feat(ci): configure maven publish job

[DeviaVir]

No description provided.

[Copilot]

Pull request overview

This PR configures Maven publishing jobs for the GitLab CI pipeline to enable publishing the Android SDK library to Maven Central. The configuration includes support for both tagged releases (manual) and automated snapshot publishing from the main branch.

Changes:

• Added a new deploy stage to the GitLab CI pipeline
• Created CI jobs for publishing tagged releases and snapshot versions to Maven Central
• Enabled Maven Central publishing and artifact signing in the Gradle build configuration

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
.gitlab-ci.yml	Added deploy stage to support Maven publishing jobs
gitlab/deploy-maven.yaml	Defined two new CI jobs: manual publish for tagged releases and automatic snapshot publish for main branch commits
libs/gl-sdk-android/lib/build.gradle.kts	Enabled publishToMavenCentral() and signAllPublications() to activate Maven Central publishing with GPG signing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The artifacts section captures build outputs including build/publications. These artifacts may contain signed artifacts or sensitive metadata. Consider whether these artifacts should be available for download or if they should be restricted, especially since this is a publishing job where the primary goal is to push artifacts to Maven Central, not to store them as CI artifacts.

[Copilot]

The publish_to_maven job has allow_failure: true, which means a failed Maven publish will not fail the pipeline. For a tagged release that is manually triggered, a publishing failure should likely cause the pipeline to fail so that the issue is clearly visible and addressed. Consider setting allow_failure: false for release publishes.

Suggested change

	allow_failure: true
	allow_failure: false

[Copilot]

The version parsing logic doesn't validate that the version format is valid before processing. If VERSION_CORE is empty or malformed, the script will continue with default values (0.0.0), potentially publishing an incorrect snapshot version. Consider adding validation to ensure the version from gradle.properties is in the expected format before proceeding.

Suggested change

	- BASE_VERSION=${RAW_VERSION%-SNAPSHOT}
	- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
	- IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_CORE"
	- MAJOR=${MAJOR:-0}
	- MINOR=${MINOR:-0}
	- PATCH=${PATCH:-0}
	- if [ -z "$RAW_VERSION" ]; then echo "Error: libraryVersion not found in gradle.properties"; exit 1; fi
	- BASE_VERSION=${RAW_VERSION%-SNAPSHOT}
	- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
	- if ! echo "$VERSION_CORE" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$'; then echo "Error: Invalid version format '$RAW_VERSION' (expected MAJOR.MINOR.PATCH[-suffix])"; exit 1; fi
	- IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_CORE"

[Copilot]

The version extraction logic assumes the version follows a semantic versioning pattern. The sed command on line 35 will strip any suffix after the numeric version (e.g., -alpha, -beta), which may not be the intended behavior if the project uses such suffixes. Consider validating that the version format matches expectations or documenting this assumption.

Suggested change

	- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
	- if ! echo "$BASE_VERSION" | grep -Eq '^[0-9]+(\.[0-9]+){0,2}$'; then echo "Unsupported libraryVersion format: $BASE_VERSION" >&2; exit 1; fi
	- VERSION_CORE="$BASE_VERSION"

[Copilot]

The artifacts section captures build outputs including build/publications. These artifacts may contain signed artifacts or sensitive metadata. Consider whether these artifacts should be available for download or if they should be restricted, especially since this is a publishing job where the primary goal is to push artifacts to Maven Central, not to store them as CI artifacts.