Maven Central, administered by Sonatype, is the de-facto artifact repository for JVM-based languages like Scala & Kotlin - for Typescript/JavaScript, the equivalent would be the npm Registry.
At the Guardian we publish many libraries to Maven Central, and are standardising on reusable automated GitHub Action release workflows with these aims:
- achieve zero-onboarding for new developers: Any developer who has
writeaccess to a repo should be able to publish a release of the library, at the click of a button. - securely handle release credentials - only allow access to release credentials for parts of the release process that need them.
- automated version compatibility checking - to avoid binary-incompatibility causing runtime errors.
- reduce per-repo config - adding library-publishing to a repo should add minimal boilerplate.
As our automated GitHub Action workflows provide all the access that most users need, we have very few user accounts with direct admin access to Maven Central/Sonatype. If necessary, see the docs on credential rotation & account recovery.
Scala is our most common language for JVM-language artifacts. Any Guardian repo publishing a library
should use gha-scala-library-release-workflow,
which provides many lovely benefits & features.
See how to configure a repo to use the workflow.
We're working on adopting a similar approach for our Android/Kotlin libraries, see eg: