1. 环境准备
1.1 申请权限
1.1.1 注册账号
Sign up for Jira - Sonatype JIRA
1.1.2 新建问题(jira)
- 问题类型:
New Project
- 概要:随便填
- Group Id:项目 pom 文件中的 group id
- 官方帮助文档:Choosing your Coordinates - The Central Repository Documentation (sonatype.org)
- 如果使用自己的域名,例如
ordinaryroad.tech,则可以填tech.ordinaryroad,新建成功后需要添加一条内容为该问题的 jira 号的 TXT 解析记录例如OSSRH-XXXXXXX,用于证明域名的所有权 - 通过后可以发布子域名的包,例如项目 group id 为
tech.ordinaryroad.bilibili.live,就不需要再次提交申请了
- Project URL:项目网站地址
- SCM url:源码版本控制地址
1.1.3 新建成功后等待结果即可
注意时区差异,我晚上申请的,10 来分钟就通过了
拒绝后会留言告诉你问题,往下翻可以看到活动日志,不需要重新创建 jira,改正后重新开启 jira 即可
1.2 安装配置 gpg
签名工具,确保文件未被篡改
参考:Working with PGP Signatures - The Central Repository Documentation (sonatype.org)
1.2.1 安装
下载地址:GnuPG - Download
mac 可以使用 homebrew 安装 brew install gnupg
安装后使用 gpg --version 验证
$ gpg --version gpg (GnuPG) 2.4.1 libgcrypt 1.10.2 Copyright (C) 2023 g10 Code GmbH License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/mylocaluser/.gnupg 支持的算法: 公钥: RSA, ELG, DSA, ECDH, ECDSA, EDDSA 密文: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 散列: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 压缩: 不压缩, ZIP, ZLIB, BZIP2
1.2.2 生成密钥对
$ gpg --gen-key gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: Central Repo Test Email address: central@example.com You selected this USER-ID: "Central Repo Test <central@example.com>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: key 8190C4130ABA0F98 marked as ultimately trusted gpg: revocation certificate stored as '/home/mylocaluser/.gnupg/openpgp-revocs.d/CA925CD6C9E8D064FF05B4728190C4130ABA0F98.rev' public and secret key created and signed. pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23] CA925CD6C9E8D064FF05B4728190C4130ABA0F98 uid Central Repo Test <central@example.com> sub rsa3072 2021-06-23 [E] [expires: 2023-06-23]
1.2.3 查看密钥对
CA925CD6C9E8D064FF05B4728190C4130ABA0F98 为 keyid
$ gpg --list-keys /home/mylocaluser/.gnupg/pubring.kbx --------------------------------- pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23] CA925CD6C9E8D064FF05B4728190C4130ABA0F98 uid [ultimate] Central Repo Test <central@example.com> sub rsa3072 2021-06-23 [E] [expires: 2023-06-23]
如果有多个密钥对,则需要使用短 keyid(十六进制格式的 keyid)例如
0x3ABDEC12,配置在项目的maven-gpg-plugin插件里,用于指定所用密钥
$ gpg --list-signatures --keyid-format 0xshort /home/mylocaluser/.gnupg/pubring.kbx --------------------------------- pub rsa3072/0x3ABDEC12 2021-01-27 [SC] [expires: 2023-01-27] 74524542545300A398653AB5242798823ABDEC12 uid [ultimate] Other Name <otheremail@example.com> sig 3 0x3ABDEC12 2021-01-27 Other Name <alarconj@gmail.com> sub rsa3072 2021-01-27 [E] [expires: 2023-01-27] sig 0x3ABDEC12 2021-01-27 Julian Alarcon <alarconj@gmail.com> pub rsa3072/0x0ABA0F98 2021-06-23 [SC] [expires: 2022-03-21] CA925CD6C9E8D064FF05B4728190C4130ABA0F98 uid [ultimate] Central Repo Test <central@example.com> sig 3 0x0ABA0F98 2021-06-24 Central Repo Test <central@example.com> sub rsa3072/0x7C17C93B 2021-06-23 [E] [expires: 2023-06-23] sig 0x0ABA0F98 2021-06-23 Central Repo Test <central@example.com>
1.2.4 分发公钥
分发到公共服务器,使得他人能够验证文件的完整性,CA925CD6C9E8D064FF05B4728190C4130ABA0F98 为 keyid
gpg --keyserver keyserver.ubuntu.com --send-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98
可以发布到多个服务器
gpg --keyserver keys.openpgp.org --send-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98 gpg --keyserver pgp.mit.edu --send-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98
2. 更新配置
2.1 更新 Maven 配置 settings.xml
2.1.1 添加 ossrh 的 server
<settings> <servers> ... <!-- https://central.sonatype.org/publish/publish-maven/ --> <!-- ossrh --> <server> <id>ossrh</id> <username>${jira用户名}</username> <password>${jira密码}</password> </server> ... </servers> </settings>
2.1.2 添加 profile
<settings> ... <!-- ossrh-start --> <!-- https://central.sonatype.org/publish/publish-maven/#gpg-signed-components --> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- 根据安装情况设置:gpg2/gpg --> <gpg.executable>gpg</gpg.executable> <gpg.passphrase>${生成密钥时填的密码}</gpg.passphrase> <maven-source-plugin.version>3.2.1</maven-source-plugin.version> <maven-javadoc-plugin.version>3.5.0</maven-javadoc-plugin.version> <maven-gpg-plugin.version>3.1.0</maven-gpg-plugin.version> <nexus-staging-maven-plugin.version>1.6.13</nexus-staging-maven-plugin.version> <gpg.keyname>${短keyid}</gpg.keyname> </properties> </profile> <!-- 禁用注释检查 --> <profile> <id>disable-javadoc-doclint</id> <activation> <jdk>[1.8,)</jdk> </activation> <properties> <javadoc.opts>-Xdoclint:none</javadoc.opts> </properties> </profile> <!-- 自动发包 --> <profile> <id>ossrh-release-auto</id> <properties> <auto-release-after-close>true</auto-release-after-close> </properties> </profile> <profile> <id>ossrh-release-manually</id> <properties> <auto-release-after-close>false</auto-release-after-close> </properties> </profile> <!-- ossrh-end --> </profiles> ... </settings>
2.2 更新项目配置 pom.xml
2.2.1 添加 meta 配置
<project> ... <name>ordinaryroad-bilibili-live</name> <description>使用Netty来连接B站直播间的弹幕信息流Websocket接口</description> <url>https://github.com/1962247851/ordinaryroad-bilibili-live</url> <licenses> <license> <name>The MIT License</name> <url>https://opensource.org/license/mit/</url> <distribution>repo</distribution> </license> </licenses> <scm> <url>https://github.com/1962247851/ordinaryroad-bilibili-live</url> <connection>scm:git:https://github.com/1962247851/ordinaryroad-bilibili-live.git</connection> <developerConnection>scm:git:https://github.com/1962247851/ordinaryroad-bilibili-live</developerConnection> </scm> <developers> <developer> <name>OrdinaryRoad</name> <email>or-mjz@qq.com</email> <url>https://github.com/1962247851</url> <timezone>UTC+08:00</timezone> </developer> </developers> ... </project>
2.2.2 添加插件配置
<project> <build> <plugins> ... <!-- 发包相关插件-start --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>${maven-source-plugin.version}</version> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar-no-fork</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>${maven-javadoc-plugin.version}</version> <configuration> <encoding>UTF-8</encoding> <charset>UTF-8</charset> <docencoding>UTF-8</docencoding> </configuration> <executions> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> <configuration> <additionalJOption>${javadoc.opts}</additionalJOption> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>${maven-gpg-plugin.version}</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> <configuration> <keyname>${gpg.keyname}</keyname> <passphraseServerId>${gpg.keyname}</passphraseServerId> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>${nexus-staging-maven-plugin.version}</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>${auto-release-after-close}</autoReleaseAfterClose> </configuration> </plugin> <!-- 发包相关插件-end --> </plugins> </build> </project>
3. 发包
mvn deploy发包前最好先mvn clean一次,或者用mvn clean deploy- 可以用注册的 jira 账户登录 Nexus Repository Manager (sonatype.org),来管理暂存的包,或搜索发布的包,如果 deploy 后自动发布,release 成功后会自动 drop 掉暂存的包
- 更多发包插件
nexus-staging-maven-plugin的配置介绍 Configuring Your Project for Deployment (sonatype.com)
3.1 deploy 时自动发布
ide 中找到 Maven 的 Profiles 选项,选中 ossrh-release-auto,相当于 mvn xxx -P ossrh-release-auto
效果与将 nexus-staging-maven-plugin 的 autoReleaseAfterClose 设置为 true 一样
... <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>${nexus-staging-maven-plugin.version}</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin> ...
在控制台或者 ide 执行 mvn clean deploy 后等待即可,发布成功后 jira 问题中会添加一条评论
mvn clean deploy
3.2 deploy 后手动发布
相当于将 nexus-staging-maven-plugin 的 autoReleaseAfterClose 设置为 false
... <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>${nexus-staging-maven-plugin.version}</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>false</autoReleaseAfterClose> </configuration> </plugin> ...
成功后只是暂存了,需要手动选择发布还是取消发布
- 控制台方式
确定发布
mvn nexus-staging:release
取消发布
mvn nexus-staging:drop
- 网页方式
登录 Nexus Repository Manager (sonatype.org),选择相应的 Repository 进行 release 或者 drop 操作即可
4. 其他项目引用
刚发布 Maven Central - Search (sonatype.com)可能还搜不出来,可以先在这里面搜索使用
4.1 引入快照 SNAPSHOT
<repositories> <repository> <id>ossrh-SNAPSHOT</id> <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories>
相关链接
- Sign up for Jira - Sonatype JIRA
- GnuPG - Download
- Working with PGP Signatures - The Central Repository Documentation (sonatype.org)
- Configuring Your Project for Deployment (sonatype.com)
- Nexus Repository Manager (sonatype.org)
- Maven Central - Search (sonatype.com)
2024 年发包流程更新
- 迁移账号,添加并验证 namespace
- 更新账号凭证
- 更新发包插件
<build> <plugins> <plugin> <groupId>org.sonatype.central</groupId> <artifactId>central-publishing-maven-plugin</artifactId> <version>0.6.0</version> <extensions>true</extensions> <configuration> <publishingServerId>central</publishingServerId> <autoPublish>true</autoPublish> </configuration> </plugin> <plugins> </build>
mvn clean deploy
