In the Maven project, more than 90% of the jar packages are directly obtained from the open source warehouse through the pom file and the dependent jar package files are then integrated and used in the project.
At this point, if you have an open source project, how do you publish the open source project to the Maven central warehouse so that others can use it conveniently, instead of downloading the jar first and then installing it locally?
This article will lead you to publish your open source project to the Maven Central Repository through a step-by-step operation, https://mvnrepository.com/.
The Maven central warehouse does not support the direct release of jar packages. It is necessary to publish the jar packages to some designated third-party Maven warehouses, and then the warehouse will synchronize the jar packages to the Maven central warehouse. Sonatype is such a role.
The system configuration in this article is as follows: 1. Operating system macOS 10.14.2; 2. JDK1.8.0_192; 3. Maven: 3.5.4.
Ready to work
Register a GitHub account, address: https://github.com. Since it is an open source project, there must be a place for hosting, and GitHub is used here.
Then create the project and upload the corresponding project code.
Many friends already have GitHub accounts and open source projects. This is almost a must-have platform for programmers. If you don't have one, go ahead and open one.
Register a Sonatype account
Sonatype manages the OSSRH warehouse through JIRA. JIRA is a project management service, similar to the domestic Teambition.
Registered address: https://issues.sonatype.org/secure/Signup!default.jspa
Among them, Username is the login name, Password is the login password, they are a set.
[Friendly Tips] Password verification is very demanding, it is best to use a notepad to record memos.
After the registration is completed, the first login will let you choose the language, here I have chosen Chinese.
Project release application
When you log in to Sonatype for the first time, you will directly jump to the creation page. After you log in to create a project application, you need to click "New" in the navigation bar to create and publish a project or issue.
By creating an issue on JIRA to apply for the release of a new jar package, Sonatype staff will review it. Generally, there will be no problem filling in as required.
Fill in the information when asking the Chinese version of the above picture. The project should select the "Community Support" item, and the corresponding question type should be "New Project". According to the above selection, the corresponding GroupId and Project information will be displayed below.
The Project URL is the URL address of the project, which is the browser URL when you access the GitHub project, for example: https://github.com/secbr/fastdfs-client-plus
SCM url is a link to access source code based on Https. We know that there are many ways to obtain the source code of GitHub. You can download the zip package and download it through "Use ssh", "Use Https", etc. The SCM URL here is the url address of Https, such as: https://github. com/secbr/fastdfs-client-plus.git
Other non-required information can be filled in as needed.
After the submission is completed, an Issue will be created, and the content will be displayed as follows:
Obviously, it is currently in a "pending" state, waiting for review. More than ten minutes after writing this article, the official reviewer responded "Waiting for Response". At the same time, the corresponding prompt comment information will appear under Issues.
This is mainly to verify the above GroupId to determine whether the corresponding domain name is owned by you. For example, the GroupId filled in here is top.folen. Then the domain name that needs to be verified is folen.top.
Two verification methods are provided in the comments, one is to configure DNS as required, and the other is to directly use the second-level domain name of GitHub.
Here I finally chose to use the second-level domain name of GitHub as the GroupID. At this time, the official reply is as follows:
In order to verify whether the platform has account permissions on GitHub, the applicant needs to create a project named "OSSRH-59503" on GitHub. Create such an empty project on GitHub, and then reply in the comment area.
After the reply is complete, wait for a while and the review is complete.
The entire above process took about 40 minutes, and the official reply was relatively timely. Since the operation was carried out at four or five in the afternoon, I am not sure if you will encounter jet lag during the operation. You can check the response status of Issues submitted by others recently on the main panel to confirm whether to wait.
Install and configure GPG
All files published to the Maven repository must be signed with GPG to ensure integrity. Therefore, we need to install and configure GPG locally.
I use the Mac operating system, and everyone searches for the installation of other operating systems.
Installing GPG on MacBook is very simple, just download and install GPG Suite: https://gpgtools.org/
After the installation is complete, you can enter the operation interface for creating a GPG key pair, and the following page will pop up after the installation under Mac:
When generating the key, you will need to enter the name, email, and password. The secret key password will be used in the next steps, please write it down.
After the public key is created, it will automatically pop up and upload it to the public key server, so that other people can verify the integrity of the jar package through the public key.
If you forget the public key information, you can execute the gpg --list-keys command to view the local public key information.
192:~ zzs$ gpg --list-keys
/Users/zzs/.gnupg/pubring.kbx
-----------------------------
pub dsa2048 2010-08-19 [SC] [过期于:2020-06-15]
85E38F69046B44C1EC9FB07B76D78F0500D026C4
uid [ 已过期 ] GPGTools Team <[email protected]>
pub rsa4096 2020-05-04 [SC] [有效至:2024-05-03]
B97E9964ACAD1907970D37CC8A9E3745558E41AF
uid [ 未知 ] GPGTools Support <[email protected]>
sub rsa4096 2020-05-04 [E] [有效至:2024-05-03]
pub rsa4096 2020-07-27 [SC] [有效至:2024-07-27]
74C31F28121A99A6E28C234148FEC679B82EF754
uid [ 绝对 ] secbro <[email protected]>
sub rsa4096 2020-07-27 [E] [有效至:2024-07-27]
You can also upload the public key information to the server in the following form:
gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys B97E9964ACAD1907970D37CC8A9E3745558E41AF
Among them, B97E9964ACAD1907970D37CC8A9E3745558E41AF is the one found above.
If it is a Windows operating system, after installing the software, open the cmd command line, execute gpg --gen-key to generate the key, execute gpg --list-keys to view the key list, and execute the above command to upload the key.
Configure Maven's setting.xml
Setting.xml is the global configuration file of Maven. The path is $MAVEN_HOME/conf/settings.xml. The Username and Password configured when registering the Sonatype account need to be added to the servers tag, so that the jar package can be deployed to the Sonatype OSSRH warehouse:
<server>
<id>sonatype-nexus-snapshots</id>
<username>Sonatype账号</username>
<password>Sonatype密码</password>
</server>
Configure the pom.xml of the project
According to the requirements of Sonatype OSSRH, the following information must be configured:
- Supply Javadoc and Sources
- Sign Files with GPG/PGP
- Sufficient Metadata
- Correct Coordinates
- Project Name, Description and URL
- License Information
- Developer Information
- SCM Information
Add open source license agreement, SCM information, developer information and wait to fill in according to your own information.
<licenses>
<license>
<name>BSD 3-Clause</name>
<url>https://spdx.org/licenses/BSD-3-Clause.html</url>
</license>
</licenses>
<scm>
<connection>https://github.com/secbr/fastdfs-client-plus.git</connection>
<url>https://github.com/secbr/fastdfs-client-plus</url>
</scm>
<developers>
<developer>
<name>secbr</name>
<email>[email protected]</email>
<roles>
<role>Developer</role>
</roles>
<timezone>+8</timezone>
</developer>
</developers>
If you release the Release version, you need to add the relevant profile configuration of Release, and modify the configuration information in the distributionManagement section and maven-compiler-plugin section according to your actual situation.
<profiles>
<profile>
<id>release</id>
<build>
<resources>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.properties</include>
<include>**/*.sample</include>
</includes>
</resource>
</resources>
<plugins>
<!-- Source -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Javadoc -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<configuration>
<show>private</show>
<nohelp>true</nohelp>
<charset>UTF-8</charset>
<encoding>UTF-8</encoding>
<docencoding>UTF-8</docencoding>
<additionalparam>-Xdoclint:none</additionalparam>
<javadocExecutable>/Library/Java/JavaVirtualMachines/jdk1.8.0_151.jdk/Contents/Home/bin/javadoc</javadocExecutable>
<!-- TODO 临时解决不规范的javadoc生成报错,后面要规范化后把这行去掉 -->
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- GPG -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<!--Compiler -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<fork>true</fork>
<verbose>true</verbose>
<encoding>UTF-8</encoding>
<showWarnings>false</showWarnings>
</configuration>
</plugin>
<!--Release -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5.1</version>
</plugin>
</plugins>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype-nexus-snapshots</id>
<name>Sonatype Nexus Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype-nexus-snapshots</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</profile>
</profiles>
The snapshotRepository is the id of the server defined in setting.xml.
Publish Jar package
After completing the above configuration, you can package and upload through commands, and then the jar package can be published to the Sonatype OSSRH warehouse.
mvn clean deploy -P release
Execute the above command, package and upload. release is the id of the profile element configured above.
In the process of execution, you need to enter the key password set above. The console display of successful execution is shown in the figure.
[Friendly Tips] If a 401 error occurs during the packaging process, it may be because the username and password configured on the Server node in the Maven configuration file are incorrect, or the Issue has not been approved.
Visit any of the above links at this time to query the corresponding information. For example, remove the specific files in the URL and leave only the following path: https://oss.sonatype.org/content/repositories/snapshots/com/github/secbr/fastdfs-client-plus/1.0.0-SNAPSHOT/
Access to the above path, you can view all uploaded file information.
View release jar package
At this point, go to https://oss.sonatype.org/#stagingRepositories to view the released components, click on the Staging Repositories on the left, you can use Group Id or other information to search for your own projects.
If the user name or password pops up, enter the corresponding user and password information when registering sonatype.
At this point, it should be noted that if the version information in the project is 1.0.0-SNAPSHOT, that is, SNAPSHOT is the suffix, the published project is located in the Snapshots directory. It can be found in Artifact Search in the upper left corner.
If it is a Release suffix, you can directly see it in Staging Repositories (you may have to wait a little while waiting for the platform to process it).
After selecting the repository, click close. When close, it will check whether the published components meet the requirements. If it meets the requirements, the close is successful. After success, click the release pointed by the arrow to officially release the jar package to the Sonatype OSSRH warehouse.
When you click Release, you will receive a message about Issues changes in the email, indicating that the synchronization has been activated, and the synchronization can be updated within 10 minutes.
About 2 hours after the release is successful, the component will be synchronized to the Maven central warehouse, and there will be an email notification.
In practice, it was found that it was successfully synchronized to the central warehouse at https://repo1.maven.org/ within ten minutes.
Gradually, other Maven repositories, including Ali mirrors, will be synchronized.
ending
When the release to the Maven central warehouse is completed and the corresponding Jar package can be seen, you can add a Comment to the Issue you submitted, leave a message to thank you and indicate that the release has been completed, please close the Issue. There is a beginning and an end.
As a programmer, is it exciting to finally have a set of own code in the central Maven warehouse?
Original link: " How to publish my project to Maven Central Warehouse? 》
