Jar package to publish Maven repository (in preparation for the development of open-source middleware)

Micro-channel public number: bugstack wormhole Stack | precipitation, to share, grow, focusing on original themes case, in a manner most likely to learn programming to share knowledge, to help themselves and others to learn something. The topic has been completed there; Netty4.x actual topic cases, to achieve JVM in Java, based JavaAgent full link monitoring, handwriting RPC framework, architecture design project case [Ing] and so on.

Preface Introduction

(19 December) recently wanted to be an open source project based on shared Spring Boot, the development of a distributed task DcsSchedule middleware can enhance the Schedule. So hope to have a problem letting Jar package to Maven central repository so that users need to use it can be introduced directly.

Release Readiness

	content	Remark
1	Application Github account: github.com	For uploading Open Source: github.com/fuzhengwei/...
2	GPG generate a key tool: gpg4win.org/download.ht...	In the subsequent installation process to generate the key to download and upload location server, the server used herein: hkp: //keyserver.ubuntu.com: 80
3	Ticket System: issues.sonatype.org	Responsible for applying for eligibility and complete the upload first upload, subsequent updates do not need to use the equivalent of a starter
4	Warehouse components: oss.sonatype.org	Upload the jar package will first be stored here, you can publish to the maven central warehouse in here after Release, it can also be set to automatically publish local
5	Mirror Warehouse: search.maven.org	The ultimate success of the jar can publish here to search
6	Maven repository: mvnrepository.com	After several hours of waiting patiently to be found in the Maven repository
7	Ali Cloud Storage: maven.aliyun.com	Ali cloud repository synchronization will be faster
8	Personal domain: bugstack.cn	Here mainly for work order eligibility verification (Add a TXT record to your DNS referencing this JIRA ticket: OSSRH-53637 (Fastest))

Follow the rhythm

1. Download install key generation Gpg

We need a GPG environment, it is used to upload files encrypted and signed, to ensure that your package has not been tampered jar

In 1991, a programmer Phil Zimmermann in order to avoid government surveillance, developed encryption software PGP. The software is very easy to use, rapid spread, it has become an indispensable tool for many programmers. However, it is commercial software, not free to use. So, the Free Software Foundation decided to develop a replacement for the PGP, named GnuPG. This is the origin of GPG.

Download: gpg4win.org/download.ht...
After completing the download can be installed directly compare fool installation is very simple, remember to choose Chinese (English hard if you can not vote)
Generating a key (the command line may be used to generate, may be generated directly in the user interface)
1. File> New key (Ctrl + N) - Create a personal OpenPGP key pair
2. Fill in your personal information and click on the name and email to the New
3. Fill in key cryptography
4. Upload the public key to the directory service {If the upload fails, by: setting (S) -> Configure Kleopatra (C), modifying OpenPGP key server: hkp: //keyserver.ubuntu.com: 80}

2. Work Order System account registration issues.sonatype

1. Registered address: issues.sonatype.org/secure/Sign...

2. Create a Work Order

项目：Community Support - Open Source Project Repository Hosting
Summary: The name of Jar
Description: optional, best described as clear
Group Id: org.itatack.middleware & domain name and your relationship, because follow-up is required domain name verification
Project URL: Github project site ( github.com/fuzhengwei/... )
SCM url: source repository ( github.com/fuzhengwei/... )

3. with manual review

When you create a single completion, receive feedback (abroad and we have time poor, middle of the night when they reviewed more quickly);

Do you own the domain itstack.org? If so, please verify ownership via one of the following methods:

Add a TXT record to your DNS referencing this JIRA ticket: OSSRH-53637 (Fastest)
Setup a redirect to your Github page (if it does not already exist)
If you do not own this domain, please read:
http://central.sonatype.org/pages/choosing-your-coordinates.html
You may also choose a groupId that reflects your project hosting, in this case, something like io.github.fuzhengwei or com.github.fuzhengwei

Would you like to use a free managed security reporting service (recommended)?
Put https://hackerone.com/central-security-project/reports/new as your project's security issue reporting URL. We'll take care of the rest.
For more details on the Central Security Project, visit https://www.sonatype.com/central-security-project
复制代码

Configuring domain verification signature; TXT point to the problem domain: issues.sonatype.org/browse/OSSR...
In the domain validation shots, back to the question, the manual review process will be verified

After successful authentication, you will receive e-mail reply, you can also be seen in issues {meaning to publish your Jar say it baby, tell me about the release complete (here under reply, I'll let you use)}

 org.itstack.middleware has been prepared, now user(s) fuzhengwei can:
 * Deploy snapshot artifacts into repository https://oss.sonatype.org/content/repositories/snapshots
 * Deploy release artifacts into the staging repository https://oss.sonatype.org/service/local/staging/deploy/maven2
 * Release staged artifacts into repository 'Releases'

 please comment on this ticket when you promoted your first release, thanks
复制代码

After waiting for the next release Jar package is successful, reply here and receive feedback, as follows (to prove you are successful!);

Central sync is activated for org.itstack.middleware. After you successfully release, your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.
复制代码

3. Configure Maven Settings.xml

1. Maven Settings.xml configuration servers are added;

<server>
	<id>sonatype-nexus-snapshots</id>
	<username>https://issues.sonatype.org的账号</username>
	<password>https://issues.sonatype.org的密码</password>
</server>
<server>
	<id>sonatype-nexus-staging</id>
	<username>https://issues.sonatype.org的账号</username>
	<password>https://issues.sonatype.org的密码</password>
</server>
<server>
	<id>ossrh</id>
	<username>https://issues.sonatype.org的账号</username>
	<password>https://issues.sonatype.org的密码</password>
</server>
复制代码

2. In order to faster loading Jar, in the mirrors configured Ali cloud warehouse;

<mirror>
  <id>alimavenrepository</id>
  <name>aliyun maven repository</name>
  <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
  <mirrorOf>central</mirrorOf>        
</mirror>
复制代码

3. The key configuration, add a profile in the ossrh

<profile>
	<id>ossrh</id>
	<activation>
		<activeByDefault>true</activeByDefault>
	</activation>
	<properties>
		<gpg.executable>D:/Program Files (x86)/GnuPG/bin/gpg.exe</gpg.executable>
		<gpg.passphrase>上面生成的密钥密码：bugstack.cn</gpg.passphrase>
		<gpg.homedir>{找到dir：cmd->gpg --list-key}C:/Users/fuzhengwei/AppData/Roaming/gnupg</gpg.homedir>
	</properties>
</profile>
复制代码

4. Configure POM file

1. Add scm, licenses, developers, distributionManagement in the pom file

 <licenses>
	<license>
		<name>The Apache Software License, Version 2.0</name>
		<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
		<distribution>repo</distribution>
	</license>
</licenses>

<scm>
	<url>https://github.com/fuzhengwei/schedule-spring-boot-starter</url>
	<connection>https://github.com/fuzhengwei/schedule-spring-boot-starter.git</connection>
	<developerConnection>https://github.com/fuzhengwei/schedule-spring-boot-starter</developerConnection>
</scm>

<developers>
	<developer>
		<name>fuzhengwei</name>
		<email>[email protected]</email>
		<url>https://github.com/fuzhengwei/schedule-spring-boot-starter</url>
	</developer>
</developers>

<distributionManagement>
	<snapshotRepository>
		<id>ossrh</id>
		<url>https://oss.sonatype.org/content/repositories/snapshots</url>
	</snapshotRepository>
</distributionManagement>
复制代码

2. Configure compilation Ads build, gpg related plug-ins

maven-source-plugin to generate Source Jar file
maven-javadoc-plugin to javadoc generation
maven-gpg-plugin to the project file for automatic signature
nexus-staging-maven-plugin is used to publish the project to the central warehouse, additional attention to the need to specify closed doclint when javadoc generation, because otherwise I might use a non-standard javadoc comment and cause failure, complete configuration is as follows

<!-- 发布Jar到Maven仓库 Begin -->
<!--生成Source jar文件-->
<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-source-plugin</artifactId>
	<version>2.2.1</version>
	<executions>
		<execution>
			<id>attach-sources</id>
			<goals>
				<goal>jar-no-fork</goal>
			</goals>
		</execution>
	</executions>
</plugin>
<!--生成Javadoc，关闭doclint,避免注解检查不通过-->
<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-javadoc-plugin</artifactId>
	<version>2.9.1</version>
	<executions>
		<execution>
			<id>attach-javadocs</id>
			<goals>
				<goal>jar</goal>
			</goals>
			<configuration>
				<additionalparam>-Xdoclint:none</additionalparam>
			</configuration>
		</execution>
	</executions>
</plugin>
<!--Maven GPG插件用于使用以下配置对组件进行签名-->
<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-gpg-plugin</artifactId>
	<version>1.5</version>
	<executions>
		<execution>
			<id>sign-artifacts</id>
			<phase>verify</phase>
			<goals>
				<goal>sign</goal>
			</goals>
		</execution>
	</executions>
</plugin>
<!--Nexus Staging Maven插件是将组件部署到OSSRH并将其发布到Central Repository的推荐方法-->
<plugin>
	<groupId>org.sonatype.plugins</groupId>
	<artifactId>nexus-staging-maven-plugin</artifactId>
	<version>1.6.7</version>
	<extensions>true</extensions>
	<configuration>
		<serverId>ossrh</serverId>
		<nexusUrl>https://oss.sonatype.org/</nexusUrl>
		<autoReleaseAfterClose>true</autoReleaseAfterClose>
	</configuration>
</plugin>
<!-- release plugin,用于发布到release仓库部署插件 -->
<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-release-plugin</artifactId>
	<version>2.4.2</version>
</plugin>
<!-- 发布Jar到Maven仓库 End -->
复制代码

4. Perform released; Idea Maven -> Lifecycle -> Deploy

The next development release Jar package, the middle will be prompted to enter the password key generation time
oss.sonatype.org view published content

To the top "with manual review," according to the statement submitted by the successful release of information, verification is successful will receive a reply, as follows;

Central sync is activated for org.itstack.middleware. After you successfully release, your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.
复制代码

search.maven.org Search Version Information
maven.aliyun.com Ali cloud repository synchronization faster, you can view

In summary summary

The whole process is still very long, if the first attempt to go and get, ah, you probably have a sleepless night
Middle may encounter various exceptions errors, including keys, packing, hair version and so on, pay attention to details and its own carefully read this article several attempts, I fear, will succeed
Comparison of common-sense questions; with a RELEASE version can only be uploaded once otherwise it will fail, foreigners are really middle of the night because we reply faster they just dawn midnight