Skip to content

Instantly share code, notes, and snippets.

@peterszatmary
Last active May 27, 2020 14:37
Show Gist options
  • Save peterszatmary/45d72993147e83a2c06a687ecf3d253c to your computer and use it in GitHub Desktop.
Save peterszatmary/45d72993147e83a2c06a687ecf3d253c to your computer and use it in GitHub Desktop.
Uploading artifacts to maven repository

Uploading artifacts to maven repository

Steps what i did to release jar file to maven repository.

What to do in few seconds

  • Make Jira Sonatype account
  • Create ticket (after that they create for you config on their side to allow you perform releases) see example
  • Make settings.xml
  • You need to cover 8 basic rules in your pom.xml.
  • Generate and distribute keys
  • Run mvn deploy
  • After passing validations, perform release and wait cca 2 hours.

settings.xml

<settings>
  <servers>
    <server>
      <id>ossrh</id>
      <username>sonatype-jira-username</username>
      <password>sonatype-jira-password</password>
    </server>
  </servers>
</settings>

8 basic rules in your pom.xml

  • See comments in code.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    
    <!-- 1. basic informations -->
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.demo</groupId>
    <artifactId>demo</artifactId>
    <version>2.3.0</version>
    <name>Demo</name>
    <url>https://github.com/demo/demo</url>
    <description>Java jar dependency for developing.</description>

    <!-- 2. scm information -->
    <scm>
        <connection>scm:git:git://github.com/neo-project/demo.git</connection>
        <developerConnection>scm:git:ssh://github.com/demo/demo.git</developerConnection>
        <url>https://github.com/demo/demo/tree/master</url>
    </scm>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <java.version>1.8</java.version>
        <maven.compiler.plugin.version>3.8.0</maven.compiler.plugin.version>
        <maven.javadoc.plugin.version>3.0.1</maven.javadoc.plugin.version>
        <maven.source.plugin.version>3.0.1</maven.source.plugin.version>
        <maven.gpg.plugin.version>1.6</maven.gpg.plugin.version>
        <key.id>8ED566FF</key.id>
    </properties>

    <!-- 3. licence information -->
    <licenses>
        <license>
            <name>MIT License</name>
            <url>https://github.com/neo-project/neo-devpack-java/blob/master/LICENSE</url>
            <distribution>may be downloaded from the Maven repository</distribution>
        </license>
    </licenses>

    <!-- 4. developers information -->
    <developers>
        <developer>
            <name>Peter Szatmary</name>
            <email>peter.szatmary@gmail.com</email>
            <organization>Peter Szatmary</organization>
            <organizationUrl>https://github.com/peterszatmary</organizationUrl>
        </developer>
    </developers>

    <build>
        <sourceDirectory>src</sourceDirectory>
        <plugins>
        
            <!-- 5. sign all files with generated keys -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-gpg-plugin</artifactId>
                <version>${maven.gpg.plugin.version}</version>
                <executions>
                    <execution>
                        <id>sign-artifacts</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                        <configuration>
                            <keyname>${key.id}</keyname>
                            <passphraseServerId>${key.id}</passphraseServerId>
                        </configuration>
                    </execution>
                </executions>
            </plugin>

            <!-- 6. attach source codes -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-source-plugin</artifactId>
                <version>${maven.source.plugin.version}</version>
                <executions>
                    <execution>
                        <id>attach-sources</id>
                        <goals>
                            <goal>jar-no-fork</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            
            <!-- 7. attach javadoc -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
                <version>${maven.javadoc.plugin.version}</version>
                <executions>
                    <execution>
                        <id>attach-javadocs</id>
                        <goals>
                            <goal>jar</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>${maven.compiler.plugin.version}</version>
                <configuration>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                    <encoding>${project.build.sourceEncoding}</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>

    <!-- 8. repository for uploading -->
    <distributionManagement>
        <snapshotRepository>
            <id>ossrh</id>
            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
        </snapshotRepository>
        <repository>
            <id>ossrh</id>
            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
        </repository>
    </distributionManagement>
</project>

Generate and distribute keys

  • generate keys with gpg --generate-key and follow instructions.
  • checking the keys gpg --list-keys
  • oficial link , oficial video
  • gpg cli doesnt worked for me.
  • also GPG Keychain doesnt worked
  • I decided to upload my public key manualy to http://pool.sks-keyservers.net:11371 (See Submit a key section)
  • show public key with gpg --armor --export <email-address> > mykeys.asc

Run mvn deploy

  • if your pom is valid you will see it after mvn deploy
  • After deploying artifact with mvn deploy you should see in stagingRepositories your project.
  • Close button (validation will start automaticaly)
  • if yo usee errors just use Drop button and make new mvn deploy

After succesful validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment