主要是针对OSSRH,参考http://maven.apache.org/guides/mini/guide-central-repository-upload.html
- 完善pom 参考http://central.sonatype.org/pages/requirements.html
-
- 完善的 groupId, artifactId, version
- Project Name, Description and URL
- License Information
- Developer Information
- SCM Information
- A Complete Example POM
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example.applications</groupId>
<artifactId>example-application</artifactId>
<version>1.4.7</version>
<packaging>jar</packaging>
<name>Example Application</name>
<description>A application used as an example on how to set up pushing
its components to the Central Repository.</description>
<url>http://www.example.com/example-application</url>
<licenses>
<license>
<name>The Apache License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<developers>
<developer>
<name>Manfred Moser</name>
<email>manfred@sonatype.com</email>
<organization>Sonatype</organization>
<organizationUrl>http://www.sonatype.com</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:git@github.com:example/example-application.git</connection>
<developerConnection>scm:git:git@github.com:example/example-application.git</developerConnection>
<url>git@github.com:example/example-application.git</url>
</scm>
<dependencies>
<dependency>
<groupId>…</groupId>
<artifactId>…</artifactId>
<version>…</version>
</dependency>
…
</dependencies>
</project>
- 加密Maven密码 参考http://www.damnedsoftware.com/publishing-to-maven-central-using-ossrh/
-
- 创建主密码:$mvn -emp master-password
{S/Fcg0gizpcHCeYMdAapSKtccedKM6mYifesMj9sSNI=}
-
- 修改.m2/settings-security.xml:<settingsSecurity> <master>{S/Fcg0gizpcHCeYMdAapSKtccedKM6mYifesMj9sSNI=}</master> </settingsSecurity>
- 注册jira 参考 http://www.cnblogs.com/gaoxing/p/4359795.html
-
- 注册一个JIRA账号: https://issues.sonatype.org/secure/Signup!default.jspa
- 创建一个新工程的单: https://issues.sonatype.org/secure/CreateIssue.jspa?issuetype=21&pid=10134 只有当这个jira单的状态我resolved时,才可以提交jar包
- 加密OSSRH密码:$mvn -ep jira-password
- 设置OSSRH凭证,修改maven的settings.xml 。密码用加密好的密文。
<settings> … <servers> <server> <id>ossrh</id> <username>jira-id</username> <password>jira-password</password> </server> </servers> … </settings>
- Distributing public key 参考 http://central.sonatype.org/pages/working-with-pgp-signatures.html
-
- 查看已有的公钥:$gpg –list-keys
- 创建:$ gpg –gen-key
- 备份公钥:$ gpg –export -a "adamslee@outlook.com" > public.key
- 备份私有:$ gpg –export-secret-key -a "adamslee@outlook.com" > private.key
- 创建回收用的凭证:$ gpg –gen-revoke AdamsLee
- 提交公钥:$ gpg –keyserver hkp://pool.sks-keyservers.net –send-keys 525B5B81
- 修改GPG配置 参考http://www.damnedsoftware.com/publishing-to-maven-central-using-ossrh/
-
- 修改.m2/settings.xml
<settings>
…
<profiles>
<profile>
<id>project-name-release</id>
<properties>
<gpg.keyname>CCCCCCCC</gpg.keyname>
</properties>
</profile>
</profiles>
…
</settings>
project-name是项目名称;CCCCCCCC是gpg的key-id
-
- It relies on the gpg command being installed and the GPG credentials being available e.g. from .m2/settings.xml. In addition you can configure the gpg command in case it is different from gpg. This is a common scenario on some operating systems.
<settings>
<profiles>
<profile>
<id>ossrh</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg2</gpg.executable>
<gpg.passphrase>the_pass_phrase</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>
- 修改POM.xml
-
- 添加distributionManagement:
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<pluginManagement>
<plugins>
…
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5</version>
<configuration>
<useReleaseProfile>false</useReleaseProfile>
<arguments>-Pproject-name-release</arguments>
<pushChanges>false</pushChanges>
<localCheckout>true</localCheckout>
<goals>deploy</goals>
</configuration>
</plugin>
…
</plugins>
</pluginManagement>
1. pushChanges is set to false. This means maven-release is not configured to automatically push up commits or tags it creates to the remote. This avoids potential issues that arise when the release fails, and having to manually fix upstream history.
2. localCheckout is set to true. Meaning a local checkout is used instead of doing one from the upstream repository. This is required because automatic pushing is turned off.
3. arguments is set to -Pproject-name-release. This activates the project-name-release profile when the maven-release plugin is used.
-
- 添加nexus-staging-maven plugin 参考 http://www.damnedsoftware.com/publishing-to-maven-central-using-ossrh/
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.3</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
-
- 添加 project-name-release profile 参考http://www.damnedsoftware.com/publishing-to-maven-central-using-ossrh/
<profiles>
<profile>
<id>project-name-release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
-
- Javadoc and Sources Attachments 参考http://central.sonatype.org/pages/apache-maven.html
To get Javadoc and Source jar files generated, you have to configure the javadoc and source Maven plugins.
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
- Nexus Staging Maven Plugin for Deployment and Release
-
- If your version is a release version (does not end in -SNAPSHOT) and with this setup in place, you can run a deployment to OSSRH and an automated release to the Central Repository with the usual: 参考 http://central.sonatype.org/pages/apache-maven.html
$mvn clean deploy
如果是-SNAPSHOT版本,则可以直接发布
-
- With the property autoReleaseAfterClose set to false you can manually inspect the staging repository in Nexus and trigger a release of the staging repository later with
$mvn nexus-staging:release
-
- If you find something went wrong you can drop the staging repository with
$mvn nexus-staging:drop
- Performing a Release Deployment with the Maven Release Plugin 参考 http://central.sonatype.org/pages/apache-maven.html http://www.damnedsoftware.com/publishing-to-maven-central-using-ossrh http://maven.apache.org/maven-release/maven-release-plugin/
-
- Complete the following to perform a release:
$ mvn release:clean release:prepare
-
- If for any reason prepare fails, run:
$ mvn release:rollback
-
- Finally:
$ mvn release:perform
-
- Push up the tag and commits generated by the maven-release plugin:
$ git push origin master && git push origin <tag-name>