Contents hide
1 Overview
2 First you need to have a Github Repo
3 Update pom.xml
4 Create a Sonatype Jira account and create an issue
5 Update the Jira server details in Maven settings
6 Install GnuPg and sign
7 Add gpg passphrase in Maven settings
8 Maven Deploy
9 Conculsion
10 Reference:

Overview

The simple post is aimed to jot down the steps I have taken to publish a library to Maven Central. Here I am publishing a simple library for merging two yaml files

First you need to have a Github Repo

I used my Yaml-Merge application Github repo.

https://github.com/LogicalSapien/yaml-merge.git

Add your code to the repo.

Update pom.xml

Make sure pom.xml has necessary details such as :

  • GroupId
  • ArtifactId
  • Version
  • Packaging
  • Name
  • Description
  • Url
  • Licence
  • Developer Info
  • Scm Url
  • Distribution management info
  • Necessary Build plugins that includes source, javadoc, gpg, nexus staging..

A sample pom.xml can be found here

Create a Sonatype Jira account and create an issue

Signup here: https://issues.sonatype.org/secure/CreateIssue!default.jspa

Then create an open source project. Eg: https://issues.sonatype.org/browse/OSSRH-61994

You might need to verify the ownership of your domain name (which is reverse of your GroupId). Then wait for the status to be RESOLVED

Update the Jira server details in Maven settings

Add a server in settings.xml in maven. This can be found in .m2 folder or your maven installation folder.

<servers>
      <server>
        <id>ossrh</id>
        <username>{jira-user-id}</username>
        <password>{jira-password}</password>
      </server>
</servers>

Install GnuPg and sign

Download and Install GnuPg

# gpg --version
gpg (GnuPG) 2.2.23

Generate key, enter a passphrase when prompted:

# gpg --full-gen-key
gpg (GnuPG) 2.2.23; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keybox 'C:/Users/Owner/AppData/Roaming/gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
  (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)
Requested keysize is 3072 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Elmo Yeldo
Email address: contact@logicalsapien.com
Comment:
You selected this USER-ID:
    "Elmo Yeldo <contact@logicalsapien.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: AllowSetForegroundWindow(10324) failed: Access is denied.
gpg: AllowSetForegroundWindow(13136) failed: Access is denied.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: C:/Users/Owner/AppData/Roaming/gnupg/trustdb.gpg: trustdb created
gpg: key C4E3A77EFF3B47FF marked as ultimately trusted
gpg: directory 'C:/Users/Owner/AppData/Roaming/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as 'C:/Users/Owner/AppData/Roaming/gnupg/openpgp-revocs.d\FC361B95D84933206D52C37AC4E3A77EFF3B47FF.rev'
public and secret key created and signed.

pub   rsa3072 2020-11-13 [SC]
      FC361B95D84933206D52C37AC4E3A77EFF3B47FF
uid                      Elmo Yeldo <contact@logicalsapien.com>
sub   rsa3072 2020-11-13 [E]

Publish the key:

#gpg --keyserver hkp://pool.sks-keyservers.net --send-key FC361B95D84933206D52C37AC4E3A77EFF3B47FF
gpg: sending key C4E3A77EFF3B47FF to hkp://pool.sks-keyservers.net

Add gpg passphrase in Maven settings

Under profile, add the gpg profile:

<profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <gpg.executable>gpg</gpg.executable>
        <gpg.passphrase>{Passphrase}</gpg.passphrase>
      </properties>
</profile>

Maven Deploy

Run the commands for maven deployment

mvn clean deploy

During the deployment, it might ask to enter the gpg passphrase.

If all goes well, you’ll get a message like:

Created staging repository with ID "comlogicalsapiendataformat-1000".

and a BUILD SUCESS message.

You can login to https://oss.sonatype.org  and click on Staging Repositories on left to see the library

Once everything is okay, you can move to release with this coommand:

mvn nexus-staging:release

It might take sometime to get it available in Maven Central repo

Conculsion

You can add it to your project pom as :

<dependency>
            <groupId>com.logicalsapien.dataformat</groupId>
            <artifactId>yaml-merge</artifactId>
            <version>1.0.0</version>
</dependency>

Reference:

https://maven.apache.org/repository/guide-central-repository-upload.html