It was quite a long time ago when I wrote the last blog post. Sometimes it just takes time till inspiration finds you… but do not rush forward!
Last year I promised: I will report about growing tomatoes and I keep my word.
Motivation
You have built something niche and you want to give back something to the community, right? Even if the idea (and the implementation) is revolutionary it will not be used by anyone if it is not accessible somehow. To be concrete: if we talk about a jar then this artifact must be available in the Maven Central Repository – or at least in a public repository somewhere. Since Maven Central Repository is the default repo the best is to have our world savior there.
I went through some tutorials but some of them were outdated while others worked only on Linux/Mac. Since I am more a Windows guy I had to walk sometimes in the dark. I do not say that it was difficult but this is something that no one does too frequently thus in a few years when I buy my next notebook I will just scratch my head: what have I done to make it work?
Prerequisites
I assume you have a basic understanding of
- Windows
- Git
- Java
- Maven
Steps
- Create your account on Github
- Upload your Maven project and take java-offline-geoip as an example
- Study the pom.xml, the important sections are
-
<version>${semver}</version> -
<distributionManagement> <snapshotRepository> <id>ossrh</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>ossrh</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> </repository> </distributionManagement> -
<scm> <url>https://github.com/tornaia/java-offline-geoip</url> <connection>scm:git:https://github.com/tornaia/java-offline-geoip.git</connection> <developerConnection>scm:git:git@github.com:tornaia/java-offline-geoip.git</developerConnection> </scm> -
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>${maven-source-plugin.version}</version> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin> -
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>${maven-javadoc-plugin.version}</version> <configuration> <additionalOptions> <additionalOption>-html5</additionalOption> </additionalOptions> </configuration> <executions> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin> -
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>${maven-gpg-plugin.version}</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> -
<plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>${nexus-staging-maven-plugin.version}</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://oss.sonatype.org</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin> -
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-scm-plugin</artifactId> <version>${maven-scm-plugin.version}</version> <configuration> <tag>${project.artifactId}-${project.version}</tag> </configuration> </plugin>
-
- Create a Sonatype account
- Open ticket to create your new project and take mine as an example
- Install GnuPG
- Create a new key pair with Kleopatra: add your name and email too
- Remember for your passphrase
- Make a backup of your key pair
- Generate a revocation certificate – later you need to edit it manually to avoid accidental use
- Keep these files in a very safe place
- Export your certificate to an OpenPGP Keyserver
- Configure Kleopatra by right clicking on its system tray icon
- Set OpenPGP Keyserver to hkp://pool.sks-keys under Directory Services
- Apply
- Open Kleopatra by a single click on the system tray icon
- Publish it by right clicking on the certificate and selecting Publish on server…
- Create/Edit ~/.m2/settings.xml
-
<settings> <servers> <server> <id>ossrh</id> <username>YOUR_SONARTYPE_ACCOUNT_NAME</username> <password>YOUR_SONARTYPE_ACCOUNT_PASSWORD</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg</gpg.executable> </properties> </profile> </profiles> </settings>
-
- Deploy your artifact:
mvn clean deploy scm:tag -Dsemver=0.0.1- It will ask for your certificate’s passphrase
- After you promoted your first release you need to add a comment to your “new project” ticket then central sync will be activated
- After you successfully release, your component will be published to Maven Central Repository, typically within 10 minutes, though updates to search.maven.org can take up to two hours
- If the version ends with -SNAPSHOT then it will go to the snapshots repository – but I know you know Maven very well! 😉
Misc
I was able to deploy snapshots but somehow I had no rights to deploy releases and encountered the following error:
you have no permissions to stage against profile with ID "62d9bff4b07028"? Get to Nexus admin...
I was not the only one with this so I guess it is a common issue but after opening a Jira ticket it just worked.
András Tornai 