This week I have released my OpenSSG to Maven Central which is one of popular places developers store their dependencies or artifacts. I think there are multiple ways to release Java package. I found two resources are very useful.
Publish JAR To Central Maven Repository
Publishing a maven artifact 3/3: step-by-step instructions to MavenCentral publishing
Both have same process in the first half which is to create Sonatype
account and GPG secret key.
To release Java package in Maven Central, you need to create a Sonatype account at https://issues.sonatype.org. Bot immediately responded to my ticket and told me what to update to complete a correct form. It took less than an hour to create my own namespace in Maven Central Repository due to the Bot. And you can do the next step in parallel.
Then, I needed a GPG key to sign my package. You can create and export it with below commands
- Create GPG key
gpg --full-generate-key
Also you can use below command as a short form.
gpg --gen-key
- Export secret key
gpg --export-secret-keys <KEY_ID> -o secring.gpg
If you follow the first blog, you don't have to export the key. And you don't have to use your full key ID. Instead you can use last 8 digit of your key ID.
- Send the key to the server
gpg --keyserver keyserver.ubuntu.com --send-keys <KEY_ID>
There are more servers you can release your key. But it's not necessary. You can check more commands how to manage your keys and where to send on this page https://central.sonatype.org/publish/requirements/gpg/.
Next step is to create pom.xml
file on your root project. You can use most of POM file example provided by Jakob Jenkov in the first blog link above. Except for one part. In the blog, nexus-staging-maven-plugin:1.6.8
was used, but you will face an API compatibility
. You can simply change the version to 1.6.13
to avoid this issue. You can also check out POM file requirement from Sonatype
.
Then, you need to create settings.xml
in ~/.m
folder (I'm using Mac). This was really tricky for me as a Java beginner. I created the file in my project folder and spent some time to figure it out. You can use below xml
example for more clarity.
<!--settings.xml-->
<settings>
<localRepository>/maven-repo</localRepository>
<servers>
<server>
<id>ossrh</id>
<username>Sonatype username</username>
<password>Sonatype password</password>
</server>
</servers>
<profiles>
<profile>
<id>Key ID</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg2</gpg.executable>
<gpg.passphrase>Passphrase for your key</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>
Once you complete all above steps, mvn clean deploy
will succeed. Note your staging profile ID, repository ID , and staging repository URL in the log. Also, you will have a comment on your Jira ticket saying that Central sync is activated. For me, it took about two hours to see my package in Nexus Repository Manager
. I could also find my package at https://repo1.maven.org/maven2.
I have succeeded to upload my package in Maven Central. I will update more how to use my jar
file from repository.
Top comments (0)