I learned that the maven build mechanism sometimes can build things not in target, that get deployed in your .m2 when "installing" or deploying. So we have to check both destinations to see that things are being generated properly.
The approach so far involves "fixing" the checksum-signing plugin (see https://github.com/nicoulaj/checksum-maven-plugin/issues/63 for details) and using it in 2 ways. way 1: with the goal "artifacts". Surprisingly, this fails to find (for the uima-wide pom project) the main artifact that is, the pom. So to get that to have the sha512 checksum we use way 2: with the goal "files", specifying the artifact in the target, but This needs a help to copy the pom.xml from the top level in the project, to the target as "${project.build.finalName}.pom" (no trailing "xml") (at least for the uima-wide pom build). Other fixes: disabled the ant-based gpg and sha512 sigs, in favor of using the gpg-plugin and the checksum signing plugin. This didn't quite work, because the artifacts produced by the source-assembly, for some reason (unknown - to be investigated) are not being "attached". Fixed this by adding a step to attach the source release .zip (and if present the source-release.jar - produced for java projects). This may require waiting for the checksum-maven-plugin, and I still want to investigate why the source-release isn't being attached. -Marshall
