From 800530756d70231f1d31e52e9d8404ce89267ea4 Mon Sep 17 00:00:00 2001
From: dyma solovei <dyma@weaviate.io>
Date: Tue, 8 Jul 2025 15:58:43 +0200
Subject: [PATCH 1/5] test: add src/it source only for generate-test-sources
 phase

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3be085185..e93ced9a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -343,7 +343,7 @@
             </execution>
             <execution>
               <id>add-test-source</id>
-              <phase>process-resources</phase>
+              <phase>generate-test-sources</phase>
               <goals>
                 <goal>add-test-source</goal>
               </goals>

From 42f6742f5f05c7c0cd263607d0d16e942349fa0b Mon Sep 17 00:00:00 2001
From: dyma solovei <dyma@weaviate.io>
Date: Tue, 8 Jul 2025 18:40:16 +0200
Subject: [PATCH 2/5] refactor: do not use lombok in Container.java

---
 src/it/java/io/weaviate/containers/Container.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/it/java/io/weaviate/containers/Container.java b/src/it/java/io/weaviate/containers/Container.java
index ee8859a18..4a95b4044 100644
--- a/src/it/java/io/weaviate/containers/Container.java
+++ b/src/it/java/io/weaviate/containers/Container.java
@@ -11,7 +11,6 @@
 import org.testcontainers.lifecycle.Startable;
 
 import io.weaviate.client6.v1.api.WeaviateClient;
-import lombok.RequiredArgsConstructor;
 
 public class Container {
   public static final Weaviate WEAVIATE = Weaviate.createDefault();
@@ -85,10 +84,13 @@ public TestRule asTestRule() {
     };
   }
 
-  @RequiredArgsConstructor
   public static class PerTestSuite implements TestRule {
     private final Startable container;
 
+    public PerTestSuite(Startable container) {
+      this.container = container;
+    }
+
     @Override
     public Statement apply(Statement base, Description description) {
       return new Statement() {

From 360d75d916f09a6b920cc4d7ec75f45c140e9c75 Mon Sep 17 00:00:00 2001
From: dyma solovei <dyma@weaviate.io>
Date: Tue, 8 Jul 2025 18:41:04 +0200
Subject: [PATCH 3/5] ci: migrate to central-publishing-maven-plugin

OSSRH platform was sunset on June 30, 2025 and the recommended way to
publish Maven artifacts is now via 'central-publishing-maven-plugin'.
https://central.sonatype.org/pages/ossrh-eol/

The new Publishing Platform doubles as a staging server and will
verify the artifact's checksums and GPG-signatures.

1. We replace nexus-staging-maven-plugin with
   central-publishing-maven-plugin and drop the explicit
   <distributionManagement> configuration (we use the plugin's default
   configuration).
2. Default settings for 'mvn deploy' is to NOT auto-publish and out wait
   until the artifact is 'verified'. We override these in our GitHub CI
   to autoPublish=true and waitUntil=published.
   This allows testing deployment changes and running mvn-deploy locally
   without running a risk of accidentally publishing an artifact.
3. Move ./decrypt_secret.sh to tools/ and add an encrypt_secret.sh
   script for convenience
4. Update create-release.yaml GH workflow
---
 .github/workflows/create-release.yaml        |  7 ++-
 pom.xml                                      | 55 ++++++++------------
 decrypt_secret.sh => tools/decrypt_secret.sh |  1 +
 tools/encrypt_secret.sh                      | 27 ++++++++++
 4 files changed, 55 insertions(+), 35 deletions(-)
 rename decrypt_secret.sh => tools/decrypt_secret.sh (96%)
 create mode 100755 tools/encrypt_secret.sh

diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
index fa23a1aa4..5a639615c 100644
--- a/.github/workflows/create-release.yaml
+++ b/.github/workflows/create-release.yaml
@@ -16,7 +16,7 @@ jobs:
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
-          ./decrypt_secret.sh
+          ./tools/decrypt_secret.sh
       - name: Deploy
         env:
           OKTA_DUMMY_CI_PW: ${{ secrets.OKTA_DUMMY_CI_PW }}
@@ -26,7 +26,10 @@ jobs:
         run: |
           export GPG_TTY=$(tty)
           mvn -DskipTests clean package
-          mvn -s settings.xml deploy
+          mvn -s settings.xml \
+          -Dcentral-publishing.autoPublish=true \
+          -Dcentral-publishing.waitUntil=published \
+          deploy
       - name: Archive artifacts
         uses: actions/upload-artifact@v4
         with:
diff --git a/pom.xml b/pom.xml
index e93ced9a8..8576d7044 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,8 +7,8 @@
   <packaging>jar</packaging>
   <version>6.0.0-SNAPSHOT</version>
 
-  <name>Weaviate Java Client</name>
-  <description>A Java client for Weaviate Vector Search Engine</description>
+  <name>${project.groupId}:${project.artifactId}</name>
+  <description>Official Java client for Weaviate Vector Search Engine</description>
   <url>https://github.com/weaviate/java-client</url>
 
   <organization>
@@ -45,17 +45,6 @@
     <tag>6.0.0-beta2</tag>
   </scm>
 
-  <distributionManagement>
-    <snapshotRepository>
-      <id>ossrh</id>
-      <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url>
-    </snapshotRepository>
-    <repository>
-      <id>ossrh</id>
-      <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-    </repository>
-  </distributionManagement>
-
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.sourceEncoding>UTF-8</project.reporting.sourceEncoding>
@@ -392,7 +381,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-gpg-plugin</artifactId>
-          <version>1.6</version>
+          <version>3.2.8</version>
           <executions>
             <execution>
               <id>sign-artifacts</id>
@@ -401,9 +390,9 @@
                 <goal>sign</goal>
               </goals>
               <configuration>
+                <!-- ${gpg.keyname} is set in settings.xml from settings.tar.gpg archive -->
                 <useAgent>true</useAgent>
-                <keyname>${gpg.keyname}</keyname>
-                <passphraseServerId>${gpg.keyname}</passphraseServerId>
+                <bestPractices>true</bestPractices>
                 <gpgArguments>
                   <arg>--batch</arg>
                   <arg>--pinentry-mode</arg>
@@ -421,6 +410,10 @@
           <artifactId>maven-install-plugin</artifactId>
           <version>3.0.0-M1</version>
         </plugin>
+
+        <!-- Maven includes maven-deploy-plugin by default, but we want to delegate -->
+        <!-- deployement to a third-party plugin. We add this entry to override <skip> -->
+        <!-- and ensure we dont' accidentaily publish twice. -->
         <plugin>
           <artifactId>maven-deploy-plugin</artifactId>
           <version>3.0.0-M1</version>
@@ -428,26 +421,22 @@
             <skip>true</skip>
           </configuration>
         </plugin>
+
         <plugin>
-          <groupId>org.sonatype.plugins</groupId>
-          <artifactId>nexus-staging-maven-plugin</artifactId>
-          <version>1.6.13</version>
+          <groupId>org.sonatype.central</groupId>
+          <artifactId>central-publishing-maven-plugin</artifactId>
+          <version>0.8.0</version>
           <extensions>true</extensions>
-          <executions>
-            <execution>
-              <id>default-deploy</id>
-              <phase>deploy</phase>
-              <goals>
-                <goal>deploy</goal>
-              </goals>
-            </execution>
-          </executions>
           <configuration>
-            <serverId>ossrh</serverId>
-            <nexusUrl>https://s01.oss.sonatype.org</nexusUrl>
-            <autoReleaseAfterClose>true</autoReleaseAfterClose>
+            <!-- Auto-publishing is disabled by default to prevent accidental deployments. -->
+            <!-- When testing, it is therefore safe to run `mvn deploy` from your local machine, -->
+            <!-- as publishing will require manual action. -->
+            <!-- In CI we override this option to true and waitUtil=published. -->
+            <autoPublish>${central-publishing.autoPublish}</autoPublish>
+            <waitUntil>${central-publishing.waitUntil}</waitUntil>
           </configuration>
         </plugin>
+
         <plugin>
           <artifactId>maven-site-plugin</artifactId>
           <version>3.9.1</version>
@@ -484,8 +473,8 @@
         <artifactId>maven-gpg-plugin</artifactId>
       </plugin>
       <plugin>
-        <groupId>org.sonatype.plugins</groupId>
-        <artifactId>nexus-staging-maven-plugin</artifactId>
+        <groupId>org.sonatype.central</groupId>
+        <artifactId>central-publishing-maven-plugin</artifactId>
       </plugin>
     </plugins>
   </build>
diff --git a/decrypt_secret.sh b/tools/decrypt_secret.sh
similarity index 96%
rename from decrypt_secret.sh
rename to tools/decrypt_secret.sh
index c43ade4b5..672b524e0 100755
--- a/decrypt_secret.sh
+++ b/tools/decrypt_secret.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+# Options:
 # --batch to prevent interactive command
 # --yes to assume "yes" for questions
 gpg --quiet --batch --yes --decrypt --passphrase="$GPG_PASSPHRASE" --output secrets.tar secrets.tar.gpg
diff --git a/tools/encrypt_secret.sh b/tools/encrypt_secret.sh
new file mode 100755
index 000000000..5451af882
--- /dev/null
+++ b/tools/encrypt_secret.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script generates a GPG-ecrypted tarball with our signing GPG key
+# and Maven Central Repository credentials.
+#
+# Make sure that key.gpg, settings.xml, and passphrase.env exist in the current directory.
+# Delete these files after the script has run. Only commit secrets.tar.gpg!
+
+rm -f secrets.tar &&
+  tar --no-xattrs -czf secrets.tar key.gpg settings.xml passphrase.env
+
+rm -f secrets.tar.gpg &&
+  gpg --batch --symmetric \
+  --passphrase "$GPG_PASSPHRASE" \
+  --output secrets.tar.gpg \
+  secrets.tar
+
+rm -f secrets.tar
+
+echo "Tarball secrets.tar.gpg generated successfully."
+echo "Remember to delete the plaintext files. Only commit secrets.tar.gpg to source control!"
+echo
+echo "  \$ git add secrets.tar.gpg && git commit -m 'ci: update secrets.tar.gpg'"
+echo "  \$ rm key.gpg settings.xml passphrase.env"
+echo
+

From eff7a1e547447deb8a8f0397ab43d7d2d7f73af8 Mon Sep 17 00:00:00 2001
From: dyma solovei <dyma@weaviate.io>
Date: Tue, 8 Jul 2025 23:02:04 +0200
Subject: [PATCH 4/5] ci: update secrets.tar.gpg

settings.xml have new username and password for Central Maven Repository
Publishing Platform.

Removed <server> configuration that was used to pass the GPG passphrase to
gpg-maven-plugin, as the recommended method is via an env variable.

Added autoPublish and waitUntil properties to control deployment behavior.
---
 secrets.tar.gpg | Bin 1384 -> 1600 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/secrets.tar.gpg b/secrets.tar.gpg
index 78ea9a529a74068930320b0469a8a12cc0979673..26523a2f794604afc8a28f851ae52664b4e6637c 100644
GIT binary patch
literal 1600
zcmV-G2EX}?4Fm}T2>W(jgH>e!asSfAZUOXF$GDX_8ARm+X-6WTCgAShj#=^a^e7d9
ziOF-DCe7#80)M(Q7};*Lo|y6u<xqz^YN@WTC@QYZ{rlGgg>(WVD2^(K7{z)A=5x*8
zh+bW?u{|*8Xj;we_#&3u#>3GkSJ3AH9PR#V9iX-Da=EmR-k;iu$Co$2_Ez^jm))r3
zF$!}6nP!BMc-85eBmd*>qcH&9a4Sh%V>R@I1}jfZd?!P5&w*3sr%b(~4*88a(LD7c
z)~C#_1D<+zbPmwZ3&7Q2=XGigGKx!TUrd}qz?`704aFH-KUL3S>oyq|rWZuC6~+hf
z;%e6xh9GC*@Vn`RwZHoD;Y0)2>lFB&sp@I2$$ZiU!F-*yAxudc?RLixf*I1djz38c
z)pM4@Q`rE##?_504#5GA0esH`JJqzgxfD^pN^;Y3Di0irbG>ZcBBuVH;)fFV-}*<?
zDuOc4SIq@FgV6)iMm1Y#%{c6|1(t~s)R`97S}ae|OCceXc3vE!3Alk^LkP#B(?>cd
zYa0C@sM%F81c;!x#<%jGL+kf9d0llrMx8P}!{1EIaq6wSjsT8WNC_g*IEGfHrau|`
z5FHiJD+|b<v*TX~Txc&ZC|<-SXimU&*opQJgatV<9Z_gU^$1^|9MfA7PeEZ7oVfs2
z#Gob97ZhlWoJs*+!g%jG3<)gXRT=Cl;`U$knK`G6Z5Yg~E+PJ#t5;+glf{3MNxK5@
zs@}+mQ1(2v_X=dm+EEi_ctHo+^9Py=?!{!8P#=BNL9Dj0uF1XeW3i%Lt}Di7j0Q+9
zX(>N`GKv5Xs8WC5=i0McWecD2DJ*mv%aZlU3VBu+!-9x)>PDwCDMkNsV4pch=OO|Y
zJgV;IPwDZ68)rM8xB*`#<hPP^nIZt1Y%?XMxK=^sR5UtiowyiNn5-w<tHrwsRscq&
z#hGQJ;Uj*|&wezkG06j)t6JE;wt7>4fq2B@tovFgx%?4>N9-4LPiEn&9;7gGh9a`=
zCYu2iz&RZz5M)pjN+g!D``1GkdIJ~;?XG@7uhG9sl+u603P%D=lZ3f5f|ZLm(~>Z6
zL|?YyF-)}y&wL{Cm7M|jE|>2(Vx}86-!dug=RJ`?1$@<wTN#$Y+uFYnrleP}U6(9@
zWp&=^&i}|O$)o8i)5@3zF@)6H42A+b5dUNz0F*m8z1!f=%l4lJ<K9|E3<32lS4u&B
zD8<L^aeK%<&yt0FnByQ|(`ZSjojD8hvkA<)`)CIbi`p*FvvagD*>V0Y^PQ@})thKw
zd0sMEl2=`wvGoB<w@x{-iM+XmOUTz2ssgA4qdWyLNM&M{fZQPY#@Y#hM-^G1jcOvm
za7?|ZnBQh4BzR|4f&wRd!oBL>7CW(Em-mBB-ges64A2x(ET5nV$v`j*Whi??pRcFu
zbD}f#$q*L7J6`6<FJ~s`HI8wsO0~u2sMFx(%f1L#Fq+GVQ+}e5m;-obM{kf?A~1~=
z7u>AB0-%R{O(1UMK*u^+4Q^k>JlJOb*dQP-LleBGHW*ah{OtKcQyqDPkI7=i9DlIa
zqN*XXWim5{86w*CWyg~`$_h2?U*O##6|pB?G94EUOeQ5Z)xgE#`O##WP0A22Ru6fO
zZyonDoHO`kxCd)xPg&7XzII`t%q)(+v6_s0mF>#{Gf8~noN$#89FlA~PK1qvjNs{;
z*@P^rcel8db%8aq6?hfhpvAJPxrY8LZ38zq%$D6J%#uTRCSx8rXB5q@3j>O}hzwzt
z5Fnz`Zcs~|D}0L>@`4DP2c=bSY-r=Th#Vc^)2q|Jw^Fi0pz=)G<^byrdZ(2O`r=V_
zR_L03!8DAA)l_A9A1t%U0<Z}U_{^%rW()dmvq)cSifxp0q!a`lS+4Z`0)<QKR;O4D
zH&wyN-3Iab9Jq(~>d0WneyPt49!wXhRQBE&*TyaYiWxH+zWT4fvqJt-m;`nsScIMw
zMeyS?B*%$X=n7%<F9?!6vVa=ssHkE|x5}`2q4yo3Di&e!0ip}K3#%3zyN14)Z<50;
ye&CB8#$9=Q2V~{hMuoZ_!zgeAtgl4xA=pH-%Up1mWLP&gR1i3pG4VW-ZmGWGxd@s7

literal 1384
zcmV-u1(*7a4Fm}T2z4TO#}cZOb@<Zi0dugo%>j-)bMZG7uvx)M^>@x6oC0EDs*T(i
z7TP0Cxu_QjPO5!{#|}Vu42)EwQB*b-0GZT1G0`pvtQS|rS->y_y~MVOw>1Ag%9^pf
z`PH>;>E^($hn|q$uMD$d-(2fTeQqkA5B$+}n-#~#F3bLN%cV+GS2ozfHJKI8#h&TH
z3E30vuo32Gu2=SKnM*(CwZU+)xoWB<?k`v**vZ46U|kz8JHx+Ffld;R4=)<@WN%9>
zaMR`8c$&*^m^=@&N5RH!ql3Cm`)iO2USdi@cg+qL_sdJvtq1fQcKD85tacc<7BJo5
zA8Vq+I+|I{-dg)MgjRGxJy*Ar&v6(kbcx&mxHmPE$@O~-e(wpT4VM+?W1V0fBt$-S
zygtMjSpVB3v(9{%)xZk;Xe!qH0O{T5S(hn+SCIO%v<by#B<lh6<3&~WE^RTGBZGc+
zIum_+WVYbc?w2}4r#ZBYYfT4vte3G;Y0M|3Z7od@zP9&9JUB#<$-7VaC^VxM4j`fF
zjTnafmZNp8;QHBCD{7quNlZ28a{1V6rr7X3KoMlpHIEdH<$7tC=CB@)pOLCKjDlF@
zTbmq|<-Y+5D6~$3vb6>-v8uOb<4V*MDHkoZ`O8bOyVn_rY1Yi=1zW2duK1VvB@L^z
z7SS^3r6y?tp1Ov1yl4!G4n9X0W8`)HE_!XNKzXD>LkY=GmL;eC)ltr`XP6nLTX?9o
ziR<#?^?DBp&y*oSe75u}Ro96MvvRpPo7rx2$1?HWpGw;-%WvlvO+sU}eQVZ30!Y~k
z2pp>shTbR;MJPdKW<uWZ2;J97!sco)$_GLrP{e&)T|(*t!<>K_t>;0?JNCmF$l0MJ
zNk7n=Zo=FH*}%$pD_qwBh(L{o3_>|G)dxMT$SGF;h@Hx5bJxf;S<UfWVCb;I@g^zf
ztUIm5Qp!e^lmZ<{U@<PfS@N!|Y-}S-Tcc$qNSeJHHm}>Yl7~L8x^@5_TJRkgx9#{i
zpa}I7{rcNi=3zF<r|P2W)Y`sK@-^{gPZnSwG34aKEtKBNjiiiaTtVxYm!yyMTdQtD
z8rH;!%4JWPnLv7^lb(VY=H>&U!n%DXz)_-+t>Ih@=6|4eL)ORHa(kovb^TW105}Fg
zJ<F|{A1iuqHDV$nGkU3)#Mh+m7mH0J>0J(~VyuTqqJ|4M83XV5;^~;kPBnO`7_ymR
zm|9ZFS1ws>;&2C@+NspxxS1yaNq&c?qH8Jn({l7AYrX!zK=&%=VE^+dZa-?YsPCV+
zE#{Jpa(cT%KHaq4`83q#k1!$R^?Q?^nf!oCTD)J(%eB0cL3-3+k+6fGDigdBLuXg$
zO(wvd00LKGz?GrPhHZ<@lCo({`8f{Nz1rznAHR58%^fP|fncNuedCddGJH1R%81;8
z<F(Am<g59^pkj#P<N7;&?#g>ycvD<d`Pb&upKS@?Rbq)h0kYWqOW$pj4gY^XR;7M`
z+w;y5P0F95?s*_QF;HkfG#HaTLjru{<jwYQZ}ScIF|^x|@I$GS!7@4v7xZF*jG>MB
zjeTlBP4KHsaa<9{&MY(2F||<OKOB#INuCKzCrZs&FS~t&y(Lm$e|Fl@HyNgbu%Y<^
z-}cXZYZ*7wu=U*<enGrpbh*hA=}Py^BVrpv!h&}A47KMidKzSx2KTB*SQ#mOt>rY%
zS<+Almz28iOk1r{M{Ly%cs!~>ygKS@Krs_r_lI>YKp{(#*Kp2N4u1Nv*-DVR|J1Gc
qCG6dMNUiWtp=(jKbfD1$m$^rH!@Q{3JY#uG<5A2g#Qw#g=JX_!&A<o%


From 983305cb6b776aa13ba9c8ca0703ad295d4e3562 Mon Sep 17 00:00:00 2001
From: dyma solovei <dyma@weaviate.io>
Date: Wed, 9 Jul 2025 09:01:33 +0200
Subject: [PATCH 5/5] fix(ci): source passphrase.env before running mvn deploy

---
 .github/workflows/create-release.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
index 5a639615c..f2fdf745d 100644
--- a/.github/workflows/create-release.yaml
+++ b/.github/workflows/create-release.yaml
@@ -25,6 +25,7 @@ jobs:
           AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
         run: |
           export GPG_TTY=$(tty)
+          source ./passphrase.env # load $MAVEN_GPG_PASSHRASE for maven-gpg-plugin
           mvn -DskipTests clean package
           mvn -s settings.xml \
           -Dcentral-publishing.autoPublish=true \