fix: we need to publish all three modules#382
Conversation
📝 WalkthroughWalkthroughThe root ChangesMaven Publishing Plugin Centralization and Module Renaming
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request centralizes the configuration of several Maven plugins (maven-source-plugin, dokka-maven-plugin, and checksum-maven-plugin) into the parent pom.xml under plugin management, simplifying the child POMs. It also renames the module sdk-fips-bouncycastle to sdk-fips-bc and adds sdk-pqc-bc to the release profile. One issue was identified where the tag in sdk-fips-bc/pom.xml still references the old artifact name and should be updated for consistency.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
X-Test Failure Report |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pom.xml`:
- Line 351: The module rename from sdk-fips-bouncycastle to sdk-fips-bc in the
reactor modules is incomplete. Update all downstream dependency references in
cmdline/pom.xml that still use the artifact ID
io.opentdf.platform:sdk-fips-bouncycastle to reference the renamed artifact ID
sdk-fips-bc instead, ensuring consistent naming across all pom.xml files and
preventing dependency resolution failures.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 79f41870-4fd7-40e0-bfdf-be96494ce0f4
📒 Files selected for processing (7)
pom.xmlsdk-fips-bc/pom.xmlsdk-fips-bc/src/main/java/io/opentdf/platform/sdk/fips/bouncycastle/BouncyCastleFipsHkdfProvider.javasdk-fips-bc/src/main/resources/META-INF/services/io.opentdf.platform.sdk.HkdfProvidersdk-fips-bc/src/test/java/io/opentdf/platform/sdk/fips/bouncycastle/BouncyCastleFipsHkdfProviderTest.javasdk-pqc-bc/pom.xmlsdk/pom.xml
💤 Files with no reviewable changes (1)
- sdk/pom.xml
X-Test Failure Report |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pom.xml`:
- Around line 372-377: The fips profile in the pom.xml file is configured with
activeByDefault set to true, which conflicts with its documented intent to be
opt-in. Remove the activeByDefault element (currently set to true at line 376)
from the fips profile activation block to allow users to selectively enable FIPS
behavior only when explicitly requested, rather than having it activate
unconditionally by default.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 64bd2d34-0825-46a1-8656-da3e58bb0668
📒 Files selected for processing (9)
.github/workflows/checks.yamlcmdline/pom.xmlpom.xmlsdk-fips-bc/pom.xmlsdk/pom.xmlsdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.javasdk/src/main/java/io/opentdf/platform/sdk/HkdfProvider.javasdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.javasdk/src/test/java/io/opentdf/platform/sdk/FipsProviderVerificationTest.java
✅ Files skipped from review due to trivial changes (4)
- sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java
- sdk/src/main/java/io/opentdf/platform/sdk/HkdfProvider.java
- sdk/src/test/java/io/opentdf/platform/sdk/FipsProviderVerificationTest.java
- sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java
🚧 Files skipped from review as they are similar to previous changes (1)
- sdk-fips-bc/pom.xml
| <profile> | ||
| <!-- only include the FIPS implementations of things if using the FIPS profile --> | ||
| <id>fips</id> | ||
| <activation> | ||
| <activeByDefault>true</activeByDefault> | ||
| </activation> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
python - <<'PY'
import xml.etree.ElementTree as ET
ns = {"m": "http://maven.apache.org/POM/4.0.0"}
root = ET.parse("pom.xml").getroot()
print("activeByDefault profiles in pom.xml:")
for profile in root.findall("./m:profiles/m:profile", ns):
pid = profile.findtext("m:id", default="", namespaces=ns)
abd = profile.findtext("m:activation/m:activeByDefault", default="false", namespaces=ns).strip().lower() == "true"
if abd:
modules = [m.text for m in profile.findall("./m:modules/m:module", ns)]
print(f"- {pid}: {modules}")
PYRepository: opentdf/java-sdk
Length of output: 284
fips profile is configured as default-active, which conflicts with opt-in intent.
The profile at lines 373–377 is documented as "only include the FIPS implementations of things if using the FIPS profile," but activeByDefault>true</activeByDefault> (line 376) makes it active unconditionally. Combined with develop and non-fips also being default-active, this prevents users from selecting FIPS behavior independently—all three profiles activate automatically, breaking selective opt-in control.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pom.xml` around lines 372 - 377, The fips profile in the pom.xml file is
configured with activeByDefault set to true, which conflicts with its documented
intent to be opt-in. Remove the activeByDefault element (currently set to true
at line 376) from the fips profile activation block to allow users to
selectively enable FIPS behavior only when explicitly requested, rather than
having it activate unconditionally by default.
X-Test Failure Report |
|
1 participant
sdk-fips-bcandsdk-pqc-bcsdk-fips-bouncycastletosdk-fips-bc(this should be ok since we haven't succeeded in publishing since this module was created)sdk-pqc-bcjar when using the FIPS profile. the provider modules need only be included/excluded by their consumersSummary by CodeRabbit
Summary by CodeRabbit
New Features
Chores
sdk-fips-bouncycastletosdk-fips-bcacross release and related documentation/messages