This blog is about Java (advanced Java topics like Reflection, Byte Code transformation, Code Generation), Maven, Web technologies, Raspberry Pi and IT in general.

Samstag, 14. März 2015

Tutorial: How to push / upload artifacts into the Maven Central Repository

I have several GitHub repositories and that's great. It's so easy to share the projects. But for some projects it's not enough. I created a POM, which I'm using as parent POM for all my projects. So if you want to checkout a project which depends on the POM then it's necessary to checkout the pom-project first and do a $ mvn install. That's quite annoying. The second example is my spBee library. I think most users aren't interested to checkout that project and to contribute to it - they just want to use it. Therefore it's necessary in such cases to put the artifacts on the Maven Central Repository. Then the user can add the library to the Maven dependencies and everything works. So I faced the question: how to push my artifacts to the Maven Central Repository?

A short overview over all steps
  1. install PGP - that's necessary to sign the artifacts - and upload your public key 
  2. prepare the POM file to satisfy all requirements
  3. create an Sonatype account
  4. create a New Project ticket
  5. wait for a comment.
  6. perform a stating release and comment the ticket that you have successfully done the stating release and the artifacts are ready to be released.
  7. wait until the sync to the Maven Central Repository will be activated and now you can do the releases yourself.
    1. do another staging release
    2. release your artifacts on this site https://oss.sonatype.org/
    3. or drop your staging release
  8. enjoy your artifacts on the Maven Central Repository
It seems to be quite complicated. But actually it's not that bad. Hopefully it's very easy with the help of this post!

1. Install PGP and upload your public key
 On this site everything is explained. In short:
  • download and install GPG
  • $ gpg --version
  • $ gpg --gen-key
    • enter the required information
  • $ gpg --list-keys
    • in the output you will see the keyid of the public certificate
    • pub   1024D/C6EED57A 2010-01-13
    • the C6EED57A string is the keyid
  • distribute the public key so that the signed files can be verified
    • $ gpg --keyserver hkp://pool.sks-keyservers.net --send-keys C6EED57A
2. Prepare the POM file to satisfy all requirements
On this site and that site everything is explained. In short:
  • the groupId
    • if the groupId is at.rseiler.spbee then you need to own rseiler.at.
    • if you don't have an own domain, but use GitHub then the groupId must be: github.com/rseiler => com.github.rseiler
  • the javadoc.jar must be generated
  • the sources.jar must be generated
  • all files must be signed with PGP
  • following meta data must be provided
    • project name, description and URL
    • license information
    • developer information 
    • scm (the repository URL)
  • the nexus-staging-maven-plugin must be setup
  • the distributionManagement (snapshotRepository and
    repository) must be setup
Take a look at these both small POM files, which satisfies all requirements: spBee POM pom-project POM
The  release profile will create the javadoc.jar sources.jar and signs the artifacts. So if you do a release you need to activate the profile with: $ mvn clean deploy -P release

To upload the artifacts you need to setup the settings.xml (.m2/settings.xml).
<settings>
  <servers>
    <server>
      <id>ossrh</id>
      <username>your-jira-id</username>
      <password>your-jira-pwd</password>
    </server>
  </servers>
</settings>
3. Create an Sonatype account
Go to this site and create an account.

4. Create a New Project ticket
  • go to this site and create a ticket - see mine as an example
  • enter the root groupId
    • at.rseiler - even if your first artifact uses at.rseiler as groupId
    • com.github.rseiler - if you don't have an own domain
  • fill out the rest of the fields
6. Preform a stating release
  • check if everything is setup correctly
  • I recommend to set <autoReleaseAfterClose>true</autoReleaseAfterClose> to false so you can check the output first
  • notice that there aren't allowed any JavaDoc errors. If there are errors than the javadoc.jar file won't be created and then the requirements are missed.
  • $ mvn clean deploy -P release
  • check on this site under Build Promation => Repositories => Content your uploaded artifacts
  • if everything is fine then use: $ mvn nexus-staging:release to do a stating release
  • otherwise $ mvn nexus-staging:drop to drop the stating release
  • both commands can be executed on the website, too
  • comment the ticket
7. Release yourself
After the sync is activated you can release your stating-releases yourself to the Maven Central Repository.

8. Enjoy your artifacts on the Maven Central Repository 
You have done it! Congratulation! :)


I hope that my blog post helped you and gave you a good overview over all required steps.