Update publishing workflow

[nightscape]

No description provided.

[Copilot]

Pull request overview

This PR consolidates the CI and publishing workflows into a single GitHub Actions workflow file. The previous standalone publish.yml workflow is removed and replaced with a comprehensive ci.yml that includes both build/test and publish jobs.

Changes:

• Removed the standalone publish.yml workflow file
• Added a new comprehensive ci.yml workflow that combines continuous integration and publishing
• Updated the publish job to use crazy-max/ghaction-import-gpg@v6 for GPG key management instead of base64-encoded secrets

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
.github/workflows/publish.yml	Removed the old standalone publishing workflow (26 lines deleted)
.github/workflows/ci.yml	Added new unified CI workflow with build, test, and publish jobs (90 lines added)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The Mill command syntax appears incorrect. The standard way to publish with Mill's SonatypeCentralPublishModule is to use the publishSonatypeCentral task on the module (e.g., ./mill mill-docker.publishSonatypeCentral). The current syntax mill.scalalib.SonatypeCentralPublishModule/ with manual arguments doesn't follow standard Mill conventions and may not work correctly with the module's configuration in build.mill.

Suggested change

	./mill -i mill.scalalib.SonatypeCentralPublishModule/ \
	--username $SONATYPE_USERNAME \
	--password $SONATYPE_PASSWORD \
	--gpgArgs "--passphrase=$PGP_PASSPHRASE,--no-tty,--pinentry-mode,loopback,--batch,--yes,-a,-b" \
	--bundleName com.ofenbeck-mill-docker-$(date +%Y-%m-%d-%H-%M)
	./mill -i mill-docker.publishSonatypeCentral

[Copilot]

The bundle name format appears inconsistent with Maven naming conventions. The current format uses hyphens: com.ofenbeck-mill-docker- but Maven group IDs typically use dots as separators. Based on build.mill where the organization is "com.ofenbeck", this should likely be com.ofenbeck.mill-docker to match standard Maven coordinate patterns.

Suggested change

	--bundleName com.ofenbeck-mill-docker-$(date +%Y-%m-%d-%H-%M)
	--bundleName com.ofenbeck.mill-docker-$(date +%Y-%m-%d-%H-%M)

[Copilot]

The publish job condition checks for 'refs/heads/main' but also publishes on tag pushes. Publishing snapshots on every main branch push and releases on tags is a valid pattern, but consider whether publishing to Sonatype Central on every main branch commit is intended. Typically, only tagged releases are published to Maven Central, with snapshots going to a separate snapshot repository. If this is intentional, consider adding a comment to clarify the publishing strategy.

Suggested change

	if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
	if: github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/v')

[Copilot]

The PUBLISHING.md documentation references the old secret name PGP_SECRET_BASE64 and the old environment variable format (MILL_PGP_SECRET_BASE64), but the new workflow uses PGP_SECRET. While the new approach using crazy-max/ghaction-import-gpg@v6 is valid and expects a non-base64-encoded key, the documentation should be updated to reflect this change to avoid confusion for users following the manual publishing instructions or setting up secrets.

[Copilot]

The GPG TTY export on line 85 sets GPG_TTY=$(tty) which may fail in GitHub Actions as it's a non-interactive environment. While the subsequent gpgArgs include --no-tty and --batch flags which should handle this, the export command itself could fail silently. Consider wrapping this in a conditional or using 'export GPG_TTY=/dev/null' for GitHub Actions environments.

Suggested change

	export GPG_TTY=$(tty)
	if tty >/dev/null 2>&1; then
	export GPG_TTY="$(tty)"
	else
	export GPG_TTY=/dev/null
	fi