feat(kotlin): publish Kotlin SDK to Maven Central#284
Merged
Conversation
Build on the Central-ready Kotlin publication now on main by wiring Maven Central into the release pipeline. The new step passes -Pidkit.publish.mavenCentral=true to activate the Central repository and signing, and runs before the GitHub Packages step. Dev releases omit the flag and publish to GitHub Packages alone. - publish-kotlin.yml: add a production-gated "Publish to Maven Central" step - README: lead with Maven Central as the no-auth install path; note the release workflow now publishes to both Central and GitHub Packages - scripts/publish-relocation-pom.sh: one-time relocation POM pointing the old com.worldcoin:idkit-kotlin coordinates at com.worldcoin:idkit Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The closing paragraph still said the release workflow does not publish to Maven Central, contradicting the section intro now that this PR wires it in. Rewrite it to describe the automated production Central publish. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The comment claimed Central-first ordering aborts on validation failure before GitHub Packages publishes. In vanniktech 0.34.0 publishToMavenCentral only uploads the deployment and returns; Portal validation is asynchronous and is not awaited in CI, so it cannot fail the job. Clarify that only build/signing/upload failures abort, and that USER_MANAGED manual confirm in the Portal is the real gate. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Installation: note Maven Central availability follows the first release, rather than implying the artifact is already there - Publishing: name the upload-only :bindings:publishToMavenCentral task the workflow runs, so it isn't read as the publishAndReleaseToMavenCentral command shown just above Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
publishToMavenCentral only uploads the deployment and returns; Central Portal validation is asynchronous, so GitHub Packages could previously publish even if validation later failed. Add a step that polls the Portal until the deployment is validated before publishing to GitHub Packages, so a validation failure stops the job first. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Make the "Wait for Maven Central validation" step resilient to transient curl transport errors. `|| echo 000` keeps a momentary DNS/connection/ timeout failure from tripping the runner's `set -e` and aborting an otherwise-good release; 000 != 200 so the loop simply retries. Docs: drop a stray publishToMavenLocal from the local verification block, dedupe the local-publish guidance to one canonical spot (Installation), and reword the Publishing opener so it no longer implies the first (USER_MANAGED) release goes live on Maven Central automatically. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Validation has no fixed SLA and the first deployment is the slow case; the Vanniktech/Maven tooling defaults to 30-60 min for this reason. The prior ~10 min budget risked falsely aborting (and skipping GitHub Packages for) a release that would have validated. Bump the poll to 120 x 15s. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
soamdesai-tfh
requested review from
Gr1dlock,
Guardiola31337,
SeanROlszewski,
Takaros999,
andy-t-wang,
chipp,
murph and
paolodamico
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Guardiola31337
approved these changes
Jun 16, 2026
Guardiola31337
left a comment
Guardiola31337
left a comment
Contributor
There was a problem hiding this comment.
looks good to me. i checked the release workflow wiring, central upload/validation gate, relocation pom helper, and docs. ci is green, and local dry-runs confirm the central path is only enabled with -Pidkit.publish.mavenCentral=true while the default bindings:publish path remains github packages-only.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Wires Maven Central publishing into the Kotlin release pipeline, building on the Central-ready publication from #269. On production releases the workflow now publishes
com.worldcoin:idkitto Maven Central (signed), in addition to the existing GitHub Packages publish — so consumers can useimplementation("com.worldcoin:idkit:<version>")withmavenCentral()and no authentication.Changes
publish-kotlin.yml: a production-gated "Publish to Maven Central" step that passes-Pidkit.publish.mavenCentral=trueto activate the Central repository + signing, running before the GitHub Packages step. Dev releases omit the flag and publish to GitHub Packages alone.README.md: leads with Maven Central as the no-auth install path; documents the dual publish behavior.scripts/publish-relocation-pom.sh: one-time relocation POM pointing oldcom.worldcoin:idkit-kotlinconsumers atcom.worldcoin:idkit.Verification
signMavenPublication+publishToMavenCentral; without it,publishtargets GitHub Packages only (no Central repo, no signing) — dev releases stay Central-free.The first release is USER_MANAGED (confirmed manually in the Central Portal UI); a follow-up switches it to fully automatic via
publishAndReleaseToMavenCentral.Note
Medium Risk
Changes the production release pipeline and uses signing/Central credentials, but dev releases are unchanged and GitHub Packages is gated on Central validation success.
Overview
Production Kotlin releases now upload a signed
com.worldcoin:idkitartifact to Maven Central (via-Pidkit.publish.mavenCentral=trueand:bindings:publishToMavenCentral) before the existing GitHub Packages step; dev releases still publish to GitHub Packages only.A new Wait for Maven Central validation step polls the Central Portal until the deployment is validated (or fails after ~30 minutes), so a bad Central upload blocks GitHub Packages from publishing.
kotlin/README.mdis updated to describe Maven Central as the no-auth install path and the dual publish behavior (Central + GitHub for releases; GitHub-only for dev).scripts/publish-relocation-pom.shis added as a one-time helper to publish a relocation POM from legacycom.worldcoin:idkit-kotlintocom.worldcoin:idkitafter the first Central release is live.Reviewed by Cursor Bugbot for commit ac9583b. Bugbot is set up for automated code reviews on this repo. Configure here.