diff --git a/RELEASE-CHECKLIST.md b/RELEASE-CHECKLIST.md
new file mode 100644
index 0000000..ce4c3ee
--- /dev/null
+++ b/RELEASE-CHECKLIST.md
@@ -0,0 +1,10 @@
+# Release Checklist for the SPDX Spreadsheet Store
+
+- [ ] Check for any warnings from the compiler and findbugs
+- [ ] Run unit tests for all packages that depend on the library
+- [ ] Run dependency check to find any potential vulnerabilities `mvn dependency-check:check`
+- [ ] Run `mvn release:prepare` - you will be prompted for the release - typically take the defaults
+- [ ] Run `mvn release:perform`
+- [ ] Release artifacts to Maven Central
+- [ ] Create a Git release including release notes
+- [ ] Zip up the files from the Maven archive and add them to the release
diff --git a/pom.xml b/pom.xml
index 8486d83..c7fd35f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,9 @@
Stores SPDX documents in Microsoft Excel formats. Supports both XLS and XLSX file types.
https://github.com/spdx/spdx-java-spreadsheet-store
- https:
+ scm:git:ssh://git@github.com:spdx/spdx-java-spreadsheet-store
+ scm:git:git@github.com:spdx/spdx-java-spreadsheet-store
+ master
Github
@@ -67,9 +69,23 @@
- gpg-signing
+ release
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 3.2.1
+
+
+ attach-sources
+ verify
+
+ jar-no-fork
+
+
+
+
org.apache.maven.plugins
maven-gpg-plugin
@@ -88,6 +104,28 @@
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ 2.9
+
+ true
+
+ ${env.JAVA_HOME}/bin/javadoc
+ -Xdoclint:none
+
+
+
+ attach-javadocs
+
+ ${javadoc.opts}
+
+
+ jar
+
+
+
+
@@ -102,7 +140,7 @@
org.spdx
java-spdx-library
- 1.1.6
+ 1.1.10
org.apache.poi
@@ -137,6 +175,16 @@
+
+ org.apache.maven.plugins
+ maven-release-plugin
+ 3.0.1
+
+ v@{project.version}
+ release
+ deploy
+
+
org.owasp
dependency-check-maven
@@ -145,7 +193,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.6.1
+ 3.11.0
1.8
@@ -155,46 +203,10 @@
true
-
- org.apache.maven.plugins
- maven-javadoc-plugin
- 2.9
-
- true
-
- ${env.JAVA_HOME}/bin/javadoc
- -Xdoclint:none
-
-
-
- attach-javadocs
-
- ${javadoc.opts}
-
-
- jar
-
-
-
-
-
- org.apache.maven.plugins
- maven-source-plugin
- 3.2.1
-
-
- attach-sources
- verify
-
- jar-no-fork
-
-
-
-
org.spdx
spdx-maven-plugin
- 0.5.5
+ 0.7.1
build-spdx
@@ -205,15 +217,13 @@
- http://spdx.org/documents/java-spdx-spreadsheet-store-{$version}
-
- Copyright (c) 2020 Source Auditor Inc.
-
- Gary O'Neall
-
- Apache-2.0
- Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
+ Copyright (c) 2020 Source Auditor Inc.
+
+ Gary O'Neall
+
+ Apache-2.0
+ Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at