Udpate releasing information

Author: psx95

RELEASING.md

@@ -2,66 +2,97 @@
 
 ## Prerequisites
 
-### Setup OSSRH and Signing
+### Setup Maven Central Portal Publishing
 
-If you haven't deployed artifacts to Maven Central before, you need to set up
-your OSSRH (OSS Repository Hosting) account and signing keys.
+> [!IMPORTANT]
+> The OSSRH service will reach the end-of-life sunset date on June 30th, 2025.
+> After this, it is recommended to only use Sonatype's Central Publisher Portal
+> to publish artifacts to Maven Central. See
+> [the official notice](https://central.sonatype.org/news/20250326_ossrh_sunset/)
+> for more details.
+
+If you do not have a Central Portal account on Sonatype, you need to set up your
+account to publish via the Central Portal.
 
 - Follow the instructions on [this
-  page](http://central.sonatype.org/pages/ossrh-guide.html) to set up an account
-  with OSSRH.
-  - You only need to create the account, not set up a new project
-  - Contact an OpenTelemetry Operations Java maintainer to add your account
-        after you have created it.
-- (For release deployment only) [Install
-    GnuPG](http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg)
-    and [generate your key
-    pair](http://central.sonatype.org/pages/working-with-pgp-signatures.html#generating-a-key-pair).
-    You'll also need to [publish your public
-    key](http://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key)
-    to make it visible to the Sonatype servers. For gpg 2.1 or newer, you also
-    need to [export the
-    keys](https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials)
-    with command `gpg --keyring secring.gpg --export-secret-keys >
-    ~/.gnupg/secring.gpg`.
-- Put your GnuPG key password and OSSRH account information in
-  `<your-home-directory>/.gradle/gradle.properties`:
+  page](https://central.sonatype.org/register/central-portal/) to set up an
+  account with Central Portal.
+    - You only need to create the account, not set up a new project.
+    - Contact an OpenTelemetry Operations Java maintainer to add your account
+      after you have created it.
+
+### Setup artifact signing
+
+The artifacts must be signed before being published for consumption. Follow
+these steps to set up artifact signing:
+ - [Install
+   GnuPG](http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg)
+   and [generate your key
+   pair](http://central.sonatype.org/pages/working-with-pgp-signatures.html#generating-a-key-pair).
+ - You'll also need to [publish your public
+   key](http://central.sonatype.org/pages/working-with-pgp-signatures.html#distributing-your-public-key)
+   to make it visible to the Sonatype servers. For gpg 2.1 or newer, you also
+   need to [export the
+   keys](https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials)
+   with command
+     `gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg`.
+ -  Put your GnuPG key password and Central Portal account information in
+   `<your-home-directory>/.gradle/gradle.properties`:
 
     ```text
     # You need the signing properties only if you are making release deployment
     signing.keyId=<8-character-public-key-id>
     signing.password=<key-password>
     signing.secretKeyRingFile=<your-home-directory>/.gnupg/secring.gpg
 
-    ossrhUsername=<ossrh-username>
-    ossrhPassword=<ossrh-password>
+    centralPortalUsername=<ossrh-username>
+    centralPortalPassword=<ossrh-password>
     checkstyle.ignoreFailures=false
     ```
 
 > [!TIP]
-> If your key-generation is failing, checkout the [help section](#help-timeout-during-key-generation-process) at the bottom of this document.
+> If your key-generation is failing, checkout the
+> [help section](#help-timeout-during-key-generation-process) at the bottom of
+> this document.
 
 ### Using GPG-Agent for artifact signing
 
 > [!NOTE]
 > These instructions are for modern linux where `gpg` refers to the 2.0 version.
 
-If you're running in linux and would like to use the GPG agent to remember your PGP key passwords instead of keeping them in a plain-text file on your home directory,
-you can configure the following in `<your-home-directory>/.gradle/gradle.properties`:
+If you're running in linux and would like to use the GPG agent to remember your
+PGP key passwords instead of keeping them in a plain-text file on your home
+directory, you can configure the following in
+`<your-home-directory>/.gradle/gradle.properties`:
 
     ```text
-    ossrhUsername=<generated-token-user>
-    ossrhPassword=<generated-token-key>
+    centralPortalUsername=<generated-token-user>
+    centralPortalPassword=<generated-token-key>
 
     signingUseGpgCmd=true
     signing.gnupg.executable=gpg
     signing.gnupg.keyName=<secret key id (large hash)>
     ```
-Note: You can retrieve the list of previously created GPG keys on your machine by using `gpg --list-secret-keys`.
+
+Note: You can retrieve the list of previously created GPG keys on your machine
+by using `gpg --list-secret-keys`. Additionally, you might still be asked for
+the GPG key's passphrase while signing the artifact, you can store the key in a
+password manager (or in the built-in Keyring) to avoid entering the password
+manually.\
+For more details, checkout the
+[help section](#help-timeout-while-singing-during-release-process) on the bottom
+of this guide.
 
 > [!IMPORTANT]
-> Starting June 2024, due to a change to the OSSRH authentication backend, the maven publish plugin now requires [a user token](https://central.sonatype.org/publish/generate-token/) instead of a typical username and password used in the Nexus UI.
-> Follow the steps in the [link](https://central.sonatype.org/publish/generate-token/) to generate a user token, if not done already - this will provide you with a `tokenuser` and `tokenkey`. Replace `<generated-token-user>` and `<generated-token-key>` with the generated `tokenuser` and `tokenkey` in your `gradle.properties` file to successfully publish artifacts.
+> The user tokens for publishing to the Central Portal are different from those
+> used for OSSRH. If you haven't already, you must  generate a new Portal Token 
+> to publish to the Central Portal.
+> Follow the steps in this
+> [link](https://central.sonatype.org/publish/generate-portal-token/) to
+> generate a user token - this will provide you with a Portal token containing a
+> `username` and `password`. Replace `<generated-token-user>` and
+> `<generated-token-key>` with the generated `username` and `password` in your
+> `gradle.properties` file to successfully publish artifacts.
 
 ### Ensuring you can push tags to GitHub upstream
 
@@ -71,12 +102,23 @@ token](https://help.github.com/articles/creating-a-personal-access-token-for-the
 
 ## Release a Snapshot
 
-If you've followed the above steps, you can release snapshots for consumption using the following:
+If you've followed the above steps, you can release snapshots for consumption
+using the following:
 
 ```bash
 $ ./gradlew snapshot
 ```
 
+SNAPSHOT releases are intended for developers to make pre-release versions of
+their projects available for testing. Published snapshots should be visible
+using the
+[directory listing for com.google.cloud.opentelemetry](https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/com/google/cloud/opentelemetry/)
+namespace.
+
+See
+[Publishing Snapshot Releases](https://central.sonatype.org/publish/publish-portal-snapshots/#publishing-snapshot-releases)
+for more details.
+
 ## Releasing a Candidate (Optional)
 
 After following the above steps, you can release candidates from `main` or `v<major>.<minor>.x` branches.
@@ -93,7 +135,6 @@ $ git push origin v0.14.0-RC1
 Next follow [Releasing on Maven Central](#releasing-on-maven-central) to close + publish the
 [repository on OSSRH](https://oss.sonatype.org/#stagingRepositories).
 
-
 Note:  In the future, the `-Prelease.version` flag should not be required.
 
 ## Release a final verison
@@ -183,3 +224,6 @@ A common example is - running this command on a remote machine over ssh.
 The issue here is that this command opens up a UI dialog asking for you to set a passphrase, waiting for input for a fixed time.
 
 The easiest way to fix this is to run it on a machine for which you have UI access.
+
+### Help: Timeout while singing during release process
+TODO: Add details