Maven central

.github/workflows/deploy-release.yml

@@ -0,0 +1,103 @@
+# Expected secrets
+# MAVEN_CENTRAL_USERNAME - Username for Maven Central.
+# MAVEN_CENTRAL_PASSWORD - Password for Maven Central.
+# MAVEN_SIGNING_KEY_ASCII - GPG key without a password which has ASCII-armored and then BASE64-encoded.
+#
+#name: Deploy Release
+#
+#on:
+#  workflow_dispatch:
+#
+#concurrency: deploy_release
+#
+#jobs:
+#  validate_gradle_wrapper:
+#    runs-on: ubuntu-latest
+#    permissions:
+#      contents: read
+#    steps:
+#      - name: Checkout
+#        timeout-minutes: 1
+#        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+#      # Gradle Wrapper validation can be flaky
+#      # https://github.com/gradle/wrapper-validation-action/issues/40
+#      - name: Gradle Wrapper Validation
+#        timeout-minutes: 1
+#        uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6
+#
+#  check_secrets:
+#    environment: deployment
+#    permissions:
+#      contents: read
+#    runs-on: ubuntu-latest
+#    outputs:
+#      has-secrets: ${{ steps.check_secrets.outputs.defined }}
+#    steps:
+#      - id: check_secrets
+#        env:
+#          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+#          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+#          MAVEN_SIGNING_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
+#        if: "${{ env.MAVEN_CENTRAL_USERNAME != '' && env.MAVEN_CENTRAL_PASSWORD != '' && env.MAVEN_SIGNING_KEY != '' }}"
+#        run: echo "::set-output name=defined::true"
+#
+#  deploy_release:
+#    environment: deployment
+#    if: needs.check_secrets.outputs.has-secrets == 'true'
+#    needs: [validate_gradle_wrapper, check_secrets]
+#    runs-on: ubuntu-latest
+#    permissions:
+#      contents: read
+#    steps:
+#      - name: Checkout
+#        timeout-minutes: 1
+#        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+#      - name: Set up Java
+#        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+#        timeout-minutes: 1
+#        with:
+#          distribution: 'temurin'
+#          java-version: 17
+#      - name: Set up Gradle
+#        uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1
+#        timeout-minutes: 10
+#        with:
+#          gradle-home-cache-cleanup: true
+#      # While not strictly necessary, this sanity checks the build before attempting to upload.
+#      # This adds minimal additional build time, since most of the work is cached and re-used
+#      # in the next step.
+#      - name: Deploy to Maven Local
+#        timeout-minutes: 25
+#        env:
+#          ORG_GRADLE_PROJECT_IS_SNAPSHOT: false
+#          ORG_GRADLE_PROJECT_NATIVE_TARGETS_ENABLED: false
+#          ORG_GRADLE_PROJECT_ZECDEV_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
+#        run: |
+#          ./gradlew publishAllPublicationsToMavenLocalRepository --no-parallel
+#      - name: Deploy to Maven Central
+#        timeout-minutes: 5
+#        env:
+#          ORG_GRADLE_PROJECT_IS_SNAPSHOT: false
+#          ORG_GRADLE_PROJECT_NATIVE_TARGETS_ENABLED: false
+#          ORG_GRADLE_PROJECT_ZECDEV_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
+#          ORG_GRADLE_PROJECT_ZECDEV_MAVEN_PUBLISH_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+#          ORG_GRADLE_PROJECT_ZECDEV_MAVEN_PUBLISH_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+#        run: |
+#          ./gradlew publishAllPublicationsToMavenCentralRepository --no-parallel
+#      - name: Collect Artifacts
+#        timeout-minutes: 1
+#        if: ${{ always() }}
+#        run: |
+#          export ARTIFACTS_DIR_PATH=~/artifacts
+#          export BINARIES_ZIP_PATH=${ARTIFACTS_DIR_PATH}/release_binaries.zip
+#
+#          mkdir ${ARTIFACTS_DIR_PATH}
+#
+#          zip -r ${BINARIES_ZIP_PATH} . -i *build/libs/*
+#      - name: Upload Artifacts
+#        if: ${{ always() }}
+#        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
+#        timeout-minutes: 1
+#        with:
+#          name: Release binaries
+#          path: ~/artifacts

CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [Unreleased]
+Changed package name and prepared for Maven Central publishing.
+
 ## 0.0.2
 
 ### Added 

SECURITY.md

@@ -0,0 +1,53 @@
+This page is copyright ZecDev.org, 2024. It is posted in order to conform to this standard: https://github.com/RD-Crypto-Spec/Responsible-Disclosure/tree/d47a5a3dafa5942c8849a93441745fdd186731e6
+
+# Security Disclosures
+
+## Disclosure Principles
+
+ZecDev's security disclosure process aims to achieve the following goals:
+- protecting ZecDev's users and the wider ecosystem
+- respecting the work of security researchers
+- improving the ongoing health of the Zcash ecosystem
+
+Specifically, we will:
+- assume good faith from researchers and ecosystem partners
+- operate a no fault process, focusing on the technical issues
+- work with security researchers, regardless of how they choose to disclose issues
+
+## Receiving Disclosures
+
+ZecDev.org is committed to working with researchers who submit security vulnerability notifications to us to resolve those issues on an appropriate timeline and perform a coordinated release, giving credit to the reporter if they would like.
+
+Our best contact for security issues is [email protected].
+
+## Sending Disclosures
+
+In the case where we become aware of security issues affecting other projects that has never affected ZecDev's projects, our intention is to inform those projects of security issues on a best effort basis.
+
+In the case where we fix a security issue in our projects that also affects the following neighboring projects, our intention is to engage in responsible disclosures with them as described in https://github.com/RD-Crypto-Spec/Responsible-Disclosure, subject to the deviations described in the section at the bottom of this document.
+
+## Deviations from the Standard
+
+The standard describes reporters of vulnerabilities including full details of an issue, in order to reproduce it. This is necessary for instance in the case of an external researcher both demonstrating and proving that there really is a security issue, and that security issue really has the impact that they say it has - allowing the development team to accurately prioritize and resolve the issue.
+
+For the case our assessment determines so, we might decide not to include those details with our reports to partners ahead of coordinated release, so long as we are sure that they are vulnerable.
+
+
+Below you can find [email protected] PGP pub key.
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xjMEZvruLhYJKwYBBAHaRw8BAQdAidX5sDkbrVGcRp3RIhhJoXPdsqBM5slk
+8H3mgs+EhFXNKXNlY3VyaXR5QHplY2Rldi5vcmcgPHNlY3VyaXR5QHplY2Rl
+di5vcmc+wowEEBYKAD4Fgmb67i4ECwkHCAmQ0hYruZ0SM+QDFQgKBBYAAgEC
+GQECmwMCHgEWIQRdDkFAkPdo3dHRpRTSFiu5nRIz5AAAcFsBAIpCq9AGvFdc
+M9MYKCkstRMrltnhKsdnVs97oegM8HCsAQDTEB3GZn3kJGG1kCa+Wy0C1zZO
+FDTB0P3eBBLOr84oAM44BGb67i4SCisGAQQBl1UBBQEBB0C53DLo7aTs/6fC
+j4Hvjr7l7993eKZhb6RPqGeWt4xdLwMBCAfCeAQYFgoAKgWCZvruLgmQ0hYr
+uZ0SM+QCmwwWIQRdDkFAkPdo3dHRpRTSFiu5nRIz5AAANOYA+QGte85uZHxI
+9o29GbPndaoSUo6+3+YS9m1oqzJjmg4tAQD2RvYflmx7vIQirGvfaCwumN3v
+DzIvY8Qt3jfH4WJXBw==
+=AQmT
+-----END PGP PUBLIC KEY BLOCK-----
+```
+

gradle.properties

@@ -0,0 +1,11 @@
+## Configure these with command line arguments (`-PZECDEV_MAVEN_PUBLISH_USERNAME=`), environment variables (`ORG_GRADLE_PROJECT_ZECDEV_MAVEN_PUBLISH_USERNAME`), or global ~/.gradle/gradle.properties
+ZECDEV_MAVEN_PUBLISH_USERNAME=
+ZECDEV_MAVEN_PUBLISH_PASSWORD=
+# GPG key is only needed if RELEASE_SIGNING_ENABLED is true
+# GPG key is ASCII armored without a password, then Base64 encoded to escape the newlines
+ZECDEV_ASCII_GPG_KEY=
+
+# Configures whether release is an unstable snapshot, therefore published to the ZECDEV_MAVEN_PUBLISH_SNAPSHOT_URL
+IS_SNAPSHOT=false
+
+LIBRARY_VERSION=0.0.3

gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,6 @@
+#Mon Sep 30 23:03:49 ART 2024
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip
-networkTimeout=10000
-validateDistributionUrl=true
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

lib/build.gradle.kts

@@ -1,3 +1,5 @@
+import java.util.Base64
+import org.jreleaser.model.Active
 /*
  * This file was generated by the Gradle 'init' task.
  *
@@ -7,11 +9,14 @@
 
 plugins {
     // Apply the org.jetbrains.kotlin.jvm Plugin to add support for Kotlin.
-    id("org.jetbrains.kotlin.jvm") version "1.8.20"
-    id("io.kotest") version "0.4.10"
-    id("org.jlleitschuh.gradle.ktlint") version "11.6.1"
-    id("io.gitlab.arturbosch.detekt").version("1.23.3")
+    id("org.jetbrains.kotlin.jvm") version "2.0.20"
+    id("io.kotest") version "0.4.11"
+    id("org.jlleitschuh.gradle.ktlint") version "12.1.1"
+    id("io.gitlab.arturbosch.detekt") version "1.23.7"
 
+    `maven-publish`
+    id("org.jreleaser") version "1.14.0"
+    signing
     // Apply the java-library plugin for API and implementation separation.
     `java-library`
 }
@@ -23,10 +28,10 @@ repositories {
 
 dependencies {
     // Use kotest
-    testImplementation("io.kotest:kotest-runner-junit5:5.8.0")
-    testImplementation("io.kotest:kotest-property:5.8.0")
-    testImplementation("io.kotest:kotest-assertions-core-jvm:5.8.0")
-    testImplementation("io.kotest:kotest-framework-engine-jvm:5.8.0")
+    testImplementation("io.kotest:kotest-runner-junit5:5.9.0")
+    testImplementation("io.kotest:kotest-property:5.9.0")
+    testImplementation("io.kotest:kotest-assertions-core-jvm:5.9.0")
+    testImplementation("io.kotest:kotest-framework-engine-jvm:5.9.0")
 
     // Use Detekt
     detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.23.3")
@@ -53,11 +58,20 @@ tasks.withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
 
 // Apply a specific Java toolchain to ease working on different environments.
 java {
+
+    withJavadocJar()
+    withSourcesJar()
     toolchain {
-        languageVersion.set(JavaLanguageVersion.of(19))
+        languageVersion.set(JavaLanguageVersion.of(21))
     }
 }
 
+//tasks.jar{
+//    enabled = true
+//    // Remove `plain` postfix from jar file name
+//    archiveClassifier.set("")
+//}
+
 tasks.withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
     reports {
         html.required.set(true) // observe findings in your browser with structure and code snippets
@@ -72,3 +86,110 @@ tasks.named<Test>("test") {
     // Use JUnit Platform for unit tests.
     useJUnitPlatform()
 }
+
+
+val publicationVariant = "release"
+val myVersion = project.property("LIBRARY_VERSION").toString()
+val myArtifactId = "zip321"
+val isSnapshot = project.property("IS_SNAPSHOT").toString().toBoolean()
+val myDescription = "A concise implementation of ZIP-321 in Kotlin."
+val myRepoUrl = "https://github.com/zecdev/zcash-kotlin-payment-uri"
+val myGroupId = "org.zecdev"
+jreleaser {
+    gitRootSearch.set(true)
+    version = myVersion
+
+    signing {
+        active.set(Active.ALWAYS)
+        armored.set(true)
+    }
+
+    deploy {
+        active.set(Active.ALWAYS)
+        maven {
+            active.set(Active.ALWAYS)
+            pomchecker {
+                version.set("1.12.0")
+                failOnWarning.set(false)
+                failOnError.set(true)
+            }
+            project {
+                description.set("A concise implementation of ZIP-321 in Kotlin.")
+                copyright.set("Copyright ZecDev.Org.")
+                license.set("The MIT License.")
+            }
+            mavenCentral {
+                active.set(Active.ALWAYS)
+                create("maven-central") {
+                    active.set(Active.ALWAYS)
+                    url.set("https://central.sonatype.com/api/v1/publisher")
+                    stagingRepository("build/staging-deploy")
+
+                }
+            }
+
+        }
+    }
+}
+
+publishing {
+    publications {
+        create<MavenPublication>("Maven") {
+            from(components["java"])  // Publish the "java" component (the jar file)
+
+            groupId = myGroupId
+            artifactId = myArtifactId
+            version = myVersion
+            description = myDescription
+
+            pom {
+                artifactId = myArtifactId
+                groupId = myGroupId
+                name.set("Zcash Kotlin Payment URI")
+                description.set(myDescription)
+                url.set(myRepoUrl)
+                inceptionYear.set("2023")
+                scm {
+                    url.set(myRepoUrl)
+                    connection.set("scm:git:git://github.com/zecdev/zcash-kotlin-payment-uri.git")
+                    developerConnection.set("scm:git:ssh://[email protected]/zecdev/zcash-kotlin-payment-uri.git")
+                }
+                developers {
+                    developer {
+                        id.set("ZecDev")
+                        name.set("ZecDev")
+                        url.set("https://github.com/zecdev")
+                    }
+                }
+                licenses {
+                    license {
+                        name.set("The MIT License")
+                        url.set("https://opensource.org/licenses/MIT")
+                        distribution.set("repo")
+                    }
+                }
+            }
+        }
+    }
+    repositories {
+        maven {
+            url = layout.buildDirectory.dir("staging-deploy").get().asFile.toURI()
+        }
+    }
+}
+
+
+
+// Workaround for:
+// - https://youtrack.jetbrains.com/issue/KT-46466
+// - https://github.com/gradle/gradle/issues/26091
+// A problem was found with the configuration of task ':bip39-lib:signKotlinMultiplatformPublication' (type 'Sign').
+// Gradle detected a problem with the following location:
+// '/home/runner/work/kotlin-bip39/kotlin-bip39/bip39-lib/build/libs/bip39-lib-javadoc.jar.asc'.
+// Reason: Task ':bip39-lib:publishJvmPublicationToMavenLocalRepository' uses this output of task
+// ':bip39-lib:signKotlinMultiplatformPublication' without declaring an explicit or implicit
+// dependency. This can lead to incorrect results being produced, depending on what order the tasks are executed.
+//val signingTasks = tasks.withType<Sign>()
+//tasks.withType<AbstractPublishToMaven>().configureEach {
+//    dependsOn(signingTasks)
+//}