Procedure to publish to Maven Central Repository

I have published my library to Maven Central Repository. I used to refer to the official procedure, but I got an error in some places, so I will write the procedure here.

reference

Create a sonatype JIRA account

https://issues.sonatype.org/secure/Signup!default.jspa

Create a new project Register a new issue

https://issues.sonatype.org/secure/CreateIssue.jspa?issuetype=21&pid=10134

If Group Id is its own domain, it seems to authenticate the ownership of the domain. In my case, I put in com.github.pandafw and it was approved immediately.

Install GNU PG

To publish jar files etc. to Maven Central, you need gpg sign, so install GNU PG.

https://www.gnupg.org/download/ Since it is a Windows PC, https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.12_20181214.exe I have installed.

C:\Develop\Tools\gnupg\bin>gpg --version
gpg (GnuPG) 2.2.12
libgcrypt 1.8.4
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/Ryoma/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Create Key on GPU PG

C:\Develop\Tools\gnupg\bin>gpg --full-gen-key
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Ryoma Kimura
Email address: [email protected]
Comment:
You selected this USER-ID:
    "Ryoma Kimura <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: C:/Users/Ryoma/AppData/Roaming/gnupg/trustdb.gpg: trustdb created
gpg: key 27835B3BD2A2061F marked as ultimately trusted
gpg: directory 'C:/Users/Ryoma/AppData/Roaming/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as 'C:/Users/Ryoma/AppData/Roaming/gnupg/openpgp-revocs.d\5694AA563793429557F1727835B3BD2A223A.rev'
public and secret key created and signed.
pub   rsa2048 2019-02-11 [SC]
      5694AA563793429557F1727835B3BD2A223A
uid                      Ryoma Kimura <[email protected]>
sub   rsa2048 2019-02-11 [E]

Enter the passphrase. image.png

Publish Key on GPU PG

C:\Develop\Tools\gnupg\bin>gpg –-send-keys [KEY_ID]

For [KEY ID], enter 5964AA563793429557F1727835B3BD2A223A generated in the previous step.

Add distributionManagement to pom.xml

<distributionManagement>
	<snapshotRepository>
		<id>ossrh</id>
		<url>https://oss.sonatype.org/content/repositories/snapshots</url>
	</snapshotRepository>
	<repository>
		<id>ossrh</id>
		<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
	</repository>
</distributionManagement>

Add gpg sign and deploy plugin to pom.xml

<!-- sonatype release -->
<plugin>
	<groupId>org.sonatype.plugins</groupId>
	<artifactId>nexus-staging-maven-plugin</artifactId>
	<version>1.6.8</version>
	<extensions>true</extensions>
	<configuration>
		<serverId>ossrh</serverId>
		<nexusUrl>https://oss.sonatype.org/</nexusUrl>
		<autoReleaseAfterClose>true</autoReleaseAfterClose>
	</configuration>
</plugin>

<!-- gpg sign -->
<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-gpg-plugin</artifactId>
	<version>1.6</version>
	<executions>
		<execution>
			<id>sign-artifacts</id>
			<phase>verify</phase>
			<goals>
				<goal>sign</goal>
			</goals>
		</execution>
	</executions>
</plugin>

Add scm information to pom.xml.

<scm>
	<connection>scm:git:https://github.com/pandafw/panda.git</connection>
	<developerConnection>scm:git:https://github.com/pandafw/panda.git</developerConnection>
	<url>https://github.com/pandafw/panda</url>
</scm>

Add javadoc and attach-sources plugin to pom.xml.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-source-plugin</artifactId>
  <version>2.2.1</version>
  <executions>
	<execution>
	  <id>attach-sources</id>
	  <goals>
		<goal>jar-no-fork</goal>
	  </goals>
	</execution>
  </executions>
</plugin>
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-javadoc-plugin</artifactId>
  <version>2.9.1</version>
  <executions>
	<execution>
	  <id>attach-javadocs</id>
	  <goals>
		<goal>jar</goal>
	  </goals>
	</execution>
  </executions>
</plugin>

Add ossrh server information to Maven settings.xml.

The default path for settings.xml is C: \ Users \ Ryoma \ .m2 \ settings.xml

<servers>
	<server>
		<id>ossrh</id>
		<username>your-jira-id</username>
		<password>your-jira-password</password>
	</server>
</servers>

Add gpg passphrase to Maven settings.xml.

<profiles>
	<profile>
		<id>ossrh</id>
		<activation>
			<activeByDefault>true</activeByDefault>
		</activation>
		<properties>
			<gpg.executable>gpg</gpg.executable>
			<gpg.passphrase>[your_gpg_passphrase]</gpg.passphrase>
		</properties>
	</profile>
</profiles>

Release

mvn clean deploy

Log in to ossrh and check the Staging Repositories information.

https://oss.sonatype.org/

image.png

If there are no problems, press the [Close] button to close. Various checks are made in the Close process, so if the check does not pass, an error mark will be added, so you can check the error information on the [Activity] tab. In my case, there was an error that gpg sign was not done or gpg key could not be obtained from the server due to a setting error, so [Drop] the repository with the error, correct the setting, and release it again with mvn clean deploy. To do.

Release at the end.

If you can close the uploaded repository properly, you can release it by clicking the [Release] button. Approximately a few hours later, https://search.maven.org It will be reflected in.

Recommended Posts

Procedure to publish to Maven Central Repository
A new engineer tried to publish his own library to Maven Central Repository
How to create a Maven repository for 2020
Maven repository local cache
Introduce Maven to Tomcat project
Automatically register deliverables in Nexus Repository (Maven Central) serverless (Walter + GitHook)