register
First go to the sonatype official website to register!
Find the registration "sign up", as shown in the figure, to register!
Log in
After logging in, click "create" at the top of the page to create an issue.
Obtained as shown below.
- Summary: Write what you want to do, the functionality of your package. Simple overview, keep it short.
- Description: You can copy the summary directly, and then add a little description.
- Group Id: It is recommended to write github. For example, mine will be
io.github.dslzcable to pass quickly. I have not tried my own domain name, although I have my own domain name. - Project UR : The description of your project, just fill in the github address of your project.
- SCM url: with instructions, such as https://github.com/DSLZC/dslcode-common-utils.git.
- Username(s): Invite others with permission to complete this project together. I didn't fill it in.
Waiting for Issue approval
Online says it will take one to two days. Why did I miss this step in seconds. After about 20 seconds, I received an email. Maybe the github I filled in is more serious and authentic.
Configure GPG
If it is a Windows operating system, you need to download the Gpg4win software to generate a key pair. It is recommended that you download the Gpg4win-Vanilla version, as it only includes GnuPG, which is what we need.
After installing the GPG software, open a command line window and do the following in sequence:
- Check if the installation is successful
gpg --version
The version information of GPG can be displayed, indicating that the installation is successful.
- Generate key pair
gpg --gen-key
At this time, you need to enter fields such as name, email, and other fields. You can use the default values. In addition, you also need to enter a Passphase, which is equivalent to the password of a keystore. You must not forget it or tell others. It is best to write it down, because will be used later.
- View public key
gpg --list-keys
as follows:
D:\IdeaProjects\ScriptSpider>gpg --list-keys pub rsa2048 2018-01-10 [SC] [expires: 2020-01-10] E7135ADD7985270EC66E0B2F735A5D90291062B9 uid [ultimate] dongsilin <[email protected]> sub rsa2048 2018-01-10 [E] [expires: 2020-01-10]
My public key is: E7135ADD7985270EC66E0B2F735A5D90291062B9
- Publish the public key to the PGP key server
gpg --keyserver hkp://pool.sks-keyservers.net:11371 --send-keys E7135ADD7985270EC66E0B2F735A5D90291062B9
After that, the local private key can be used to digitally sign the uploaded component, and the user who downloads the component can verify the signature through the uploaded public key, that is, you can verify whether the component was uploaded by yourself, because it is possible This component has been tampered with by bad guys.
- Query whether the public key is released successfully
gpg --keyserver hkp://pool.sks-keyservers.net:11371 --recv-keys E7135ADD7985270EC66E0B2F735A5D90291062B9
In fact, the public key is received from the key server through the public key ID. In addition, it can also be queried through the public key ID on sks-keyservers.net.
Modify the Maven configuration file
...
<servers>
<server>
<id>dslcode</id> // echo here
<username>dslcode</username> // username for logging in to sonatype
<password>************************</password> // Password for logging in to sonatype
</server>
</servers>
...
Modify your project's pom file
You can add your own others, this is my pom at the time.
<groupId>io.github.dslzc</groupId>
<artifactId>dslcode.common.utils</artifactId>
<version>0.0.1</version>
<packaging>jar</packaging>
<name>Java-Common-Utils</name>
<description>My Java Common Utils</description>
<url>https://github.com/DSLZC/dslcode-common-utils</url>
<licenses>
<license>
<name>The MIT License (MIT)</name>
<url>http://www.opensource.org/licenses/mit-license.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<name>****</name>
<email>****@foxmail.com</email>
</developer>
</developers>
<scm>
<connection>scm:git:https://github.com/DSLZC/dslcode-common-utils.git</connection>
<developerConnection>scm:git:https://github.com/DSLZC/dslcode-common-utils.git</developerConnection>
<url>https://github.com/DSLZC/dslcode-common-utils</url>
</scm>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring.version>4.3.3.RELEASE</spring.version>
<aspectj.version>1.8.9</aspectj.version>
<servlet.version>3.1.0</servlet.version>
<javax.validation.version>1.1.0.Final</javax.validation.version>
<fasterxml.version>2.8.1</fasterxml.version>
<commons.io.version>2.4</commons.io.version>
<dom4j.version>1.6.1</dom4j.version>
<dozer.version>5.5.1</dozer.version>
<lombok.version>1.16.10</lombok.version>
<joda.time.version>2.9.4</joda.time.version>
<apache.poi.version>3.14</apache.poi.version>
<thumbnailator.version>0.4.8</thumbnailator.version>
</properties>
<dependencies>
************
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<addMavenDescriptor>true</addMavenDescriptor>
<index>true</index>
<manifest>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.10.1</version>
<executions>
<execution>
<id>attach-javadoc</id>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<additionalparam>-Xdoclint:none</additionalparam>
</configuration>
</execution>
</executions>
<configuration>
<show>public</show>
<charset>UTF-8</charset>
<encoding>UTF-8</encoding>
<docencoding>UTF-8</docencoding>
<failOnError>false</failOnError>
<!--<excludePackageNames>com.dslcode.*</excludePackageNames>-->
</configuration>
</plugin>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<distributionManagement>
<snapshotRepository>
<id>dslcode</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>dslcode</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
Upload components to OSS
mvn clean deploy -Dmaven.test.skip=true -Dgpg.passphrase=************
Sometimes it will pop up to let you enter the Passphase password. Passphase is the password of the GPG key pair, and only you know it. You have been told to keep this in mind in the previous steps.
Then you will see a lot of upload information, and the speed is relatively slow. If there is a timeout, you need to try again and again.
Publish artifacts in OSS
Open https://oss.sonatype.org , log in with your own Sonatype account, click on Staging Repositories on the left, you can see the components you just uploaded at the bottom, or search for your own components.
These components are currently placed in the Staging warehouse, which can be used for fuzzy query to quickly locate their own components.
At this point, the state of the widget is Open, you need to check it, and then click the Close button.
Next, the system will automatically verify whether the component meets the specified requirements. When the verification is completed, the status will change to Closed.
If there is a problem with the inspection, there will be detailed records, you need to drop the modified component, and then re-deploy after solving the problem.
Finally, click the Release button to release the widget.
Notify Sonatype that "Artifact has been published successfully"
It is necessary to reply a "component has been successfully published" (Hi, my component has been successfully published. thanks!) comment under the issue that was created once, this is to inform the Sonatype staff to approve the component that needs to be published, and work after publishing Personnel will close the issue.
Show my issue
From this screenshot, you should know what we all did.
If publishing, please note that artifactId cannot be-SNAPSHOT
Because from the screenshots (proven), once your issue is approved for the first time, you can publish -SNAPSHOT, and I tried using my -SNAPSHOTversion of the jar at the time, and no follow-up was required.
Waiting for component approval
Yes, I still have to wait, I probably waited for more than an hour. See my mailing list for replies. It means that it can be used in about 10 minutes and can be searched in 2 hours. I guess the mirrored one should be slower and needs to be synchronized. I feel that their efficiency is still very high, and it is not used by others for one or two days.
Finally, you can go to the central repository to search for the components you published! Central repository search website: http://search.maven.org/
after the first time
You can drive with peace of mind~
The subsequent release process is:
-
After the artifact is ready, upload the build at the command line
-
"close" and "release" artifacts at https://oss.sonatype.org/
-
After waiting for synchronization (about 2 hours or more), it is ready to use.
OK, ready to get off! ! ! ! ! ! !