[MOSIP-43648] Update pom.xml

[Prafulrakhade]

Summary by CodeRabbit

• Chores
  • Switched artifact publishing to centralized Maven/Sonatype endpoints for releases and snapshots.
  • Selectively disabled Java 21-specific artifact entries (commented out) to gate Java 21 deployments.
  • Upgraded the build environment's Maven installation to a newer patch release.

[coderabbitai]

Warning

Rate limit exceeded

@Prafulrakhade has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 9 minutes and 21 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 7ead0f4 and 9026f7e.

📒 Files selected for processing (1)

• artifacts/pom.xml (11 hunks)

Walkthrough

Replaced ossrh repository block in artifacts/pom.xml with a MavenCentralRepository and updated distributionManagement snapshot/release URLs to Sonatype central endpoints. Bumped Maven in artifacts/Dockerfile from 3.8.8 to 3.8.9 and adjusted download/extract/cleanup steps.

Changes

Cohort / File(s)	Summary
Maven repository and distribution config artifacts/pom.xml	Replaced ossrh repository block with MavenCentralRepository (id, name, url) pointing to Sonatype central snapshots; updated distributionManagement snapshotRepository and repository deployment URLs to Sonatype central endpoints. Several Java 21-related artifact/version lines were commented out.
Build image: Maven version bump artifacts/Dockerfile	Updated Maven download URL and installation steps to use Maven 3.8.9 (replaced 3.8.8 references, updated tarball/extraction/cleanup commands).

Sequence Diagram(s)

(Skipped — changes are configuration and a version bump; no runtime/control-flow changes to visualize.)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify Sonatype repository URLs and IDs match intended publishing targets and credentials.
• Confirm distributionManagement release repository URL is the correct deployment endpoint.
• Check Dockerfile Maven install steps (tarball name/path and cleanup) and CI compatibility.

Poem

🐰 I hopped through pom and Dockerfile today,
Swapped old ossrh paths for central display,
Upgraded Maven, cleaned a stray tar,
Commented bits for Java twenty-one afar,
Tiny paws cheer every publish play. 🥕📦

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The pull request title only mentions updating pom.xml but ignores the significant Dockerfile change and the substantive repository configuration updates, making it incomplete and not reflective of the main changeset.	Update the title to reflect both key changes, such as 'MOSIP-43648 Update repository endpoints and Maven version' or similar to capture the scope of modifications.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

artifacts/pom.xml (1)

48-48: Renaming repository ID is safe—no codebase references exist outside pom.xml.

Verification confirms that the ossrh ID is referenced only within artifacts/pom.xml (lines 48, 60, 64). No external configuration files, CI/CD workflows, or Maven settings files in the codebase reference this ID. Renaming to sonatype-central or similar would be safe and improve clarity, though it remains optional if you prefer to maintain the historical ID name for consistency with external user configurations.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 548e83b and 4953f12.

📒 Files selected for processing (1)

• artifacts/pom.xml (1 hunks)

🔇 Additional comments (2)

artifacts/pom.xml (2)

59-66: I need to verify the correct Maven Central release endpoint. The snapshot URL appears in documentation but both endpoints returned 404. Let me search for the correct release deployment method.

Based on the web search results, I can now provide a comprehensive rewritten review comment.

The publisher API endpoint (https://central.sonatype.com/api/v1/publisher/upload) is documented and used for uploading bundles, and the snapshot repository URL (https://central.sonatype.com/repository/maven-snapshots/) is the correct endpoint for Maven snapshot deployments.

The 404 responses from the curl test are expected behavior—requests to the API must be authenticated via a user token header. Unauthenticated requests to these endpoints will return authentication errors rather than being reachable without credentials.

However, there is a structural concern: the <repository> element (line 65) is typically used for release artifacts, but the /api/v1/publisher endpoint is designed for POST requests to manage deployments rather than standard Maven repository PUT deployments. Using /api/v1/publisher in the <repository> URL field may not work with standard Maven deploy plugins expecting Maven 2 repository structure.

For standard Maven deployments:

• Snapshots to /repository/maven-snapshots/ (line 61) is correct
• Releases should use a proper Maven 2 repository endpoint structure, not the publisher API

Verify that the release deployment method is compatible with your build tool and authentication strategy. If using the central-publishing-maven-plugin or similar, consult its documentation for the correct URL configuration. If using standard Maven deploy, the publisher API endpoint requires different handling (upload, validate, then publish via separate API calls).

---

48-55: Configuration verified—Sonatype endpoints are correct for 2025.

Both repository endpoints are valid and recommended:

• Snapshot repository: https://central.sonatype.com/repository/maven-snapshots/ is correct
• Publisher endpoint: https://central.sonatype.com/api/v1/publisher is the valid Central Portal Publisher API base

The "ossrh" ID is legacy naming but remains functional for Central Portal configurations. No changes required.