ steps.set-artifact-path.outputs.ARTIFACT_PATH }}/target/*
+          files: ${{ steps.detect-module-path.outputs.ARTIFACT_PATH }}/target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'

From 85f942fa76c32f2ed968c798e66031dfe8cf5aea Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 16:14:07 -0600
Subject: [PATCH 25/41] fix: adjust indentation for GPG key conversion step in
 artifact release workflow

---
 .github/workflows/extension-attach-artifact-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 60c6f837..4ec1f734 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -534,7 +534,7 @@ jobs:
             echo "Deleted artifact ID: $value"
           done
       
-          - name: Convert escaped newlines and set GPG key
+      - name: Convert escaped newlines and set GPG key
         run: |
           GPG_KEY_CONTENT="$(printf '%b' "${{ env.GPG_SECRET }}")"
           {

From e70bbf144e7e5bbddfcd13ff316d5b3fb169e911 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 16:25:50 -0600
Subject: [PATCH 26/41] fix: streamline dry-run artifact generation and signing
 process

---
 .../extension-attach-artifact-release.yml     | 167 +++---------------
 1 file changed, 24 insertions(+), 143 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 4ec1f734..79500b78 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -434,69 +434,31 @@ jobs:
           cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
           echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
 
+      - name: Set pom version to dry_run version
+        if: ${{ inputs.dry_run == true }}
+        run: |
+          mvn versions:set -DnewVersion=${{ inputs.dry_run_version }} -DgenerateBackupPoms=false
+                
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
-        working-directory: ${{ inputs.artifactPath }}
         id: build-release-artifacts-dry-run
         run: |
-          # Build all modules from root
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
-
           # Use current branch name for dry runs
           CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
           echo "Using current branch: $CURRENT_BRANCH"
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$CURRENT_BRANCH
 
-          # Detect if this is a multi-module project
-          ROOT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "Root artifactId: $ROOT_ARTIFACT_ID"
-
-          # Use the dry_run_version input
-          VERSION="${{ inputs.dry_run_version }}"
-          echo "Using dry-run version: $VERSION"
-
-          # Check if this is a parent/aggregator POM (contains build-pom or has modules)
-          if [[ "$ROOT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
-            echo "Detected multi-module project with parent POM"
-
-            # Extract base name by removing -build-pom suffix
-            BASE_NAME=$(echo "$ROOT_ARTIFACT_ID" | sed 's/-build-pom$//')
-            echo "Base name: $BASE_NAME"
-
-            # Look for module directory with the base name
-            if [ -d "$BASE_NAME" ]; then
-              MODULE_DIR="$BASE_NAME"
-              echo "Found extension module directory: $MODULE_DIR"
-
-              # Navigate into the module and generate source/javadoc jars there
-              cd "$MODULE_DIR"
-              mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
-
-              # Get artifact ID from the actual extension module
-              ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-              echo "Extension module artifactId: $ARTIFACT_ID"
-              echo "Extension module version: $VERSION"
-
-              # Copy the module's POM to its target directory
-              cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
-              echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION} in module ${MODULE_DIR}"
-            else
-              echo "WARNING: Module directory $BASE_NAME not found, falling back to root"
-              mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
-              ARTIFACT_ID=$ROOT_ARTIFACT_ID
-              cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
-              echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
-            fi
-          else
-            # Single module project
-            echo "Single module project"
-            mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
-            ARTIFACT_ID=$ROOT_ARTIFACT_ID
-            cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
-            echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
-          fi
+          # Generate source and javadoc jars
+          mvn source:jar javadoc:jar -Dmaven.javadoc.skip=false
+
+          # Copy POM to target directory with versioned name
+          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          cp pom.xml target/${ARTIFACT_ID}-${VERSION}.pom
+          echo "Generated artifacts for ${ARTIFACT_ID}-${VERSION}"
 
       - name: Download multiarchitecture release artifacts
         if: inputs.combineJars
@@ -533,7 +495,6 @@ jobs:
             curl -X DELETE -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/releases/assets/$value"
             echo "Deleted artifact ID: $value"
           done
-      
       - name: Convert escaped newlines and set GPG key
         run: |
           GPG_KEY_CONTENT="$(printf '%b' "${{ env.GPG_SECRET }}")"
@@ -574,50 +535,12 @@ jobs:
         working-directory: ${{ inputs.artifactPath }}
         run: |
           gpg -K
-
-          # Detect if this is a multi-module project
-          ROOT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "Root artifactId: $ROOT_ARTIFACT_ID"
-
-          # Use the dry_run_version input
-          VERSION="${{ inputs.dry_run_version }}"
-          echo "Using dry-run version: $VERSION"
-
-          # Check if this is a parent/aggregator POM (contains build-pom or has modules)
-          if [[ "$ROOT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
-            echo "Detected multi-module project"
-
-            # Extract base name by removing -build-pom suffix
-            BASE_NAME=$(echo "$ROOT_ARTIFACT_ID" | sed 's/-build-pom$//')
-            echo "Base name: $BASE_NAME"
-
-            # Look for module directory
-            if [ -d "$BASE_NAME" ]; then
-              cd "$BASE_NAME"
-              ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-              echo "Signing artifacts for module: $ARTIFACT_ID version: $VERSION"
-
-              # Sign artifacts in module directory
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}.jar
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}.pom
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}-javadoc.jar
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/$BASE_NAME/target/$ARTIFACT_ID-${VERSION}-sources.jar
-            else
-              echo "Module directory not found, signing from root"
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.jar
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.pom
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-javadoc.jar
-              ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-sources.jar
-            fi
-          else
-            # Single module project
-            echo "Single module project"
-            echo "Signing artifacts for version: $VERSION"
-            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.jar
-            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}.pom
-            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-javadoc.jar
-            ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${VERSION}-sources.jar
-          fi
+          version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "Signing artifacts for version: $version"
+          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.jar
+          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}.pom
+          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-javadoc.jar
+          ${{ env.REPO_ROOT }}/.github/sign_artifact.sh ${{ env.REPO_ROOT }}/${{ inputs.artifactPath }}/target/${{ env.artifact_id }}-${version}-sources.jar
 
       - name: Set draft release title
         if: ${{ inputs.dry_run == false }}
@@ -639,52 +562,10 @@ jobs:
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
           ASSET_DIR: ./target
 
-      - name: Detect module path for artifact attachment
-        id: detect-module-path
+      - name: Set artifact path
+        id: set-artifact-path
         if: ${{ inputs.dry_run == true }}
-        working-directory: ${{ inputs.artifactPath }}
-        run: |
-          # Detect if this is a multi-module project
-          ROOT_ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "Root artifactId: $ROOT_ARTIFACT_ID"
-
-          ARTIFACT_PATH="${{ inputs.artifactPath }}"
-          if [ -z "$ARTIFACT_PATH" ] || [ "$ARTIFACT_PATH" = "." ]; then
-            ARTIFACT_PATH="."
-          fi
-
-          # Check if this is a parent/aggregator POM (contains build-pom or has modules)
-          if [[ "$ROOT_ARTIFACT_ID" == *"build-pom"* ]] || mvn help:evaluate -Dexpression=project.modules -q -DforceStdout | grep -q "module"; then
-            echo "Detected multi-module project"
-
-            # Extract base name by removing -build-pom suffix
-            BASE_NAME=$(echo "$ROOT_ARTIFACT_ID" | sed 's/-build-pom$//')
-            echo "Base name: $BASE_NAME"
-
-            # Look for module directory with the base name
-            if [ -d "$BASE_NAME" ]; then
-              if [ "$ARTIFACT_PATH" = "." ]; then
-                FULL_PATH="$BASE_NAME"
-              else
-                FULL_PATH="$ARTIFACT_PATH/$BASE_NAME"
-              fi
-              echo "Found module at: $FULL_PATH"
-              echo "ARTIFACT_PATH=$FULL_PATH" >> $GITHUB_OUTPUT
-
-              # List artifacts for debugging
-              echo "Artifacts in module target directory:"
-              ls -la "$FULL_PATH/target" 2>/dev/null || echo "Target directory not found"
-            else
-              echo "Module directory not found, using root path: $ARTIFACT_PATH"
-              echo "ARTIFACT_PATH=$ARTIFACT_PATH" >> $GITHUB_OUTPUT
-              ls -la "$ARTIFACT_PATH/target" 2>/dev/null || echo "Target directory not found"
-            fi
-          else
-            # Single module project
-            echo "Single module project, using path: $ARTIFACT_PATH"
-            echo "ARTIFACT_PATH=$ARTIFACT_PATH" >> $GITHUB_OUTPUT
-            ls -la "$ARTIFACT_PATH/target" 2>/dev/null || echo "Target directory not found"
-          fi
+        run: echo "ARTIFACT_PATH=${{ inputs.artifactPath || '.' }}" >> $GITHUB_OUTPUT
 
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
@@ -696,7 +577,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ${{ steps.detect-module-path.outputs.ARTIFACT_PATH }}/target/*
+          files: ${{ steps.set-artifact-path.outputs.ARTIFACT_PATH }}/target/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'
@@ -711,4 +592,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
-          ASSET_DIR: ./target
+          ASSET_DIR: ./target
\ No newline at end of file

From 14df2eae55d24aa0fdbce5737a6efad09e36b166 Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 16:27:52 -0600
Subject: [PATCH 27/41] fix: append '-SNAPSHOT' to dry_run version in Maven
 versioning step

---
 .github/workflows/extension-attach-artifact-release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 79500b78..265607ad 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -437,8 +437,8 @@ jobs:
       - name: Set pom version to dry_run version
         if: ${{ inputs.dry_run == true }}
         run: |
-          mvn versions:set -DnewVersion=${{ inputs.dry_run_version }} -DgenerateBackupPoms=false
-                
+          mvn versions:set -DnewVersion=${{ inputs.dry_run_version }}-SNAPSHOT -DgenerateBackupPoms=false
+
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run

From 7e60f6548ab18fedc7c1ec90ab144eab80dda88d Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 16:41:11 -0600
Subject: [PATCH 28/41] fix: rename SNAPSHOT files to match dry_run version in
 artifact release process

---
 .../workflows/extension-release-published.yml    | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 7df5c353..c9fbc139 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -316,6 +316,20 @@ jobs:
           fileName: "${{ env.artifact_id }}-*"
           out-file-path: ${{ inputs.artifactPath }}
 
+      - name: Rename SNAPSHOTS to dry_run version
+        working-directory: ${{ inputs.artifactPath }}
+        run: |
+          for file in ${{ env.artifact_id }}-*-SNAPSHOT*; do
+            if [ -f "$file" ]; then
+              # Remove -SNAPSHOT- and -SNAPSHOT from filenames
+              new_file=$(echo "$file" | sed "s/-SNAPSHOT-/-/g" | sed "s/-SNAPSHOT//g")
+              if [ "$file" != "$new_file" ]; then
+                echo "Renaming: $file -> $new_file"
+                mv "$file" "$new_file"
+              fi
+            fi
+          done
+
       - name: Publish to Maven Central
         working-directory: ${{ inputs.artifactPath }}
         env:
@@ -334,7 +348,7 @@ jobs:
                       -Dfiles=${{ env.artifact_id }}-${version}.jar.asc,${{ env.artifact_id }}-${version}-sources.jar.asc,${{ env.artifact_id }}-${version}-javadoc.jar.asc,${{ env.artifact_id }}-${version}.pom.asc \
                       -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
                       -Dclassifiers=,sources,javadoc,
-                      
+
   deploy_xsd:
     if: inputs.nameSpace != '' && inputs.deployToMavenCentral == true && inputs.dry_run == false
     name: Upload xsds

From fdf73236d881d8c51389d54ae7d0db371a785abf Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 17:02:04 -0600
Subject: [PATCH 29/41] fix: update POM files to remove '-SNAPSHOT' from
 version tags during release process

---
 .github/workflows/extension-release-published.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index c9fbc139..abf9f466 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -330,6 +330,12 @@ jobs:
             fi
           done
 
+          # Find and update all pom files in current directory
+          pom_file="${{ env.artifact_id }}-${version}.pom"
+          echo "Updating $pom_file - removing -SNAPSHOT from version tags"
+          sed -i '' 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' "$pom_file"
+          echo "✓ Updated $pom_file"
+
       - name: Publish to Maven Central
         working-directory: ${{ inputs.artifactPath }}
         env:

From 098cdaad725d1fed85ac92b1c18653f07645615e Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 17:07:54 -0600
Subject: [PATCH 30/41] fix: update POM file versioning to use dry_run_version
 instead of version variable

---
 .github/workflows/extension-release-published.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index abf9f466..e9f2d057 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -331,7 +331,7 @@ jobs:
           done
 
           # Find and update all pom files in current directory
-          pom_file="${{ env.artifact_id }}-${version}.pom"
+          pom_file="${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom"
           echo "Updating $pom_file - removing -SNAPSHOT from version tags"
           sed -i '' 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' "$pom_file"
           echo "✓ Updated $pom_file"

From dccd3ccc02158c8e48e55fed041264960f79f0ba Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 17:19:18 -0600
Subject: [PATCH 31/41] fix: update POM file versioning to remove '-SNAPSHOT'
 from version tags in dry run process

---
 .github/workflows/extension-release-published.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index e9f2d057..e3c11d7f 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -331,9 +331,10 @@ jobs:
           done
 
           # Find and update all pom files in current directory
+          ls -l *.pom
           pom_file="${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom"
           echo "Updating $pom_file - removing -SNAPSHOT from version tags"
-          sed -i '' 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' "$pom_file"
+          sed -i '' 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' $pom_file
           echo "✓ Updated $pom_file"
 
       - name: Publish to Maven Central

From 670a3274f756de7f053a8e5198d33277041f3c2d Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Mon, 10 Nov 2025 17:25:45 -0600
Subject: [PATCH 32/41] fix: remove unnecessary empty string argument from sed
 command in version update step

---
 .github/workflows/extension-release-published.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index e3c11d7f..06d5baf9 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -334,7 +334,7 @@ jobs:
           ls -l *.pom
           pom_file="${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom"
           echo "Updating $pom_file - removing -SNAPSHOT from version tags"
-          sed -i '' 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' $pom_file
+          sed -i 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' $pom_file
           echo "✓ Updated $pom_file"
 
       - name: Publish to Maven Central

From db83e1557f6f9fcfd3dd186093015c8ea71987c2 Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 11:03:28 -0600
Subject: [PATCH 33/41] fix: changes for dry-runs especially for bigquery
 workflow (#438)

* fix: add processAllModules flag to mvn versions:set command for dry_run version

* fix: enhance artifact processing for multi-module projects in dry run workflow

* fix: add artifact collection step for dry-run in release workflow
---
 .../extension-attach-artifact-release.yml     | 13 ++-
 .../workflows/extension-release-published.yml | 83 ++++++++++++-------
 2 files changed, 66 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 265607ad..d433b13f 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -437,7 +437,7 @@ jobs:
       - name: Set pom version to dry_run version
         if: ${{ inputs.dry_run == true }}
         run: |
-          mvn versions:set -DnewVersion=${{ inputs.dry_run_version }}-SNAPSHOT -DgenerateBackupPoms=false
+          mvn versions:set -DnewVersion=${{ inputs.dry_run_version }}-SNAPSHOT -DgenerateBackupPoms=false -DprocessAllModules=true
 
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
@@ -567,6 +567,15 @@ jobs:
         if: ${{ inputs.dry_run == true }}
         run: echo "ARTIFACT_PATH=${{ inputs.artifactPath || '.' }}" >> $GITHUB_OUTPUT
 
+      - name: Collect artifacts for release (dry-run)
+        if: ${{ inputs.dry_run == true }}
+        run: |
+          mkdir -p /tmp/release-artifacts
+          # Find and copy all artifacts from target directories (supports multi-module)
+          find ${{ steps.set-artifact-path.outputs.ARTIFACT_PATH }} -type f \( -name "*.jar" -o -name "*.pom" -o -name "*.asc" \) -path "*/target/*" ! -name "original-*" -exec cp {} /tmp/release-artifacts/ \;
+          echo "Collected artifacts:"
+          ls -lh /tmp/release-artifacts/
+
       - name: Attach Files to Draft Release (dry-run)
         id: attach-files-dry-run
         if: ${{ inputs.dry_run == true }}
@@ -577,7 +586,7 @@ jobs:
           body: Dry Run ${{ inputs.dry_run_version }}
           generate_release_notes: true
           draft: true
-          files: ${{ steps.set-artifact-path.outputs.ARTIFACT_PATH }}/target/*
+          files: /tmp/release-artifacts/*
 
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'
diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 06d5baf9..8166cdba 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -156,7 +156,7 @@ jobs:
         uses: robinraju/release-downloader@v1.12
         with:
           tag: "${{ github.event.release.tag_name }}"
-          fileName: "${{ env.artifact_id }}-*"
+          fileName: "*"
           out-file-path: ${{ inputs.artifactPath }}
 
       - name: Publish to Maven Central
@@ -168,16 +168,27 @@ jobs:
           version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
           groupId=$(mvn help:evaluate -Dexpression=project.groupId -q -DforceStdout)
 
-          # Create Maven repository layout structure for the bundle
           # Convert groupId dots to directory separators
           groupPath=$(echo "$groupId" | tr '.' '/')
-          mkdir -p "bundle/${groupPath}/${{ env.artifact_id }}/${version}"
 
-          # Copy all artifacts and their signatures/checksums to proper Maven repository layout
-          # Skip files containing "-full" in their names
-          for file in ${{ env.artifact_id }}-${version}*; do
-            if [[ ! "$file" == *"-full"* ]]; then
-              cp "$file" "bundle/${groupPath}/${{ env.artifact_id }}/${version}/"
+          # Process all JAR files (supports multi-module projects)
+          for jar_file in *-${version}.jar; do
+            if [ -f "$jar_file" ] && [[ ! "$jar_file" =~ (sources|javadoc)\.jar$ ]]; then
+              # Extract artifact name (remove version and .jar)
+              artifact_name="${jar_file%-${version}.jar}"
+              echo "Processing artifact: $artifact_name"
+
+              # Create Maven repository layout structure for this artifact
+              mkdir -p "bundle/${groupPath}/${artifact_name}/${version}"
+
+              # Copy all files for this artifact (jar, pom, sources, javadoc, signatures, checksums)
+              # Skip files containing "-full" in their names
+              for file in ${artifact_name}-${version}*; do
+                if [[ ! "$file" == *"-full"* ]] && [ -f "$file" ]; then
+                  cp "$file" "bundle/${groupPath}/${artifact_name}/${version}/"
+                  echo "  Copied: $file"
+                fi
+              done
             fi
           done
 
@@ -313,13 +324,14 @@ jobs:
         uses: robinraju/release-downloader@v1.12
         with:
           releaseId: "${{ inputs.dry_run_release_id }}"
-          fileName: "${{ env.artifact_id }}-*"
+          fileName: "*"
           out-file-path: ${{ inputs.artifactPath }}
 
       - name: Rename SNAPSHOTS to dry_run version
         working-directory: ${{ inputs.artifactPath }}
         run: |
-          for file in ${{ env.artifact_id }}-*-SNAPSHOT*; do
+          # Rename all SNAPSHOT files (supports both single and multi-module projects)
+          for file in *-SNAPSHOT*; do
             if [ -f "$file" ]; then
               # Remove -SNAPSHOT- and -SNAPSHOT from filenames
               new_file=$(echo "$file" | sed "s/-SNAPSHOT-/-/g" | sed "s/-SNAPSHOT//g")
@@ -330,12 +342,15 @@ jobs:
             fi
           done
 
-          # Find and update all pom files in current directory
-          ls -l *.pom
-          pom_file="${{ env.artifact_id }}-${{ inputs.dry_run_version }}.pom"
-          echo "Updating $pom_file - removing -SNAPSHOT from version tags"
-          sed -i 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' $pom_file
-          echo "✓ Updated $pom_file"
+          # Find and update all pom files in current directory (supports multi-module)
+          ls -l *.pom || echo "No POM files found"
+          for pom_file in *-${{ inputs.dry_run_version }}.pom; do
+            if [ -f "$pom_file" ]; then
+              echo "Updating $pom_file - removing -SNAPSHOT from version tags"
+              sed -i 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' "$pom_file"
+              echo "✓ Updated $pom_file"
+            fi
+          done
 
       - name: Publish to Maven Central
         working-directory: ${{ inputs.artifactPath }}
@@ -343,18 +358,30 @@ jobs:
           MAVEN_USERNAME: ${{ env.REPO_LIQUIBASE_NET_USER }}
           MAVEN_PASSWORD: ${{ env.REPO_LIQUIBASE_NET_PASSWORD }}
         run: |
-          version=${{ inputs.dry_run_version }}         
-          mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
-                      -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
-                      -DrepositoryId=dry-run-sonatype-nexus-staging \
-                      -DpomFile=${{ env.artifact_id }}-${version}.pom \
-                      -DgeneratePom=false \
-                      -Dfile=${{ env.artifact_id }}-${version}.jar \
-                      -Dsources=${{ env.artifact_id }}-${version}-sources.jar \
-                      -Djavadoc=${{ env.artifact_id }}-${version}-javadoc.jar \
-                      -Dfiles=${{ env.artifact_id }}-${version}.jar.asc,${{ env.artifact_id }}-${version}-sources.jar.asc,${{ env.artifact_id }}-${version}-javadoc.jar.asc,${{ env.artifact_id }}-${version}.pom.asc \
-                      -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
-                      -Dclassifiers=,sources,javadoc,
+          version=${{ inputs.dry_run_version }}
+
+          # Find all JAR files (excluding sources and javadoc) and deploy each (supports multi-module)
+          for jar_file in *-${version}.jar; do
+            if [ -f "$jar_file" ] && [[ ! "$jar_file" =~ (sources|javadoc)\.jar$ ]]; then
+              # Extract artifact name (remove version and .jar)
+              artifact_name="${jar_file%-${version}.jar}"
+              echo "Publishing artifact: $artifact_name"
+
+              # Deploy with all associated files
+              mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
+                          -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
+                          -DrepositoryId=dry-run-sonatype-nexus-staging \
+                          -DpomFile=${artifact_name}-${version}.pom \
+                          -DgeneratePom=false \
+                          -Dfile=${artifact_name}-${version}.jar \
+                          -Dsources=${artifact_name}-${version}-sources.jar \
+                          -Djavadoc=${artifact_name}-${version}-javadoc.jar \
+                          -Dfiles=${artifact_name}-${version}.jar.asc,${artifact_name}-${version}-sources.jar.asc,${artifact_name}-${version}-javadoc.jar.asc,${artifact_name}-${version}.pom.asc \
+                          -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
+                          -Dclassifiers=,sources,javadoc,
+              echo "✓ Published $artifact_name"
+            fi
+          done
 
   deploy_xsd:
     if: inputs.nameSpace != '' && inputs.deployToMavenCentral == true && inputs.dry_run == false

From 4db36bf72d4558b4e534ac1bf91c2a0dda0340ce Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 11:09:32 -0600
Subject: [PATCH 34/41] Potential fix for code scanning alert no. 672: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../workflows/extension-attach-artifact-release.yml  | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index d433b13f..38e60bf5 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -166,17 +166,21 @@ jobs:
       - name: Build and Package
         if: ${{ inputs.dry_run == false }}
         shell: bash
+        env:
+          MAVEN_PROFILES: ${{ inputs.mavenProfiles }}
         run: |
-          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false -P "$MAVEN_PROFILES" -DscmServerId=liquibase
           git reset HEAD~ --hard
-          mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
+          mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P "$MAVEN_PROFILES"
 
       - name: Build and Package (dry-run)
         if: ${{ inputs.dry_run == true }}
         shell: bash
+        env:
+          MAVEN_PROFILES: ${{ inputs.mavenProfiles }}
         run: |
-          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' -DscmServerId=liquibase
-          mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P '${{ inputs.mavenProfiles }}'
+          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P "$MAVEN_PROFILES" -DscmServerId=liquibase
+          mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P "$MAVEN_PROFILES"
 
       - name: Get Artifact ID
         working-directory: ${{ inputs.artifactPath }}

From 6a34e45349d44d18635e9ba868c7331d5405530e Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 11:18:55 -0600
Subject: [PATCH 35/41] Potential fix for code scanning alert no. 689: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/extension-attach-artifact-release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 38e60bf5..752f6e8d 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -440,8 +440,10 @@ jobs:
 
       - name: Set pom version to dry_run version
         if: ${{ inputs.dry_run == true }}
+        env:
+          DRY_RUN_VERSION: ${{ inputs.dry_run_version }}
         run: |
-          mvn versions:set -DnewVersion=${{ inputs.dry_run_version }}-SNAPSHOT -DgenerateBackupPoms=false -DprocessAllModules=true
+          mvn versions:set -DnewVersion=$DRY_RUN_VERSION-SNAPSHOT -DgenerateBackupPoms=false -DprocessAllModules=true
 
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}

From c351feeb7af46816a65e1781ff509e43d0ac742b Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 11:20:18 -0600
Subject: [PATCH 36/41] fix: use GitHub context for current branch in dry run
 process

---
 .github/workflows/extension-attach-artifact-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 752f6e8d..3ee5fe24 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -453,7 +453,7 @@ jobs:
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
           # Use current branch name for dry runs
-          CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+          CURRENT_BRANCH=${{ github.head_ref || github.ref_name }}
           echo "Using current branch: $CURRENT_BRANCH"
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$CURRENT_BRANCH
 

From 3539c28cb1f79268783dd9f15e0808cac6f41984 Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 13:44:24 -0600
Subject: [PATCH 37/41] Potential fix for code scanning alert no. 671: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/extension-attach-artifact-release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 3ee5fe24..77ed26ce 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -178,8 +178,9 @@ jobs:
         shell: bash
         env:
           MAVEN_PROFILES: ${{ inputs.mavenProfiles }}
+          DRY_RUN_VERSION: ${{ inputs.dry_run_version }}
         run: |
-          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P "$MAVEN_PROFILES" -DscmServerId=liquibase
+          mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=$DRY_RUN_VERSION -DpushChanges=false -P "$MAVEN_PROFILES" -DscmServerId=liquibase
           mvn -B dependency:go-offline clean package -DskipTests=true ${{ inputs.extraMavenArgs }} -P "$MAVEN_PROFILES"
 
       - name: Get Artifact ID

From 5c52ff6b12199426e2556007555a8c0478e5661b Mon Sep 17 00:00:00 2001
From: sayaliM0412 <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 13:57:56 -0600
Subject: [PATCH 38/41] fix: validate and sanitize dry_run_version input in
 Maven deployment process

---
 .../workflows/extension-release-published.yml | 60 ++++++++++++++++---
 1 file changed, 51 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 8166cdba..91c16d76 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -330,6 +330,16 @@ jobs:
       - name: Rename SNAPSHOTS to dry_run version
         working-directory: ${{ inputs.artifactPath }}
         run: |
+          # Validate and sanitize dry_run_version input (Maven-style: letters, digits, dots, hyphens, underscores)
+          raw_version="${{ inputs.dry_run_version }}"
+          if [[ ! "$raw_version" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+            echo "ERROR: Invalid dry_run_version format: '$raw_version'"
+            echo "Version must contain only letters, digits, dots, hyphens, and underscores"
+            exit 1
+          fi
+          version="$raw_version"
+          echo "Validated version: $version"
+
           # Rename all SNAPSHOT files (supports both single and multi-module projects)
           for file in *-SNAPSHOT*; do
             if [ -f "$file" ]; then
@@ -344,45 +354,77 @@ jobs:
 
           # Find and update all pom files in current directory (supports multi-module)
           ls -l *.pom || echo "No POM files found"
-          for pom_file in *-${{ inputs.dry_run_version }}.pom; do
+
+          # Use sanitized version variable with quoted glob pattern to prevent glob expansion
+          pom_pattern="*-${version}.pom"
+          pom_files_found=false
+          for pom_file in $pom_pattern; do
+            # Check if glob pattern matched actual files
             if [ -f "$pom_file" ]; then
+              pom_files_found=true
               echo "Updating $pom_file - removing -SNAPSHOT from version tags"
               sed -i 's/<version>\(.*\)-SNAPSHOT<\/version>/<version>\1<\/version>/g' "$pom_file"
               echo "✓ Updated $pom_file"
             fi
           done
 
+          # Fail if no files matched the pattern
+          if [ "$pom_files_found" = false ]; then
+            echo "ERROR: No POM files matching pattern '$pom_pattern' were found"
+            exit 1
+          fi
+
       - name: Publish to Maven Central
         working-directory: ${{ inputs.artifactPath }}
         env:
           MAVEN_USERNAME: ${{ env.REPO_LIQUIBASE_NET_USER }}
           MAVEN_PASSWORD: ${{ env.REPO_LIQUIBASE_NET_PASSWORD }}
         run: |
-          version=${{ inputs.dry_run_version }}
+          # Validate and sanitize dry_run_version input (Maven-style: letters, digits, dots, hyphens, underscores)
+          raw_version="${{ inputs.dry_run_version }}"
+          if [[ ! "$raw_version" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+            echo "ERROR: Invalid dry_run_version format: '$raw_version'"
+            echo "Version must contain only letters, digits, dots, hyphens, and underscores"
+            exit 1
+          fi
+          version="$raw_version"
+          echo "Validated version: $version"
+
+          # Use sanitized version variable with quoted glob pattern to prevent glob expansion
+          jar_pattern="*-${version}.jar"
+          jar_files_found=false
 
           # Find all JAR files (excluding sources and javadoc) and deploy each (supports multi-module)
-          for jar_file in *-${version}.jar; do
+          for jar_file in $jar_pattern; do
+            # Check if glob pattern matched actual files
             if [ -f "$jar_file" ] && [[ ! "$jar_file" =~ (sources|javadoc)\.jar$ ]]; then
+              jar_files_found=true
               # Extract artifact name (remove version and .jar)
               artifact_name="${jar_file%-${version}.jar}"
               echo "Publishing artifact: $artifact_name"
 
-              # Deploy with all associated files
+              # Deploy with all associated files (quote all variable expansions to prevent injection)
               mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
                           -Durl=https://repo.liquibase.net/repository/dry-run-sonatype-nexus-staging/ \
                           -DrepositoryId=dry-run-sonatype-nexus-staging \
-                          -DpomFile=${artifact_name}-${version}.pom \
+                          -DpomFile="${artifact_name}-${version}.pom" \
                           -DgeneratePom=false \
-                          -Dfile=${artifact_name}-${version}.jar \
-                          -Dsources=${artifact_name}-${version}-sources.jar \
-                          -Djavadoc=${artifact_name}-${version}-javadoc.jar \
-                          -Dfiles=${artifact_name}-${version}.jar.asc,${artifact_name}-${version}-sources.jar.asc,${artifact_name}-${version}-javadoc.jar.asc,${artifact_name}-${version}.pom.asc \
+                          -Dfile="${artifact_name}-${version}.jar" \
+                          -Dsources="${artifact_name}-${version}-sources.jar" \
+                          -Djavadoc="${artifact_name}-${version}-javadoc.jar" \
+                          -Dfiles="${artifact_name}-${version}.jar.asc,${artifact_name}-${version}-sources.jar.asc,${artifact_name}-${version}-javadoc.jar.asc,${artifact_name}-${version}.pom.asc" \
                           -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
                           -Dclassifiers=,sources,javadoc,
               echo "✓ Published $artifact_name"
             fi
           done
 
+          # Fail if no JAR files matched the pattern
+          if [ "$jar_files_found" = false ]; then
+            echo "ERROR: No JAR files matching pattern '$jar_pattern' were found"
+            exit 1
+          fi
+
   deploy_xsd:
     if: inputs.nameSpace != '' && inputs.deployToMavenCentral == true && inputs.dry_run == false
     name: Upload xsds

From bf8ff7acf37b312058820a95f2ba89924b01c8fc Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 13:59:51 -0600
Subject: [PATCH 39/41] Potential fix for code scanning alert no. 674: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/extension-attach-artifact-release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index 77ed26ce..b36191a4 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -200,9 +200,11 @@ jobs:
         working-directory: ${{ inputs.artifactPath }}
         id: get-artifact-version
         shell: bash
+        env:
+          DRY_RUN_VERSION: ${{ inputs.dry_run_version }}
         run: |
           if [ "${{ inputs.dry_run }}" == "true" ]; then
-            artifact_version="${{ inputs.dry_run_version }}"
+            artifact_version="$DRY_RUN_VERSION"
           else
             artifact_version=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
           fi

From 3c29300ef8200fe49803cb1ffb15c130ebbf0ff2 Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 14:00:47 -0600
Subject: [PATCH 40/41] Potential fix for code scanning alert no. 698: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/extension-release-published.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 91c16d76..773f6146 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -379,9 +379,10 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ env.REPO_LIQUIBASE_NET_USER }}
           MAVEN_PASSWORD: ${{ env.REPO_LIQUIBASE_NET_PASSWORD }}
+          DRY_RUN_VERSION: ${{ inputs.dry_run_version }}
         run: |
-          # Validate and sanitize dry_run_version input (Maven-style: letters, digits, dots, hyphens, underscores)
-          raw_version="${{ inputs.dry_run_version }}"
+          # Validate and sanitize DRY_RUN_VERSION input (Maven-style: letters, digits, dots, hyphens, underscores)
+          raw_version="$DRY_RUN_VERSION"
           if [[ ! "$raw_version" =~ ^[a-zA-Z0-9._-]+$ ]]; then
             echo "ERROR: Invalid dry_run_version format: '$raw_version'"
             echo "Version must contain only letters, digits, dots, hyphens, and underscores"

From d5a2381fd124e94c87bed0a30b4f8bd2e4b505c8 Mon Sep 17 00:00:00 2001
From: Sayali Mohadikar <smohadikar@liquibase.com>
Date: Fri, 14 Nov 2025 14:01:31 -0600
Subject: [PATCH 41/41] Potential fix for code scanning alert no. 696: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/extension-attach-artifact-release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index b36191a4..feae2a05 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -451,12 +451,13 @@ jobs:
       - name: Build release artifacts (dry-run)
         if: ${{ inputs.dry_run == true }}
         id: build-release-artifacts-dry-run
+        env:
+          CURRENT_BRANCH: ${{ github.head_ref || github.ref_name }}
         run: |
           mvn -B release:clean release:prepare -DdryRun=true -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
           -DcheckModificationExcludeList=** -DignoreSnapshots=true -DreleaseVersion=${{ inputs.dry_run_version }} -DpushChanges=false -P '${{ inputs.mavenProfiles }}' \
           -DscmServerId=liquibase
           # Use current branch name for dry runs
-          CURRENT_BRANCH=${{ github.head_ref || github.ref_name }}
           echo "Using current branch: $CURRENT_BRANCH"
           mvn clean install -DskipTests -P '${{ inputs.mavenProfiles }}' -DbuildNumber=$CURRENT_BRANCH