Teach you to submit the Jar package to the Maven public warehouse | Mengxin write open source 02

In the previous article, I introduced my SpringBoot Starter project, which allows us to easily obtain operation logs using annotations and push them to the specified data source.

Before, my project was open sourced on Github. If you want to use my project, you have to configure the Github repository in Maven's Setting.xml. is not convenient at all.

this article, I will organize the process of uploading the project to the public Maven repository as a tutorial article.

I have to say that uploading a public Maven warehouse is , and 161b8b8847e8a6 almost didn't kill its popularity.

"Meng Xinxue Open Source" series of articles are continuously updated:

"Mengxin Write Open Source 01" How to use annotations to record operation logs

How to submit the project to Maven public warehouse in "Mengxin Write Open Source 02" (this article)

"Mengxin Write Open Source" How to write a SpringBoot Starter from 0 to 1

How to make your comments support repeated comments in "

Codewords are not easy, please pay attention! Public number: Talking about back-end technology , blog name of the whole network: Mansandaojiang

Overall process

There are many articles available online, mainly the following steps:

• Submit a release ticket in sonatype (Issue)
• Configure gpg key
• Configure pom.xml and setting.xml
• mvn clean deploy

You must ask, what is the relationship between sonatype and the public Maven repository? Why do you need to operate in sonatype?

The Maven central warehouse does not support the direct publishing of jar packages. We need to publish the jar package to some designated third-party Maven warehouse, and then the warehouse will synchronize the jar package to the Maven central warehouse. Among them, the most "simple" way is to publish the jar package Sonatype OSSRH Next, I will introduce how to publish the jar package to Sonatype OSSRH.

In addition, I have to reiterate: the tutorials on the Internet are time-sensitive, including this article (this article was written in December 2021). So the best way is to follow the documentation on the official website. If you encounter problems, then cooperate with the online tutorial to solve it. Because the official website’s documentation is always the latest and the best solution, you may follow the blog tutorial directly. Many detours.

official website document address: (this is not one of the documents you should read most)

https://central.sonatype.org/publish/publish-maven/

Okay, let's follow the above official documents step by step.

Submit a ticket at sonatype

The first step, first you need to register an account on the sonatype website:

https://issues.sonatype.org/secure/Signup!default.jspa

After creation, log in and click New at the top of the page to submit a new issue.

The following figure is the content I filled in when I created it, you can refer to it.

There are mainly a few places to pay attention to:

• Question name, as long as the meaning is clearly expressed
• groupId must be written accurately
• Porject URL fill in the Github warehouse address
• SCM url needs to be suffixed with git after the Github warehouse address

After submission, I thought it was a manual review, but in fact it was a fully automatic robot that automatically responded to you. It requires you to prove that you have ownership of the groupId URL. For example, if I fill in cn.monitor4all, then I will add a TXT analysis on the monitor4all.cn website to point to this Issue (the value is written as OSSRH-xxxxx).

If your groupId is com.github.xxx, you do not need to do the above steps. So if you don’t have a domain name or find it troublesome, just use com.github.xxx.

Since my website domain name was bought by myself and resolved by Tencent Cloud, I went to Tencent Cloud and added a TXT resolution value written as OSSRH-75759. (My ticket address is https://issues.sonatype.org/browse/OSSRH-75759)

Wait a few minutes, sonatype has detected your domain ownership.

Configure gpg key

The second part, you need to set the gpg secret key, the official website gps secret key signature tutorial:

https://central.sonatype.org/publish/publish-maven/#gpg-signed-components

You will be curious about what GPG is, and GPG is an implementation of RSA algorithm.

In 1991, programmer Phil Zimmermann developed encryption software PGP in order to avoid government surveillance. This software is very easy to use, spread quickly, and become an indispensable tool for many programmers. However, it is commercial software and cannot be used freely. Therefore, the Free Software Foundation decided to develop an alternative to PGP, named GnuPG. This is the origin of GPG.

Since sonatype allows you to upload to a public warehouse, you must be authenticated as a "person". Prevent other malicious people from uploading Jar packages.

Let's go to the official website to download GunPG

https://www.gnupg.org/download/

There are various system versions available for download, I downloaded the MacOS version.

After installation, we open ssh and enter the command:

➜  ~ gpg --generate-key

Immediately follow the operation to generate the secret key. The following is the result of my generation, coded:

gpg (GnuPG/MacGPG2) 2.2.32; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

注意：使用 “gpg --full-generate-key” 以获得一个全功能的密钥生成对话框。

GnuPG 需要构建用户标识以辨认您的密钥。

真实姓名： xxxxxxx
电子邮件地址： xxxxxxx@foxmail.com
您选定了此用户标识：
    “xxxxxxxx <xxxxx@foxmail.com>”

更改姓名（N）、注释（C）、电子邮件地址（E）或确定（O）/退出（Q）？ u
更改姓名（N）、注释（C）、电子邮件地址（E）或确定（O）/退出（Q）？ o
我们需要生成大量的随机字节。在质数生成期间做些其他操作（敲打键盘
、移动鼠标、读写硬盘之类的）将会是一个不错的主意；这会让随机数
发生器有更好的机会获得足够的熵。
我们需要生成大量的随机字节。在质数生成期间做些其他操作（敲打键盘
、移动鼠标、读写硬盘之类的）将会是一个不错的主意；这会让随机数
发生器有更好的机会获得足够的熵。
gpg: 密钥 54EC3C8FA3A5B50F 被标记为绝对信任
gpg: 目录‘/Users/xxxxxxxxx/.gnupg/openpgp-revocs.d’已创建
gpg: 吊销证书已被存储为‘/Users/xxxxxxxxx/.gnupg/openpgp-revocs.d/xxxxxxxxxxxxxxxxxxxxxxxxxxxx.rev’
公钥和私钥已经生成并被签名。
pub   rsa3072 2021-12-06 [SC] [有效至：2023-12-06]
      8BDxxxxxxxxxxxxxxxxxxxxxxxxxxxxB50F
uid                      xxxxxxxx <xxxxxxxx@foxmail.com>
sub   rsa3072 2021-12-06 [E] [有效至：2023-12-06]

After the secret key is generated, you need to upload the public key to the public server for sonatype verification.

There are three addresses available in the official website tutorial:

• keyserver.ubuntu.com
• keys.openpgp.org
• pgp.mit.edu

I uploaded according to the method given on the official website:

➜  ~ gpg --keyserver pgp.mit.edu:11371 --send-keys 8BD96B0EA18E5162B94EA7F754EC3C8FA3A5B50F
gpg: 正在发送密钥 54EC3C8FA3A5B50F 到 pgp.mit.edu:11371
gpg: 发送至公钥服务器失败：文件结尾
gpg: 发送至公钥服务器失败：文件结尾
➜  ~ gpg --keyserver keyserver.ubuntu.com --send-keys 8BD96B0EA18E5162B94EA7F754EC3C8FA3A5B50F
gpg: 正在发送密钥 54EC3C8FA3A5B50F 到 hkp://keyserver.ubuntu.com
gpg: 发送至公钥服务器失败：Network is unreachable
gpg: 发送至公钥服务器失败：Network is unreachable
➜  ~ gpg --keyserver pgp.mit.edu:11371 --send-keys 54EC3C8FA3A5B50F
gpg: 正在发送密钥 54EC3C8FA3A5B50F 到 pgp.mit.edu:11371
gpg: 发送至公钥服务器失败：文件结尾
gpg: 发送至公钥服务器失败：文件结尾

However, I got an error and tried various online tutorials repeatedly, but I still got an error. I thought it was a problem with my network, or those servers were also down. Anyway, I checked it over and over again, and I tossed it all night.

Just when it was about to crash, I accidentally discovered that gunpg still has an application that can be opened, that is, it has a GUI interface, so I went in and looked at it, and then right-clicked on my secret key, and there was an option to upload the server:

It was really speechless, brothers, that the spread was successful.

Configure pom.xml and setting.xml

In the third step, you need to configure your pom.xml and setting.xml files according to the tutorial on the official website. You are already very tired when you see that, I will not follow the official website tutorial step by step to demonstrate, I will directly summarize the configuration that needs to be added for success.

The first is setting.xml.

You need to add a profile:

<profiles>
    <profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <gpg.executable>gpg2</gpg.executable>
        <gpg.passphrase>yzdbwj1993</gpg.passphrase>
      </properties>
    </profile>
  </profiles>

You also need a server, which needs to fill in your ossrh account password:

  <servers>
    <server>
      <id>ossrh</id>
      <username>你上面注册的账号</username>
      <password>你上面注册的密码</password>
    </server>
  </servers>
</settings>

The setting.xml is configured, and the pom.xml of your project is next.

First of all, you need to declare a lot of plugins and a snapshotRepository, I have posted all of them here.

<distributionManagement>
    <!--  申明打包到Maven公有仓库  -->
    <snapshotRepository>
        <id>ossrh</id>
        <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
    </snapshotRepository>
</distributionManagement>

<build>
    <plugins>
        <plugin>
            <groupId>org.sonatype.plugins</groupId>
            <artifactId>nexus-staging-maven-plugin</artifactId>
            <version>1.6.7</version>
            <extensions>true</extensions>
            <configuration>
                <serverId>ossrh</serverId>
                <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
                <autoReleaseAfterClose>true</autoReleaseAfterClose>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-source-plugin</artifactId>
            <version>2.2.1</version>
            <executions>
                <execution>
                    <id>attach-sources</id>
                    <goals>
                        <goal>jar-no-fork</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-javadoc-plugin</artifactId>
            <version>2.9.1</version>
            <configuration>
                <javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable>
            </configuration>
            <executions>
                <execution>
                    <id>attach-javadocs</id>
                    <goals>
                        <goal>jar</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-gpg-plugin</artifactId>
            <version>1.5</version>
            <executions>
                <execution>
                    <id>sign-artifacts</id>
                    <phase>verify</phase>
                    <goals>
                        <goal>sign</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

Note that after the plug-in maven-javadoc-plugin is added, it is best to add something not mentioned in the official tutorial as above:

<configuration>
    <javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable>
</configuration>

Otherwise, you may fail to compile, prompting that your JAVA_HOME environment variable cannot be found, as shown in the figure below:

MavenReportException: Error while creating archive: Unable to find javadoc command: The environment variable JAVA_HOME is not correctly set.

After that, you can also add some of your personal information:

<licenses>
  <license>
    <name>The Apache Software License, Version 2.0</name>
    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
    <distribution>actable</distribution>
  </license>
</licenses>

<developers>
  <developer>
    <name>xxxxxxxxx Yang</name>
    <email>xxxxxxxxx@foxmail.com</email>
    <organization>xxxxxxxxxx</organization>
  </developer>
</developers>

<scm>
  <tag>master</tag>
  <url>git@github.com:qqxx6661/logRecord.git</url>
  <connection>git@github.com:qqxx6661/logRecord.git</connection>
  <developerConnection>git@github.com:qqxx6661/logRecord.git</developerConnection>
</scm>

Officially packaged and released

Finally, everything is ready, you can carry out the most sacred instruction

mvn clean deploy

Immediately after that, the upload was successful

Your ticket will also update a piece of information at this time:

Central sync is activated for cn.monitor4all. After you successfully release, your component will be available to the public on Central https://repo1.maven.org/maven2/, typically within 30 minutes, though updates to https://search.maven.org can take up to four hours.

Your Jar package will be able to be pulled in about 30 minutes.

The picture below is a screenshot of the successful pull.

postscript

I don’t know, after reading the article, do you find it troublesome? In fact, after reading the written text myself, I feel that the steps are quite simple. But when I couldn't figure it out before, I still felt quite painful.

I hope that the detour I took can help you avoid the big pit and complete the upload of your project faster.

I am an engineer who is currently moving bricks in Ali.

The continuous creation of 161b8b8847f126 is inseparable from your

refer to

https://segmentfault.com/a/1190000023781503