Skip to content

Instantly share code, notes, and snippets.

@deroneriksson

deroneriksson/Apache Committer Notes.md

Last active July 18, 2018 01:45
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save deroneriksson/c3c83f1569bc8a7961247e1e34de28c2 to your computer and use it in GitHub Desktop.
Save deroneriksson/c3c83f1569bc8a7961247e1e34de28c2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Apache Committer Notes.md

Apache Committer Notes

Deploying to Apache Snapshot Repository

To deploy project artifacts to the Apache Snapshot Repository takes a little set-up. Here are the steps that I followed.

Maven Password Encryption

Follow the instructions here: https://maven.apache.org/guides/mini/guide-encryption.html

Create an encrypted master password

mvn --encrypt-master-password

This will generate an encrypted password. Create a settings-security.xml file at ~/.m2/settings-security.xml if it doesn't exist. Add the encrypted master password to this file.

<settingsSecurity>
  <master>{ENCRYPTED_PASSWORD_GOES_HERE}</master>
</settingsSecurity>

Create an encrypted version of your Apache password

mvn --encrypt-password

Add a server entry to your ~/.m2/settings.xml file (create this file if it doesn't already exist). This server entry will have the Apache Snapshot ID, your Apache ID, and your encrypted password.

<settings>
  <servers>
    <server>
      <id>apache.snapshots.https</id>
      <username>YOUR_APACHE_ID</username>
      <password>{ENCRYPTED_PASSWORD_GOES_HERE}</password>
    </server>
  </servers>
</settings>

Install and Configure GPG

On macOS, I downloaded GPG from https://gpgtools.org/. The release I used was https://releases.gpgtools.org/GPG_Suite-2016.08_v2.dmg. I next installed GPG.

Next I generated a public/private key pair. I used my name and my Apache email.

gpg --gen-key

Your public and private keys can be verified using:

gpg --list-keys
gpg --list-secret-keys

Deploy Artifacts to Apache Snapshot Repository using Maven

In the pom.xml file, the maven-gpg-plugin's sign goal is bound to the verify stage of the Maven lifecycle. Therefore, you can check that signing works by installing the snapshot to your local maven repo.

mvn clean install -DskipTests -Pdistribution

If this succeeds, we can deploy our artifacts to the Apache Snapshot Repository using the following:

mvn clean deploy -DskipTests -Pdistribution

NOTE: Since the artifacts will be deployed publicly, you should ensure that the project is completely clean. The deploy command should not be run on a copy of the project that you develop on. It should be a completely clean project used only for building and deploying.

Therefore, I created a directory such as:

mkdir ~/clean-systemml

In that directory, I cloned a copy of the project.

git clone https://github.com/apache/systemml.git

I then performed the maven install and deploy commands within ~/clean-systemml/systemml.

Sample Snapshot Repository URL: https://repository.apache.org/content/repositories/snapshots/org/apache/systemml/systemml/

For more information: http://www.apache.org/dev/publishing-maven-artifacts.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment