How to deploy your first dependency to Maven Central

Published: 2019-08-04, Updated: 2019-11-30

The more complete and objective guide of how to easily deploy your first dependency to Maven Central.

Summary

Create your account and project

The first thing you have to is to create a SonaType Account, then create a ticket requesting for you project creation (groupId reservation) you will need to prove the domain authority. The project creation is made only one time per project, then you can deploy how many dependencies you want to this groupId programatically.

Create the account

The account is simple to be created, just fill the required fields and enjoy. Click here to create SonaType Account. Just remember to keep the credentials safe, this information will be necessary many times to deploy the dependencies.

Create the project ticket

Click here to open project ticket. If you need, here a example ticket of project creation request. The ticket lifecycle is:

Setup your maven/gradle project to can be deployed to maven central

At this step you need to configure your buld.gradle or pom.xml to be able to deploy his package to maven central. In this article I will cover gradle, anyway you can see another samples at sonatype offical page.

Bellow, the build.gradle sample, if you want you can see a production working sample. Be sure that you have replaced the follow properties:

apply plugin: 'java'
apply plugin: 'maven'
apply plugin: 'signing'

sourceCompatibility = 1.5

group 'com.mageddo'
archivesBaseName = 'spring-profile'
version '1.0.0'

repositories {
	mavenCentral()
}

task javadocJar(type: Jar) {
	classifier = 'javadoc'
	from javadoc
}

task sourcesJar(type: Jar) {
	classifier = 'sources'
	from sourceSets.main.allSource
}

artifacts {
	archives javadocJar, sourcesJar
}

signing {
	sign configurations.archives
}

uploadArchives {
	repositories {
		mavenDeployer {
			beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }

			repository(url: "https://oss.sonatype.org/service/local/staging/deploy/maven2/") {
				authentication(userName: ossrhUsername, password: ossrhPassword)
			}

			snapshotRepository(url: "https://oss.sonatype.org/content/repositories/snapshots/") {
				authentication(userName: ossrhUsername, password: ossrhPassword)
			}

			pom.project {
				name 'Spring Profile Env'
				packaging 'jar'
				description 'Use Spring Env Profile without spring boot, only using spring core'
				url 'https://github.com/mageddo/spring-projects/tree/master/spring-profile'
				licenses {
					license {
						name 'The Apache License, Version 2.0'
						url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
					}
				}

				developers {
					developer {
						id 'mageddo'
						name 'Elvis Souza'
						email 'edigitalb@gmail.com'
					}
				}
			}
		}
	}
}

Setup the encryption key

This step is necessary because Sonatype requires that the files have integrity garantee and to ensure it they use GPG.

First we need to generate a gpg key

$ gpg --gen-key

Just type your information with attention to email (the same of Sonatype) and password (you don't want to forget it)

The output will be something like

gpg: /home/elvis/.gnupg/trustdb.gpg: trustdb created
gpg: key 1494871E marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/1494871E 2017-08-19
      Key fingerprint = F8E6 AC34 106A 0E8B 3053  AA08 51E3 614C 1494 871E
uid                  Elvis de Freitas Souza <edigitalb@gmail.com>
sub   2048R/0DAA2059 2017-08-19

Only 1494871E and /home/elvis/.gnupg/ are important for us.

Compability with gpg 2

If you are running gpg 2 you will to run the follow command

gpg --export-secret-keys > ~/.gnupg/secring.gpg

You will ned the 4 byte key, so the key provided before won't work for you if you're using gpg2, to get your 4 byte key

$ gpg --list-keys --keyid-format 0xSHORT | grep -Eo 0x[A-Z0-9]+ | head -n1
0x1494871E

Send your key to the server

$ gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 1494871E

it can take some hours to replicate, if you are hurry and want to force the process you can try to send to a specific server like below

$ gpg --keyserver hkp://keyserver-02.2ndquadrant.com --send-keys 1494871E

Setup your credentials

Okay, this is the last environment configuration step (are all this steps really necessary?), you need to set the login and gpg credentials to can authenticate and deploy the application, at gradle this look like:

~/.gradle/gradle.properties

signing.keyId=1494871E
signing.password=123 # your gpg encryption password
signing.secretKeyRingFile=/home/elvis/.gnupg/secring.gpg
ossrhUsername=mageddo
ossrhPassword=123 # your jira password

Deploy your project

Sonatype requires that firstly you deploy the archives to stage, then promote it as release, so let's deploy our new dependency

$ ./gradlew uploadArchives
> Configure project :spring-profile
true

Could not find metadata com.mageddo:spring-profile/maven-metadata.xml in remote (https://oss.sonatype.org/service/local/staging/deploy/maven2/)

BUILD SUCCESSFUL in 29s
6 actionable tasks: 1 executed, 5 up-to-date

Okay now it must be in sonatype stage env, let's check it at nexus repository manager.

Now you are done, your dependency must be available in maven central, try to make a build or search your dependency in search maven it take some hours (1-2) to be indexed at search maven and take some days (1-2) to get indexed in mvnrepository

I hope that this article help you to deploy your dependency to maven central, please let your suggestion or issue when you have tried to do this. Thanks.

Reference


Tooltips customizados com Tooltipster Programmer Utils

Comments