DEV Community

Genne23v
Genne23v

Posted on

Release OpenSSG to Maven Central

This week I have released my OpenSSG to Maven Central which is one of popular places developers store their dependencies or artifacts. I think there are multiple ways to release Java package. I found two resources are very useful.

Publish JAR To Central Maven Repository
Publishing a maven artifact 3/3: step-by-step instructions to MavenCentral publishing

Both have same process in the first half which is to create Sonatype account and GPG secret key.

To release Java package in Maven Central, you need to create a Sonatype account at https://issues.sonatype.org. Bot immediately responded to my ticket and told me what to update to complete a correct form. It took less than an hour to create my own namespace in Maven Central Repository due to the Bot. And you can do the next step in parallel.

Image description

Then, I needed a GPG key to sign my package. You can create and export it with below commands

  1. Create GPG key
gpg --full-generate-key    
Enter fullscreen mode Exit fullscreen mode

Also you can use below command as a short form.

gpg --gen-key
Enter fullscreen mode Exit fullscreen mode
  1. Export secret key
gpg --export-secret-keys <KEY_ID> -o secring.gpg
Enter fullscreen mode Exit fullscreen mode

If you follow the first blog, you don't have to export the key. And you don't have to use your full key ID. Instead you can use last 8 digit of your key ID.

  1. Send the key to the server
gpg --keyserver keyserver.ubuntu.com --send-keys <KEY_ID>
Enter fullscreen mode Exit fullscreen mode

There are more servers you can release your key. But it's not necessary. You can check more commands how to manage your keys and where to send on this page https://central.sonatype.org/publish/requirements/gpg/.

Next step is to create pom.xml file on your root project. You can use most of POM file example provided by Jakob Jenkov in the first blog link above. Except for one part. In the blog, nexus-staging-maven-plugin:1.6.8 was used, but you will face an API compatibility. You can simply change the version to 1.6.13 to avoid this issue. You can also check out POM file requirement from Sonatype.

Then, you need to create settings.xml in ~/.m folder (I'm using Mac). This was really tricky for me as a Java beginner. I created the file in my project folder and spent some time to figure it out. You can use below xml example for more clarity.

<!--settings.xml-->
<settings>
    <localRepository>/maven-repo</localRepository>
    <servers>
        <server>
            <id>ossrh</id>
            <username>Sonatype username</username>
            <password>Sonatype password</password>
        </server>
    </servers>
    <profiles>
        <profile>
            <id>Key ID</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <gpg.executable>gpg2</gpg.executable>
                <gpg.passphrase>Passphrase for your key</gpg.passphrase>
            </properties>
        </profile>
    </profiles>
</settings>

Enter fullscreen mode Exit fullscreen mode

Once you complete all above steps, mvn clean deploy will succeed. Note your staging profile ID, repository ID , and staging repository URL in the log. Also, you will have a comment on your Jira ticket saying that Central sync is activated. For me, it took about two hours to see my package in Nexus Repository Manager. I could also find my package at https://repo1.maven.org/maven2.

Image description

I have succeeded to upload my package in Maven Central. I will update more how to use my jar file from repository.

Top comments (0)