发布Jar到maven中央仓库
帐号注册
首先咱们要先注册sonatype帐号,访问地址sonatype输入必须的内容就能够成功注册一个帐号,不过对密码就有一些特殊的安全要求,正确注册就能够了。html
sonatype工单
新建工单
点击新建按钮,项目选择open的那个,问题类型选择new project,概要,描述随便写就ok了
新建完成后以下图:java
添加txt记录
如上边的图所示,它为了验证你是域名的全部者,会让你去解析一条txt记录。两种方案选一种就能够了,我这里选择的是添加一条txt的记录,以下图所示,我这里是不清楚规则,提交了两个工单,因此添加了两条记录,最后其中一个工单被认为是重复提交,已关闭。其中记录值填写你的工单地址,下图中框住的部分,主机记录就是jira tiket.
这里txt解析的值来源就是你的问题url,以下:
解析完后就能够再等待审核了,个人大概是凌晨3点进行的审核,经过之后会有邮件通知,工单下边也有评论,此时咱们就能够准备发布咱们的jar包了。git
com.iminling has been prepared, now user(s) yslao can: Publish snapshot and release artifacts to https://oss.sonatype.org Have a look at this section of our official guide for deployment instructions: https://central.sonatype.org/pages/ossrh-guide.html#deployment Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central. Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide: https://central.sonatype.org/pages/releasing-the-deployment.html
发布准备
gpg安装
mac安装gpg
这里利用brew进行安装github
brew install gpg
windows安装gpg
windows安装了git客户端就自带了这个功能redis
查看gpg版本
有些安装成功后是gpg,有些是gpg2,因此根据本身的状况进行查看shell
$ gpg --version
gpg (GnuPG) 2.2.13-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /c/Users/kongh/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# 或者使用gpg2,就看本身的电脑上哪一个命令能够运行.
生成key
mac生成
$ gpg --gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
注意:使用 “gpg --full-generate-key” 以得到一个功能完整的密钥产生对话框。
GnuPG 须要构建用户标识以辨认您的密钥。
真实姓名: yslao
电子邮件地址: yslao@outlook.com
您选定了此用户标识:
“yslao <yslao@outlook.com>”
更改姓名(N)、注释(C)、电子邮件地址(E)或肯定(O)/退出(Q)? O
咱们须要生成大量的随机字节。在质数生成期间作些其余操做(敲打键盘
、移动鼠标、读写硬盘之类的)将会是一个不错的主意;这会让随机数
发生器有更好的机会得到足够的熵。
咱们须要生成大量的随机字节。在质数生成期间作些其余操做(敲打键盘
、移动鼠标、读写硬盘之类的)将会是一个不错的主意;这会让随机数
发生器有更好的机会得到足够的熵。
gpg: /Users/konghang/.gnupg/trustdb.gpg:创建了信任度数据库
gpg: 密钥 84040E735F931A32 被标记为绝对信任
gpg: 目录‘/Users/konghang/.gnupg/openpgp-revocs.d’已建立
gpg: 吊销证书已被存储为‘/Users/konghang/.gnupg/openpgp-revocs.d/DD1E1B8213D07DA46FC3F2B684040E735F931A32.rev’
公钥和私钥已经生成并被签名。
pub rsa3072 2021-02-20 [SC] [有效至:2023-02-20]
DD1E1B8213A07DA46FC3F2B684040E735F931A32
uid yslao <yslao@outlook.com>
sub rsa3072 2021-02-20 [E] [有效至:2023-02-20]
期间会让输入密码,请牢记次密码,发布jar的时候要用到。以下图所示:数据库
windos生成
基本和mac差很少,也请牢记住密码。apache
$ gpg --gen-key
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory '/c/Users/kongh/.gnupg' created
gpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: yslao
Email address: yslao@outlook.com
You selected this USER-ID:
"yslao <yslao@outlook.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb created
gpg: key 7204BFB944405DA7 marked as ultimately trusted
gpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev'
public and secret key created and signed.
pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
C87B0403E54CB05D431E5C1A7204BFB944405DA7
uid yslao <yslao@outlook.com>
sub rsa2048 2021-02-20 [E] [expires: 2023-02-20]
key操做
查看key
$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-02-20
/c/Users/kongh/.gnupg/pubring.kbx
---------------------------------
pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
C87B0403E54CD05D431E5C1A7204BFB944405DA7
uid [ultimate] yslao <yslao@outlook.com>
sub rsa2048 2021-02-20 [E] [expires: 2023-02-20]
发布public key
# 命令格式:gpg --keyserver [key的服务器](这个有不少,随便找一个就好了) --send-keys [key] key就是查看key操做中pub对应的那串字符串 $ gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys C87B0403E54CD05D431E5C1A7204BFB944405DA7 gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371
处理过时key(没有试验过,仅记录)
# 先用list-keys列出key列表
gpg --list-keys
# 编辑某个key
$ gpg --edit-key C87B0403E54AB05D431E5C1A7204BFB944405DA7
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa2048/7204BFB944405DA7
created: 2021-02-20 expires: 2023-02-20 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/B9A87F6417B16CA8
created: 2021-02-20 expires: 2023-02-20 usage: E
[ultimate] (1). yslao <yslao@outlook.com>
# 选择须要修改的id
gpg> 1
sec rsa2048/7204BFB944405DA7
created: 2021-02-20 expires: 2023-02-20 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/B9A87F6417B16CA8
created: 2021-02-20 expires: 2023-02-20 usage: E
[ultimate] (1)* yslao <yslao@outlook.com>
# 输入expire设置过时时间
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
# 输入 10m 表明10个月, 而后回车
10m
# 输入save进行保存,延长有效期
gpg> save
pom.xml和setting.xml修改
Distribution 管理
修改pom.xml, 添加如下代码ubuntu
<!--父级是project-->
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
认证配置
在setting.xml中添加认证信息,此处的id要和pom文件中的distributionManagement下snapshotRepository和repository的id保持一致.windows
<settings>
<servers>
<server>
<id>ossrh</id>
<!-- username就是注册sonatype时的username -->
<username>your-jira-id</username>
<!-- password就是注册sonatype时的password -->
<password>your-jira-pwd</password>
</server>
</servers>
</settings>
javadoc和源代码管理
在pom.xml中添加配置以下
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
gpg签名组件配置
在pom中添加gpg插件
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
在setting.xml中添加gpg profile配置,gpg.executable属性要根据本身的电脑环境进行添加.
<settings>
<profiles>
<profile>
<id>ossrh</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!--这里根据实际状况填写gpg或gpg2,看本身的环境能使用哪一个命令-->
<gpg.executable>gpg2</gpg.executable>
<!--passphrase就是咱们在gpg安装生成key的时候设置的-->
<gpg.passphrase>the_pass_phrase</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>
Nexus Staging Maven插件,用于部署和发布
在pom.xml中添加如下内容
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
发布
全部的发布操做确保gpg命令是能够用的,在windows下进行发布必定要注意是在git bash客户端中进行,以确保gpg能够使用.以及发布过程当中可能会让你再次输入gpg的密码,这里须要注意一下。
快照版本
项目的版本若是是以-SNAPSHOT结尾的,就会发布到快照仓库,以下:
D:\project\idea\base-iminling-parent>mvn clean deploy INFO] Scanning for projects... [WARNING] [WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0-SNAPSHOT [WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging- maven-plugin @ line 326, column 25 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] [INFO] -----------------< com.iminling:base-iminling-parent >------------------ [INFO] Building base-iminling-parent 1.0.0-SNAPSHOT [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent --- [INFO] [INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent --- [INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0-SNAPSHOT\base-iminling-parent-1.0.0-S NAPSHOT.pom [INFO] [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent --- Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.03 4207-1.pom Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034 207-1.pom (14 kB at 4.8 kB/s) Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml (609 B at 263 B/s) Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s) [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 15.105 s [INFO] Finished at: 2021-05-20T11:42:18+08:00 [INFO] ------------------------------------------------------------------------
release版本
项目的版本不是以-SNAPSHOT结尾的,就会发布到release仓库,以下:
D:\project\idea\base-iminling-parent>mvn clean deploy [INFO] Scanning for projects... [WARNING] [WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0 [WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging- maven-plugin @ line 326, column 25 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] [INFO] -----------------< com.iminling:base-iminling-parent >------------------ [INFO] Building base-iminling-parent 1.0.0 [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent --- [INFO] [INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent --- [INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0\base-iminling-parent-1.0.0.pom [INFO] [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent --- Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom (14 kB at 59 7 B/s) Downloading from ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s) [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 32.049 s [INFO] Finished at: 2021-02-20T14:11:23+08:00 [INFO] ------------------------------------------------------------------------
遇到的问题
在mac上进行发布的时候遇到下边问题:
[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ base-iminling-parent --- gpg: 签名时失败: Inappropriate ioctl for device gpg: signing failed: Inappropriate ioctl for device [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 17.069 s [INFO] Finished at: 2021-02-21T09:36:03+08:00 [INFO] ------------------------------------------------------------------------
上网查询后,缘由是 gpg 在当前终端没法弹出密码输入页面。
解决办法很简单:
export GPG_TTY=$(tty)
从新执行,发现会弹出一个密码输入界面。
发布后续
发布后咱们还须要在sonatype中问题下方进行评论,来激活同步到maven中心仓库.
版本引用
release
正常引入坐标就能够引用
snapshot
<!--定义snapshots库的地址-->
<repositories>
<repository>
<id>sonatype-snapshots</id>
<name>sonatype-snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<!--经测试,不要下边的应该也是能够的,留着作不时之需-->
<pluginRepositories>
<pluginRepository>
<id>sonatype-snapshots</id>
<name>sonatype-snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
后续维护
查看官方文档:https://oss.sonatype.org/#sta...
下边放上个人两个仓库的地址,关于完整pom请查看仓库里的。
- base-iminling-parent, 父pom
- base-iminling-core, 一个基础jar,详细见仓库READEME.md