| name | release-dependency-guard |
| description | Use when preparing or reviewing a SHAFT release, dependency updates, static versions, or Maven Central safeguards. |
Release And Dependency Guard
Use only for release preparation, release review, or dependency-currency work.
Never run deployment or publication commands locally.
Workflow
-
Inspect recent merged release PRs and executable workflows before relying on
prose. Compute versions as {major}.{quarter}.{YYYYMMDD}.
-
Keep the root project version, every reactor child parent, and SHAFT
inter-module dependency aligned. Run:
python3 scripts/ci/validate_reactor_versions.py
-
Update shaft-engine/src/main/java/com/shaft/properties/internal/Internal.java
shaftEngineVersion. Verify allure3Version against the stable npm package
and nodeLtsVersion against the current LTS patch using primary sources.
Verify every other version default in Internal.java against its source
registry when it changes. Keep non-Maven static versions in Internal.java;
move stray version literals there.
-
Update all example and consumer-fixture <shaft.version> values found by:
rg -l "<shaft.version>" -g "pom.xml"
-
Check Maven dependency/plugin/property updates. Accept stable ones after
compatibility review; do not treat alpha, beta, RC,
milestone, or snapshot releases as upgrades.
-
Validate release metadata and publication rules with existing scripts,
including Maven Central POM/JAR/classifier/signature, the IntelliJ IDEA
plugin release candidate, and canonical, combined-module, and
legacy-relocation consumer checks.
-
Run one compile/package pass after metadata is aligned. Do not rerun broad
product tests for metadata-only changes unless source/test behavior changed.
-
Verify the release version is newer than any immutable Maven Central
coordinate it replaces. Merging to main triggers publication; local
deploy, signing, and scm-publish are prohibited.
Output
List blockers first, then version alignment, stable updates considered,
commands and results, source checks for volatile versions, and remaining
publication risk.