This article teaches you to publish your personal development jar package to maven central repository

Keywords: Java Maven github nexus

Author: little brother Fu
Blog: https://bugstack.cn -Original series special cases

Precipitation, sharing, growth, so that they and others can have a harvest! 😄

Introduction to foreword

(December, 19) recently, I want to make an open source sharing project based on Spring Boot, and develop a distributed task DcsSchedule middleware to enhance Schedule. If you encounter a problem, you want to contract Jar package to Maven central warehouse, so that users who need to use it can directly import it.

Release preparation

content remarks
1 To apply for a Github account: https://github.com For uploading open source code: https://github.com/fuzhengwei...
2 GPG key generation tool: https://gpg4win.org/download.... In the subsequent process, download, install and generate the key and upload it to the server. The server used in this paper is: hkp://keyserver.ubuntu.com 80
3 Work order system: https://issues.sonatype.org Responsible for applying for upload qualification and completing the first upload, subsequent updates do not need to be used, equivalent to a startup device
4 Component warehouse: https://oss.sonatype.org The uploaded jar package will be stored here first. After Release, it can be released to maven central warehouse or set to be released automatically locally
5 Image warehouse: http://search.maven.org The final successful jar can be found here
6 Maven warehouse: https://mvnrepository.com After a few hours of patient waiting, we'll find it in Maven's warehouse
7 Alibaba cloud warehouse: https://maven.aliyun.com Alicloud's warehouses will be synchronized faster
8 Personal domain name: https://bugstack.cn This is mainly used for work order qualification verification (Add a TXT record to your DNS referencing this JIRA ticket: OSSRH-53637 (Fastest))

Follow the rhythm

1. Download and install the Gpg generation key

We need a GPG environment to encrypt and sign the uploaded files to ensure that your jar package is not tampered with

In 1991, Phil Zimmermann, a programmer, developed the encryption software PGP to avoid government surveillance. This software is very easy to use, spread quickly, and become a necessary tool for many programmers. However, it is commercial software and cannot be used freely. So the free software foundation decided to develop an alternative to PGP called GnuPG. This is the origin of GPG.

  1. Download address: https://gpg4win.org/download.html
  2. After downloading, you can install it directly. It's easy to install it in a fool's way. Remember to choose Chinese (or not if you are hard in English)
  3. Generate key (can be generated using command line or directly in operation interface)

    1. File > new key pair (Ctrl+N) -- create a personal OpenPGP key pair

  1. Fill in personal information name and email and click New

  1. Fill in the key password

  1. Upload the public key to the directory service {if the upload fails, change the OpenPGP key server to: hkp://keyserver.ubuntu.com:80}

2. Work order system account registration issues.sonatype

1. Registered address: https://issues.sonatype.org/s...

2. Create work order

  • Project: community support - open source project repository housing
  • Summary: name of the publishing Jar
  • Description: not required, it is better to describe clearly
  • Group Id: org.itatack.middleware &It is related to your domain name, because it needs to be verified later
  • Project URL: Github project site( https://github.com/fuzhengwei...
  • SCM url: source repository( https://github.com/fuzhengwei...

3. Cooperate with manual audit

  1. When the completion order is created, information feedback will be received (there is a time difference between foreign countries and us, and they review it faster in the middle of the night);

    
    ```java
    Do you own the domain itstack.org? If so, please verify ownership via one of the following methods:
    
    Add a TXT record to your DNS referencing this JIRA ticket: OSSRH-53637 (Fastest)
    Setup a redirect to your Github page (if it does not already exist)
    If you do not own this domain, please read:
    http://central.sonatype.org/pages/choosing-your-coordinates.html
    You may also choose a groupId that reflects your project hosting, in this case, something like io.github.fuzhengwei or com.github.fuzhengwei
    
    Would you like to use a free managed security reporting service (recommended)?
    Put https://hackerone.com/central-security-project/reports/new as your project's security issue reporting URL. We'll take care of the rest.
    For more details on the Central Security Project, visit https://www.sonatype.com/central-security-project
    ```
    ![](https://imgconvert.csdnimg.cn/aHR0cHM6Ly91c2VyLWdvbGQtY2RuLnhpdHUuaW8vMjAxOS8xMi83LzE2ZWRmMGI3ZmZjYTAzZWM?x-oss-process=image/format,png)
  2. Configure domain name verification signature; TXT points to problem domain: https://issues.sonatype.org/b...

    ![](https://imgconvert.csdnimg.cn/aHR0cHM6Ly91c2VyLWdvbGQtY2RuLnhpdHUuaW8vMjAxOS8xMi83LzE2ZWRmMGI3ODc5YjIzNGQ?x-oss-process=image/format,png)
  3. In the screenshot of domain name verification, if the problem is answered, the manual verification will be carried out

    ![](https://imgconvert.csdnimg.cn/aHR0cHM6Ly91c2VyLWdvbGQtY2RuLnhpdHUuaW8vMjAxOS8xMi83LzE2ZWRmMGI4MGI0NTFjOWU?x-oss-process=image/format,png)
  4. After the verification is successful, you will receive an email reply. You can also see it in the issues

     org.itstack.middleware has been prepared, now user(s) fuzhengwei can:
     * Deploy snapshot artifacts into repository https://oss.sonatype.org/content/repositories/snapshots
     * Deploy release artifacts into the staging repository https://oss.sonatype.org/service/local/staging/deploy/maven2
     * Release staged artifacts into repository 'Releases'
    please comment on this ticket when you promoted your first release, thanks
   ```
  1. Next, wait for the success of Jar package release, reply here and receive feedback, as follows (prove your success! );

    Central sync is activated for org.itstack.middleware. After you successfully release, your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.

3. Configure Maven Settings.xml

1. Maven Settings.xml Configuration, add in servers;

<server>
    <id>sonatype-nexus-snapshots</id>
    <username>https://issues.sonatype.org Account of < / username >
    <password>https://issues.sonatype.org Password < / password >
</server>
<server>
    <id>sonatype-nexus-staging</id>
    <username>https://issues.sonatype.org Account of < / username >
    <password>https://issues.sonatype.org Password < / password >
</server>
<server>
    <id>ossrh</id>
    <username>https://issues.sonatype.org Account of < / username >
    <password>https://issues.sonatype.org Password < / password >
</server>

2. In order to load Jar faster, Alibaba cloud warehouse is configured in mirrors;

<mirror>
  <id>alimavenrepository</id>
  <name>aliyun maven repository</name>
  <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
  <mirrorOf>central</mirrorOf>        
</mirror>

3. Key configuration, add ossrh to profile

<profile>
    <id>ossrh</id>
    <activation>
        <activeByDefault>true</activeByDefault>
    </activation>
    <properties>
        <gpg.executable>D:/Program Files (x86)/GnuPG/bin/gpg.exe</gpg.executable>
        <gpg.passphrase>Key password generated above: bugstack.cn</gpg.passphrase>
        <gpg.homedir>{find dir: cmd->gpg --list-key}C:/Users/fuzhengwei/AppData/Roaming/gnupg</gpg.homedir>
    </properties>
</profile>

4. Configure POM file

1. Add scm, licenses, developers, and distribution management to the pom file

 <licenses>
    <license>
        <name>The Apache Software License, Version 2.0</name>
        <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
        <distribution>repo</distribution>
    </license>
</licenses>

<scm>
    <url>https://github.com/fuzhengwei/schedule-spring-boot-starter</url>
    <connection>https://github.com/fuzhengwei/schedule-spring-boot-starter.git</connection>
    <developerConnection>https://github.com/fuzhengwei/schedule-spring-boot-starter</developerConnection>
</scm>

<developers>
    <developer>
        <name>fuzhengwei</name>
        <email>184172133@qq.com</email>
        <url>https://github.com/fuzhengwei/schedule-spring-boot-starter</url>
    </developer>
</developers>

<distributionManagement>
    <snapshotRepository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/content/repositories/snapshots</url>
    </snapshotRepository>
</distributionManagement>

2. Configure build and gpg related plug-ins

  • Maven source plugin is used to generate Source Jar files
  • Maven javadoc plugin is used to generate javadoc documents
  • Maven GPG plugin is used to automatically sign engineering files
  • Nexus staging Maven plugin is used to publish projects to the central warehouse. In addition, when generating javadoc documents, you need to specify to close doclint. Otherwise, it may fail due to the use of irregular javadoc annotations. The complete configuration is as follows
<!-- release Jar reach Maven Warehouse Begin -->
<!--generate Source jar file-->
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-source-plugin</artifactId>
    <version>2.2.1</version>
    <executions>
        <execution>
            <id>attach-sources</id>
            <goals>
                <goal>jar-no-fork</goal>
            </goals>
        </execution>
    </executions>
</plugin>
<!--generate Javadoc,close doclint,Avoid failing the annotation check-->
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-javadoc-plugin</artifactId>
    <version>2.9.1</version>
    <executions>
        <execution>
            <id>attach-javadocs</id>
            <goals>
                <goal>jar</goal>
            </goals>
            <configuration>
                <additionalparam>-Xdoclint:none</additionalparam>
            </configuration>
        </execution>
    </executions>
</plugin>
<!--Maven GPG The plug-in is used to sign components using the following configuration-->
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.5</version>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
</plugin>
<!--Nexus Staging Maven Plug in is to deploy components to OSSRH And publish it to Central Repository Recommended method-->
<plugin>
    <groupId>org.sonatype.plugins</groupId>
    <artifactId>nexus-staging-maven-plugin</artifactId>
    <version>1.6.7</version>
    <extensions>true</extensions>
    <configuration>
        <serverId>ossrh</serverId>
        <nexusUrl>https://oss.sonatype.org/</nexusUrl>
        <autoReleaseAfterClose>true</autoReleaseAfterClose>
    </configuration>
</plugin>
<!-- release plugin,For publishing to release Warehouse deployment plug-in -->
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-release-plugin</artifactId>
    <version>2.4.2</version>
</plugin>
<!-- release Jar reach Maven Warehouse End -->

4. Execute publishing; idea Maven - > lifecycle - > deploy

  1. Next, the Jar package will be developed and released, and you will be prompted to enter the password when the key is generated
  2. https://oss.sonatype.org View publication
  3. Go to "cooperate with manual audit" above, submit and publish the success information according to the instructions, and receive the reply after the verification is successful, as follows:;

    Central sync is activated for org.itstack.middleware. After you successfully release, your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.
  4. https://search.maven.org Search version information
  5. https://maven.aliyun.com Alicloud warehouse is fast in synchronization and can be viewed

To sum up

  • The whole process is still very long. If you try it for the first time, well, you may have a sleepless night
  • You may encounter various abnormal errors in the middle, including key, packaging, publishing, etc. read the details of this article carefully and try many times by yourself, and you will succeed in the end
  • The same RELEASE version can only be uploaded once, otherwise it will fail. Foreigners really reply quickly in the middle of the night, because they happen to be at dawn in the middle of the night

Recommended reading

Posted by AdamSnow on Wed, 17 Jun 2020 20:05:34 -0700