Deploy to Maven Central Repository

Author, Lubos Krnac

Author, Lubos Krnac

Do you need to make your Java library publicly accessible? Is your project hosted on GitHub? Do you like idea of “all-in-one deploy to Maven Central Repository” button? I am going to show how to set it up with usage of maven-release-plugin. Source code is hosted on GitHub, so SSH access to source control will be also described.

There are various steps needed to set up environment for your project. I followed a lot of steps from official Sonatype guide, therefore I will refer to it when needed. But this guide also describes a lot of techniques that are not needed for configuring a “deploy to Maven Central repository” button.

Consideration

My first approach was to create a Jenkins job that would represent the “Deploy to Maven Central” button. This idea is much cleaner for me  than pushing from my development machine. I tried hard but couldn’t make Jenkins SSH Agent plugin register my SSH identity when the maven-release-plugin is pushing a version update to GitHub. Therefore, I created a very simple Linux Bash script that involves two steps.

1. Create Sonatype JIRA ticket for registration of your groupId

Sonatype drives one of the biggest Nexus repositories. It is needed to deploy Java artifacts before it can be synced into the Maven Central repository. In order to release the Java library into a Sonatype Nexus repository, a  JIRA ticket is needed to create your user account and setup permissions to publish your own projects. The Sonatype guide includes description on how to create it.

Pick up the Maven groupId reflecting your top level domain. It is typically the same as the main Java package (e.g. com.google, not com.google.guava). This is because you don’t want to create a JIRA ticket for each project/library under your domain/main package/groupId.  Here is more reading about Java package naming conventions.

This step is only necessary a first. Once your account is set up, you can do as many releases and deployments of different projects under that groupId as you want.

2. Configure your pom.xml

In the past a parent pom was the suggested use case. However the single inheritance of Maven project caused issues for many users and it is now best practice to manage all configuration in your own pom.

Luckily this setup is well documented and can easily be added to your project pom or for reuse across multiple projects to your organization pom.

3. Configure GPG signing of Maven artifact

This is needed because of security policy of Maven Central repository. Include various sub-steps:

  • Installing GnuPG tool
  • Generate a key pair
  • Distribute your public key
  • Set up signing of artifact in settings.xml (your local repository configuration).

Working with GPG is documented in more detail in the Central Repository documentation as well.

<profiles>
  <profile>
    <id>ossrh</id>
    <properties>
      <gpg.keyname>F21879F3</gpg.keyname>
      <gpg.passphrase>*********</gpg.passphrase>
      <gpg.defaultKeyring>false</gpg.defaultKeyring>
      <gpg.useagent>true</gpg.useagent>
      <gpg.lockMode>never</gpg.lockMode>
      <gpg.homedir>/home/lkrnac/.gnupg</gpg.homedir>
      <gpg.publicKeyring>/home/lkrnac/.gnupg/pubring.gpg</gpg.publicKeyring>
      <gpg.secretKeyring>/home/lkrnac/.gnupg/secring.gpg</gpg.secretKeyring>
    </properties>
  </profile>
</profiles>
F21879F3 is my public GPG key ID. gpg –list-keys command would list it for you. Passphase is password for your private GPG key. .gnupg folder is typically generated in your home directory.

4. Set up your credentials for Sonatype Nexus repository

Needed for push to Sonatype Nexus repository. Same as Sonatype JIRA credentials. Again in settings.xml:

<servers>
  <server>
    <id>ossrh</id>
    <username>lkrnac</username>
    <password>*************</password>
  </server>
</servers>

5. Fill pom.xml mandatory sections

6. Set up SSH access to GitHub

Follow these sub-steps:

7. Create “Deploy to Maven Central” button

Maven-release-plugin needs to push/check-in version update to source control system and tag the revision. In my case the code is hosted on GitHub. Therefore I need to register my SSH identity (generated in previous step) before invoking maven-release-plugin’s goals. This is done by bash script maven-central-deploy.sh located alongside pom.xml:

!/bin/bash
# Deploy maven artefact in current directory into Maven central repository
# using maven-release-plugin goals
read -p "Really deploy to maven central repository  (yes/no)? "
if ( [ "$REPLY" == "yes" ] ) then
  ssh-add ~/.ssh/lubos.krnac
  ssh-add -l
  mvn release:clean release:prepare release:perform -B -e | tee maven-central-deploy.log
  ssh-add -D
else
  echo 'Exit without deploy'
fi

 

Make the script executable by: chmod +x maven-central-deploy.sh

 

 8. Push the “Deploy to Maven Central” button

Just run: ./maven-central-deploy.sh

confirm and enter SSH private key passphase if required.

9. Release artifact via Sonatype Nexus repository

When the artifact is pushed to Sonatype Nexus repository like this, you need to release it manually. You can also setup automatic releases with the usage of the Nexus Staging plugin. Finally you need to add comments to the Sonatype JIRA issue you created at the beginning and wait until somebody reviews your artifact and sets up the sync to Maven Central. Of course the JIRA part would need to be done only once.

Link

Example project configured this way is hosted on GitHub. (It’s tiny testing library).

The following two tabs change content below.

Lubos Krnac

I am a Java/JavaScript developer. My religion is to constantly improve my development skills according to best practices. I strongly believe that TDD drives better design and nicely decoupled code. Past experience includes C++, Assembler and C#. You can find my blog at http://lkrnac.net/ .

Latest posts by Lubos Krnac (see all)

Authors

Related posts

2 Comments

  1. Stefan said:

    Hi! Thanks for this article but I don’t quite get the first step. How exactly does one have to create such a ticket?

  2. Ram said:

    Hi,

    Thank you so much for the wonderful article. I have successfully deployed a snapshot.
    Just now, I have deployed a release of my 0.0.1 version, How do I get it to sync with maven central so that when somebody includes the dependency, they get the jar file I uploaded.

    Thanks

*

Top