introduce
For the first time, I was very excited about the official open source project, so I couldn't wait to upload it to Maven central warehouse for users to reference. This tutorial will be explained from scratch, but due to the change of timeliness, readers still need to think about how to deal with the problems in each process.
Briefly explain the process of uploading to Maven central warehouse
- First of all, we need to create a Sonatype JIRA account. This platform can be understood as a set of work order tracking system, which has nothing to do with Maven warehouse.
- After creating the above account, we need to create a work order to create an open source Maven project
- After the work order is created, the background administrator will review the information you submitted. After the review and various preparations are completed, you can log in to the nexus repository manager platform assigned to you to manage the maven archive you published. It should be noted here that this is not the central warehouse. This is one of the maven private servers assigned to you. Of course, it will eventually be synchronized to the central warehouse.
- Configure our open source project and deploy it to the assigned maven private server.
- The archive is accessed in real time on the private server, but it takes time to synchronize to the central warehouse.
- Well, that's the general process. Let's explore it step by step.
Maven(sonatype) account preparation
1. Register Sonatype JIRA account
https://issues.sonatype.org/secure/Signup!default.jspa This connection is the registered address. Below is the picture
Just register according to the prompt. There is nothing to say. The only thing to say is that the account and password are recorded clearly. After all, this is not commonly used. Log in after registration
2. Create a work order
Click the Create button below. The interface style may change in the future, but the general meaning is very clear, that is, find the place to create a work order
Proejct selects (Community Support - Open Source Project Repository Hosting (OSSRH)). There are many options. The option we choose means (community supported open source project repository OSSRH - we can understand that this is Maven private server warehouse)
Fill in the contents according to the prompts in the table below, which is explained here
- Summary is the name of your project
- Description optional
- GroupId (this is the most important, and it is also reviewed by the background administrator. Looking down, we will specifically introduce how to write GroupId. Of course, this can also be changed after it is created successfully)
- Project URL your project official website or git address can be
- SCM url your open source warehouse address, such as github, gitee, etc
- username your awesome name
3. Verify GroupId
Since I have created all processes, I can only write tutorials according to the change log of the work order. At first, my GroupId was org pettyfox. timeline
The above figure probably means whether you own pettyfox org, I wanted to buy one org domain name, but unfortunately, I can't buy it in China at present, so I changed the GroupId to com pettyfox. Timeline, I owned pettyfox before COM domain name,
Domain name based authentication
Do you own the domain pettyfox.org? If so, please verify ownership via one of the following methods: Add a TXT record to your DNS referencing this JIRA ticket: OSSRH-71087 (Fastest) https://central.sonatype.org/faq/how-to-set-txt-record/ Setup a redirect to your https://github.com/mathcoder23 page (if it does not already exist)
The general meaning is to add a TXT type resolution to the root resolution of the domain name, and the content is OSSRH-71087. Here you can change it according to your own ossrh XXX. The operation of this domain name should be very simple. I won't post the steps. The purpose of this is very simple. It is to verify whether you are the owner of this domain name.
About the relationship between domain name and GroupId: if we have a domain name, such as opensource COM, then GroupId must be com It doesn't matter what you write after opensource
Verification based on open source warehouse
Sometimes we don't have a domain name and don't want to buy it, so we can verify it through the platform of open source warehouse, such as GitHub, GitLab, Gitee, Bitbucket and SourceForge
The following is the official tutorial
If you do not own this domain, please read: https://central.sonatype.org/publish/requirements/coordinates/ You may also choose a Group ID that reflects your project hosting, in this case, something like io.github.mathcoder23 Edit your Group Id and create public repo called https://github.com/mathcoder23/OSSRH-71087 https://central.sonatype.org/publish/requirements/coordinates/#supported-code-hosting-services-for-personal-groupid com.github Group IDs are invalid now but io.github may be used instead. Please read the following for more info: https://central.sonatype.org/changelog/#2021-04-01-comgithub-is-not-supported-anymore-as-a-valid-coordinate If you decide to change your Group ID, please edit this ticket and update the Group ID field.
First you can enter https://central.sonatype.org/publish/requirements/coordinates/ View detailed steps.
The following is the corresponding relationship between GroupId and project name. You can install the corresponding tutorial to operate
The most critical step should be to create a public repository named ossrh XXX or create ossrh XXX in the pages page of github
The verification of GroupId is basically like this. The key is to carefully read what the administrator said according to the GroupId verification guidance pushed by the administrator. This is the best solution, because these processes may be updated and abandoned at any time.
4. Circulation work order status
The function of this step is to tell the administrator that we are ready. Please help me deal with it.
I'm already RESOLVED here. Yours should be OPEN. I forgot where to click. Anyway, find a button in the red box and change the status to: waiting for response
Change OPEN to wait for response
5. Work order processing completed
If everything goes well, there will be results in about a few minutes. The results are as follows, and the final work order status will become RESOLVED
The change group name in the first line doesn't matter. The message below tells me that I have verified that I am com The owner of pettyfox,
Tell me the Maven private server management address is https://s01.oss.sonatype.org It should be noted here that your address depends on the content of the comment, because it was OSS before sonatype. Org, my content is as follows
com.pettyfox.timeline has been prepared, now user(s) pettyfox23 can: Publish snapshot and release artifacts to s01.oss.sonatype.org Have a look at this section of our official guide for deployment instructions: https://central.sonatype.org/publish/publish-guide/#deployment Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central. Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide: https://central.sonatype.org/publish/release/ ###### As part of our efforts to improve the security and quality posture of the open source supply chain, we plan to enable additional scanning of dependencies for security alerts soon. Since you're already hosting your source code in Github, you can get insights into code and dependency quality today by enabling the free Muse code quality scan. This will provide feedback right in your pull requests. More information can be found at https://www.sonatype.com/product/musedev-maven ######
The above text tells us the address of Maven warehouse, snapshot address and official version address
Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central It is said here that you must Comment once (send a Comment at the bottom) to activate the component to synchronize to the central warehouse
6. Log in to nexus repository manager
According to the above official reply, our nexus repository manager address is https://s01.oss.sonatype.org And the account password is the same as that of Sonatype JIRA
After login, the page is as follows
In order to facilitate maven's packaging and upload verification, we apply for Token based verification
7. User Token generated by nexus repository manager platform
This step can be completed later when packaging and uploading, and can be skipped
Click the user name in the upper right corner of the background, and then click Profile
Select the drop-down box below and select User Token
Follow the prompts to create a User Token and save it
Now we have completed the preparation of the account
Maven project packaging and uploading process
Here's an explanation. In fact, the official guidance document has made it very clear. I'll post the address below for reference
Packaging brief configuration description
- Improve the basic introduction of the project in Maven
- Configure Developer Information
- Configure scm open source code information
- Configure distribution warehouse address
- Configuring java source code generation plug-ins
- Configuring the Java doc generation plug-in
- Configure the gpg jar package signature plug-in (to ensure that the jar package is compiled by you and will not be tampered with by others)
- Configure ossrh login account
1. Project POM XML configuration
pom below refers to pom under the project xml
Basic information of pom project
<name>timeline-mq</name>
<description>A message queue for timeline. core is redis stream</description>
<url>https://github.com/mathcoder23/timeline-mq</url>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<developers>
<developer>
<name>Petty Fox</name>
<email>mathcoder23@126.com</email>
<url>https://github.com/mathcoder23</url>
</developer>
</developers>
<scm>
<url>https://github.com/mathcoder23/timeline-mq</url>
<connection>https://github.com/mathcoder23/timeline-mq.git</connection>
<developerConnection>https://github.com/mathcoder23/timeline-mq</developerConnection>
</scm>
This step can be completed according to the configuration understanding
Differences between snapshot and release in maven
In maven version management, the jar package is divided into two important versions, one is the snapshot version and the other is the official version. The snapshot version means that it may be updated and changed frequently. Therefore, it must be pulled every time maven is synchronized
Configure distribution management
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
It should be noted here that whether your private server address is as important as mine. You need to see the address in the official guidance document replied to you in the work order
pom packaging plug-in configuration
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<tags>
<tag>
<name>date</name>
</tag>
</tags>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
It is suggested that the above pom code should not be copied and pasted without thinking. Be sure to think about its role and whether it is consistent with your environment
2. Installation and use of GPG signature tool
download
https://www.gnupg.org/download/ You can download the installation prompt, and then install it yourself. After the installation is completed, restart the command line, and there should be a gpg command
Generate secret key
Specify the command GPG -- Gen key, and fill in the corresponding information according to the prompt
The Maven Gpg plugin should read the Gpg key information
3. Configure ~ / m2/setting.xml
The following configuration is used to upload authentication after packaging
The account password here can be the User Token generated in the above tutorial or the login password,
Note that the id under server must be the same as POM Consistency defined in XML
<servers> <server> <id>ossrh</id> <username>XRLLzbbOaaN</username> <password>xxx</password> </server> </servers>
4. Packaging - Deployment
mvn clean package
After executing this command, packaging will start, and you will be prompted to enter the key password of Gpg.
Final process
After completing the package command, we log in https://s01.oss.sonatype.org/
Generally, the packages we publish need to undergo Close detection in Staging Repositories and then Release, but some will be completed automatically. If you find a package submitted by you in Staging Repositories, you need to Close it and Release it. Otherwise, you can search it directly in this repository.
As shown below
After the above, we search for components
So far, we have succeeded
Pit summary
The central warehouse couldn't find my bag
Look at the content in the red box below, which means that you need to comment on this work order before you can activate the behavior of synchronizing private warehouses to central warehouses.
Finally, after we click the Comment comment in the lower left corner, we are happy to receive a successful reply. I've started the synchronization task for me https://repo1.maven.org/maven2/ The time to pull components is usually half an hour https://search.maven.org It can be searched, usually in 4 hours.
https://oss.sonatype.org And https://s01.oss.sonatype.org
In the previous tutorials, the secondary domain name oss was used, but from February 2021, the tertiary domain name s01 was used
From the perspective of this three-level domain name, there is no guarantee that addresses such as s02 and s03 will not appear later, so it is most important to see your corresponding documents
OSSRH Usage Notes⚓︎ Accessing Repositories⚓︎ The following repositories allow you to access your components in OSSRH directly. Users will simply get your components directly via the Central Repository, but for committers and other collaborators on your project this list might be useful. Repository URL for snapshot deployment and download access https://s01.oss.sonatype.org/content/repositories/snapshots/ Repository URL for release deployment, no download access! https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ Note: As of February 2021, all new projects began being provisioned on https://s01.oss.sonatype.org/. If your project is not provisioned on https://s01.oss.sonatype.org/, you will want to use the legacy host https://oss.sonatype.org/.
Experience
This tutorial can only give you some guidance on the process and precautions. Due to the change and development of documents, we should take the official documents as the primary reference at any time, and other blog contents including this blog should be the secondary reference. The guidance process of sonatype reply has been very detailed. A careful understanding of the content of the expression is also a way to avoid the pit.