In the previous article, I introduced my SpringBoot Starter project, which allows us to easily get operation logs and push them to specific data sources using annotations.
Previously, my project was open source on Github, and if you wanted to use my project, you had to configure the Github repository with Maven's Setting.xml is not convenient at all.
In this article, I'll sort out the process of uploading my project to the public Maven repository as a tutorial article.
I have to say that uploading a public Maven warehouse is still a very tedious process and almost never killed the popularity.
"Meng Xin Xue Kai Yuan" series articles are continuously updated:
How Meng Xin Writes Open Source 01 uses elegant notes to manipulate its log
How Meng Xin Write Open Source 02 submits the project to Maven Public Warehouse (this article)
How Meng Xin Writes Open Source Writes a SpringBoot Starter from 0 to 1
How Meng Xin Write Open Source enables your notes to support repeated notes
Code is not easy, ask for attention! Public Number: Backend Technology Talk, Blog Name: Barbaric Sauce
Overall process
There are many articles available on the Internet, mainly the following steps:
- Submit Issue in sonatype
- Configure gpg key
- Configure pom.xml and setting.xml
- mvn clean deploy
You must ask, what is the relationship between sonatype and the public Maven repository? Why do you need to operate on sonatype?
The Maven Central Warehouse does not support direct publishing of jar packages. We need to publish the jar package to some designated third-party Maven repositories, which then synchronize the jar package to the Maven central repository. The simplest way is through Sonatype OSSRH Warehouse to publish jar packages. Next, I'll show you how to publish a jar package to Sonatype OSSRH.
In addition, I want to reiterate that tutorials on the web are time-effective. Including this article is also (this article was written in December 2021). So the best way is to follow the documentation on the official website and solve the problem with the online tutorials, because the official website documentation is always the latest and best solution, and following the blog tutorials directly may take many detours.
Official Document Address: (This is not one of the documents you should see most)
https://central.sonatype.org/...
Okay, let's follow the official documents above step by step.
Submit work order in sonatype
First, you need to register an account on the sonatype website:
https://issues.sonatype.org/s...!default.jspa
Once created, log in and click New at the top of the page to submit a new issue.
The picture below is what I filled in when I created it. You can refer to it.
There are several main points to note:
- The name of the question, as long as it is roughly clear
- groupId needs to be written accurately
- Porject URL fills in Github repository address
- SCM url needs git suffix after Github repository address
After submitting, I thought it was manual review, but in fact, the automatic robot automatically responded to you. It asks you to prove that you have ownership of groupId's web address, for example, that I filled in cn.monitor4all, then I'm going to monitor 4all. Cn's website, add a TXT parse to point to this Issue (value written as OSSRH-xxxx).
If your groupId fills in com.github.xxx, you do not need to do the above steps. So if you don't have a domain name or you're in trouble, just use com.github.xxx is fine.
Since my website domain name was bought by myself and resolved by Tencent Cloud, I went to Tencent Cloud and added a TXT resolution value written as OSSRH-75759. (My work list address is https://issues.sonatype.org/b...)
In a few minutes, sonatype detects your domain name ownership.
Configure gpg key
In the second part, you need to set up the gpg key, the official gps key signing tutorial:
https://central.sonatype.org/...
You will be curious what GPG is, and GPG is an implementation of RSA algorithm.
Programmers, 1991 Phil Zimmermann To avoid government surveillance, the encryption software PGP was developed. This software is very useful, spread quickly, and became a necessary tool for many programmers. However, it is commercial software and cannot be used freely. So the Free Software Foundation decided to develop a replacement for PGP, named GnuPG. This is the origin of GPG.
Since sonatype allows you to upload to a public warehouse, you must be identified as a person. Prevent other malicious people from uploading Jar packages.
Let's go to the official website to download GunPG
https://www.gnupg.org/download/
There are various versions of the system to download, and I downloaded the MacOS version.
Once installed, we open ssh and enter the command:
➜ ~ gpg --generate-key
The secret key can be generated immediately following the operation. Here are my results, coded:
gpg (GnuPG/MacGPG2) 2.2.32; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use " gpg --full-generate-key" To get a full-featured key generation dialog. GnuPG You need to build a user identity to identify your key. Real name: xxxxxxx E-mail address: xxxxxxx@foxmail.com You have selected this user ID: "xxxxxxxx <xxxxx@foxmail.com>" Change name ( N),Notes ( C),E-mail address ( E)Or determine ( O)/Exit ( Q)? u Change name ( N),Notes ( C),E-mail address ( E)Or determine ( O)/Exit ( Q)? o We need to generate a large number of random bytes. Do something else during prime generation (tap the keyboard) ,Moving the mouse, reading and writing the hard disk, etc.) would be a good idea. This will make the random number Generators have a better chance of getting enough entropy. We need to generate a large number of random bytes. Do something else during prime generation (tap the keyboard) ,Moving the mouse, reading and writing the hard disk, etc.) would be a good idea. This will make the random number Generators have a better chance of getting enough entropy. gpg: Key 54 EC3C8FA3A5B50F Marked as absolute trust gpg: Catalog'/Users/xxxxxxxxx/.gnupg/openpgp-revocs.d'Created gpg: Revocation certificate has been stored as'/Users/xxxxxxxxx/.gnupg/openpgp-revocs.d/xxxxxxxxxxxxxxxxxxxxxxxxxxxx.rev' The public and private keys have been generated and signed. pub rsa3072 2021-12-06 [SC] [Effective until: 2023-12-06] 8BDxxxxxxxxxxxxxxxxxxxxxxxxxxxxB50F uid xxxxxxxx <xxxxxxxx@foxmail.com> sub rsa3072 2021-12-06 [E] [Effective until: 2023-12-06]
Once the secret key is generated, you need to upload the public key to the public server for sonatype verification.
There are three addresses you can use in the Official Web Tutorial:
- keyserver.ubuntu.com
- keys.openpgp.org
- pgp.mit.edu
I upload according to the method given by the official website:
➜ ~ gpg --keyserver pgp.mit.edu:11371 --send-keys 8BD96B0EA18E5162B94EA7F754EC3C8FA3A5B50F gpg: Sending key 54 EC3C8FA3A5B50F reach pgp.mit.edu:11371 gpg: Send to public key server failed: end of file gpg: Send to public key server failed: end of file ➜ ~ gpg --keyserver keyserver.ubuntu.com --send-keys 8BD96B0EA18E5162B94EA7F754EC3C8FA3A5B50F gpg: Sending key 54 EC3C8FA3A5B50F reach hkp://keyserver.ubuntu.com gpg: Sending to public key server failed: Network is unreachable gpg: Sending to public key server failed: Network is unreachable ➜ ~ gpg --keyserver pgp.mit.edu:11371 --send-keys 54EC3C8FA3A5B50F gpg: Sending key 54 EC3C8FA3A5B50F reach pgp.mit.edu:11371 gpg: Send to public key server failed: end of file gpg: Send to public key server failed: end of file
However, there was a mistake. I tried various online tutorials repeatedly and still made a mistake. I thought it was a problem with my network, or that the servers were not working anymore. I searched them all over again and made a lot of trouble overnight.
Just when I was about to crash, I didn't realize that gunpg still had an app to open, that is, a GUI interface, so I went in and looked at it, then right-clicked on my secret key with the option of uploading the server:
It was so successful that I was speechless, brothers.
Configure pom.xml and setting.xml
Third, you need to configure your POM according to the tutorial on the official website. XML and setting.xml file. As you can see, I am very tired here. Instead of demonstrating step by step like the Official Web Tutorial, I will summarize the configurations you need to add to your success.
First, set. Xml.
You need to add a profile:
<profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>yzdbwj1993</gpg.passphrase> </properties> </profile> </profiles>
You also need a server with your ossrh account password:
<servers> <server> <id>ossrh</id> <username>Your account registered above</username> <password>Your password registered above</password> </server> </servers> </settings>
Setting. The XML is configured and your project's POM follows. Xml.
First, you need to state a lot of plugin s and a snapshotRepository, and I've posted everything here.
<distributionManagement> <!-- Statement packaged to Maven Public warehouse --> <snapshotRepository> <id>ossrh</id> <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> </distributionManagement> <build> <plugins> <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>1.6.7</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>2.2.1</version> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar-no-fork</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>2.9.1</version> <configuration> <javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable> </configuration> <executions> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.5</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> </build>
Note that once the plugin maven-javadoc-plugin is added, it is best to add one that is not mentioned in the official tutorial as above:
<configuration> <javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable> </configuration>
Otherwise you may fail to compile, prompting that your JAVA_cannot be found HOME environment variables, like the following:
MavenReportException: Error while creating archive: Unable to find javadoc command: The environment variable JAVA_HOME is not correctly set.
After that, you can add some personal information about yourself:
<licenses> <license> <name>The Apache Software License, Version 2.0</name> <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <distribution>actable</distribution> </license> </licenses> <developers> <developer> <name>xxxxxxxxx Yang</name> <email>xxxxxxxxx@foxmail.com</email> <organization>xxxxxxxxxx</organization> </developer> </developers> <scm> <tag>master</tag> <url>git@github.com:qqxx6661/logRecord.git</url> <connection>git@github.com:qqxx6661/logRecord.git</connection> <developerConnection>git@github.com:qqxx6661/logRecord.git</developerConnection> </scm>
Official Packaging Release
Finally, everything is ready, and you can do one of the most sacred commands
mvn clean deploy
The upload succeeded immediately
Your order will also update a message at this time:
Central sync is activated for cn.monitor4all. After you successfully release, your component will be available to the public on Central https://repo1.maven.org/maven2/, typically within 30 minutes, though updates to https://search.maven.org can take up to four hours.
Your Jar bag will be ready to be pulled in about 30 minutes.
The following image is a successful screenshot.
Postnote
Don't know if you're having trouble reading the article? Actually, I look at the written text once and feel the steps are quite simple. But when I was not able to do it before, I still felt brutal and painful.
I hope that the detour I take will help you avoid the pit and finish uploading your project faster.
I am currently an engineer carrying bricks in Ali.
Continuous creation can't be done without your approval and forward sharing!