發佈Jar到maven中央倉庫

帳號註冊

首先咱們要先註冊sonatype帳號,訪問地址sonatype輸入必須的內容就能夠成功註冊一個帳號,不過對密碼就有一些特殊的安全要求,正確註冊就能夠了。html

sonatype工單

新建工單

點擊新建按鈕,項目選擇open的那個,問題類型選擇new project,概要,描述隨便寫就ok了
新建工單
新建完成後以下圖:
完整工單java

添加txt記錄

如上邊的圖所示,它爲了驗證你是域名的全部者,會讓你去解析一條txt記錄。兩種方案選一種就能夠了,我這裏選擇的是添加一條txt的記錄,以下圖所示,我這裏是不清楚規則,提交了兩個工單,因此添加了兩條記錄,最後其中一個工單被認爲是重複提交,已關閉。其中記錄值填寫你的工單地址,下圖中框住的部分,主機記錄就是jira tiket.
txt解析
這裏txt解析的值來源就是你的問題url,以下:
txt值
解析完後就能夠再等待審覈了,個人大概是凌晨3點進行的審覈,經過之後會有郵件通知,工單下邊也有評論,此時咱們就能夠準備發佈咱們的jar包了。git

com.iminling has been prepared, now user(s) yslao can:
Publish snapshot and release artifacts to https://oss.sonatype.org
Have a look at this section of our official guide for deployment instructions:
https://central.sonatype.org/pages/ossrh-guide.html#deployment

Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central.
Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide:
https://central.sonatype.org/pages/releasing-the-deployment.html

發佈準備

gpg安裝

mac安裝gpg

這裏利用brew進行安裝github

brew install gpg

windows安裝gpg

windows安裝了git客戶端就自帶了這個功能redis

查看gpg版本

有些安裝成功後是gpg,有些是gpg2,因此根據本身的狀況進行查看shell

$ gpg --version
gpg (GnuPG) 2.2.13-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /c/Users/kongh/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

# 或者使用gpg2,就看本身的電腦上哪一個命令能夠運行.

生成key

mac生成

$ gpg --gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

注意:使用 「gpg --full-generate-key」 以得到一個功能完整的密鑰產生對話框。

GnuPG 須要構建用戶標識以辨認您的密鑰。

真實姓名: yslao
電子郵件地址: yslao@outlook.com
您選定了此用戶標識:
    「yslao <yslao@outlook.com>」

更改姓名(N)、註釋(C)、電子郵件地址(E)或肯定(O)/退出(Q)? O
咱們須要生成大量的隨機字節。在質數生成期間作些其餘操做(敲打鍵盤
、移動鼠標、讀寫硬盤之類的)將會是一個不錯的主意;這會讓隨機數
發生器有更好的機會得到足夠的熵。
咱們須要生成大量的隨機字節。在質數生成期間作些其餘操做(敲打鍵盤
、移動鼠標、讀寫硬盤之類的)將會是一個不錯的主意;這會讓隨機數
發生器有更好的機會得到足夠的熵。
gpg: /Users/konghang/.gnupg/trustdb.gpg:創建了信任度數據庫
gpg: 密鑰 84040E735F931A32 被標記爲絕對信任
gpg: 目錄‘/Users/konghang/.gnupg/openpgp-revocs.d’已建立
gpg: 吊銷證書已被存儲爲‘/Users/konghang/.gnupg/openpgp-revocs.d/DD1E1B8213D07DA46FC3F2B684040E735F931A32.rev’
公鑰和私鑰已經生成並被簽名。

pub   rsa3072 2021-02-20 [SC] [有效至:2023-02-20]
      DD1E1B8213A07DA46FC3F2B684040E735F931A32
uid                      yslao <yslao@outlook.com>
sub   rsa3072 2021-02-20 [E] [有效至:2023-02-20]

期間會讓輸入密碼,請牢記次密碼,發佈jar的時候要用到。以下圖所示:
密碼數據庫

windos生成

基本和mac差很少,也請牢記住密碼。apache

$ gpg --gen-key
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/c/Users/kongh/.gnupg' created
gpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: yslao
Email address: yslao@outlook.com
You selected this USER-ID:
    "yslao <yslao@outlook.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb created
gpg: key 7204BFB944405DA7 marked as ultimately trusted
gpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev'
public and secret key created and signed.

pub   rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
      C87B0403E54CB05D431E5C1A7204BFB944405DA7
uid                      yslao <yslao@outlook.com>
sub   rsa2048 2021-02-20 [E] [expires: 2023-02-20]

key操做

查看key

$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-02-20
/c/Users/kongh/.gnupg/pubring.kbx
---------------------------------
pub   rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
      C87B0403E54CD05D431E5C1A7204BFB944405DA7
uid           [ultimate] yslao <yslao@outlook.com>
sub   rsa2048 2021-02-20 [E] [expires: 2023-02-20]

發佈public key

# 命令格式:gpg --keyserver [key的服務器](這個有不少,隨便找一個就好了) --send-keys [key] key就是查看key操做中pub對應的那串字符串
$ gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys C87B0403E54CD05D431E5C1A7204BFB944405DA7
gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371

處理過時key(沒有試驗過,僅記錄)

# 先用list-keys列出key列表
gpg --list-keys
# 編輯某個key
$ gpg --edit-key C87B0403E54AB05D431E5C1A7204BFB944405DA7
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/7204BFB944405DA7
     created: 2021-02-20  expires: 2023-02-20  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/B9A87F6417B16CA8
     created: 2021-02-20  expires: 2023-02-20  usage: E
[ultimate] (1). yslao <yslao@outlook.com>
# 選擇須要修改的id
gpg> 1

sec  rsa2048/7204BFB944405DA7
     created: 2021-02-20  expires: 2023-02-20  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/B9A87F6417B16CA8
     created: 2021-02-20  expires: 2023-02-20  usage: E
[ultimate] (1)* yslao <yslao@outlook.com>
# 輸入expire設置過時時間
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
# 輸入 10m 表明10個月, 而後回車
10m
# 輸入save進行保存,延長有效期
gpg> save

pom.xml和setting.xml修改

Distribution 管理

修改pom.xml, 添加如下代碼ubuntu

<!--父級是project-->
<distributionManagement>
    <snapshotRepository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/content/repositories/snapshots</url>
    </snapshotRepository>
    <repository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
</distributionManagement>

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <version>1.6.7</version>
      <extensions>true</extensions>
      <configuration>
        <serverId>ossrh</serverId>
        <nexusUrl>https://oss.sonatype.org/</nexusUrl>
        <autoReleaseAfterClose>true</autoReleaseAfterClose>
      </configuration>
    </plugin>
  </plugins>
</build>

認證配置

setting.xml中添加認證信息,此處的id要和pom文件中的distributionManagementsnapshotRepositoryrepository的id保持一致.windows

<settings>
  <servers>
    <server>
      <id>ossrh</id>
      <!-- username就是註冊sonatype時的username -->
      <username>your-jira-id</username>
      <!-- password就是註冊sonatype時的password -->
      <password>your-jira-pwd</password>
    </server>
  </servers>
</settings>

javadoc和源代碼管理

在pom.xml中添加配置以下

<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-source-plugin</artifactId>
      <version>2.2.1</version>
      <executions>
        <execution>
          <id>attach-sources</id>
          <goals>
            <goal>jar-no-fork</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-javadoc-plugin</artifactId>
      <version>2.9.1</version>
      <executions>
        <execution>
          <id>attach-javadocs</id>
          <goals>
            <goal>jar</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>

gpg簽名組件配置

在pom中添加gpg插件

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.5</version>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
</plugin>

在setting.xml中添加gpg profile配置,gpg.executable屬性要根據本身的電腦環境進行添加.

<settings>
  <profiles>
    <profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <!--這裏根據實際狀況填寫gpg或gpg2,看本身的環境能使用哪一個命令-->
        <gpg.executable>gpg2</gpg.executable>
        <!--passphrase就是咱們在gpg安裝生成key的時候設置的-->
        <gpg.passphrase>the_pass_phrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
</settings>

Nexus Staging Maven插件,用於部署和發佈

在pom.xml中添加如下內容

<plugin>
  <groupId>org.sonatype.plugins</groupId>
  <artifactId>nexus-staging-maven-plugin</artifactId>
  <version>1.6.7</version>
  <extensions>true</extensions>
  <configuration>
     <serverId>ossrh</serverId>
     <nexusUrl>https://oss.sonatype.org/</nexusUrl>
     <autoReleaseAfterClose>true</autoReleaseAfterClose>
  </configuration>
</plugin>

發佈

全部的發佈操做確保gpg命令是能夠用的,在windows下進行發佈必定要注意是在git bash客戶端中進行,以確保gpg能夠使用.以及發佈過程當中可能會讓你再次輸入gpg的密碼,這裏須要注意一下。

快照版本

項目的版本若是是以-SNAPSHOT結尾的,就會發布到快照倉庫,以下:

D:\project\idea\base-iminling-parent>mvn clean deploy
INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0-SNAPSHOT
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0-SNAPSHOT
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0-SNAPSHOT\base-iminling-parent-1.0.0-S
NAPSHOT.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.03
4207-1.pom
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034
207-1.pom (14 kB at 4.8 kB/s)
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml (609 B at 263 B/s)
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 15.105 s
[INFO] Finished at: 2021-05-20T11:42:18+08:00
[INFO] ------------------------------------------------------------------------

release版本

項目的版本不是以-SNAPSHOT結尾的,就會發布到release倉庫,以下:

D:\project\idea\base-iminling-parent>mvn clean deploy
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0\base-iminling-parent-1.0.0.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom (14 kB at 59
7 B/s)
Downloading from ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 32.049 s
[INFO] Finished at: 2021-02-20T14:11:23+08:00
[INFO] ------------------------------------------------------------------------

遇到的問題

在mac上進行發佈的時候遇到下邊問題:

[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ base-iminling-parent ---
gpg: 簽名時失敗: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 17.069 s
[INFO] Finished at: 2021-02-21T09:36:03+08:00
[INFO] ------------------------------------------------------------------------

上網查詢後,緣由是 gpg 在當前終端沒法彈出密碼輸入頁面。

解決辦法很簡單:

export GPG_TTY=$(tty)

從新執行,發現會彈出一個密碼輸入界面。

發佈後續

發佈後咱們還須要在sonatype中問題下方進行評論,來激活同步到maven中心倉庫.
激活

版本引用

release

正常引入座標就能夠引用

snapshot

<!--定義snapshots庫的地址-->
<repositories>
    <repository>
        <id>sonatype-snapshots</id>
        <name>sonatype-snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
    </repository>
</repositories>
<!--經測試,不要下邊的應該也是能夠的,留着作不時之需-->
<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>sonatype-snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>    
    </pluginRepository>
</pluginRepositories>

後續維護

查看官方文檔:https://oss.sonatype.org/#sta...

下邊放上個人兩個倉庫的地址,關於完整pom請查看倉庫裏的。

相關文章
相關標籤/搜索