How To Upload To Maven Central

Publish Artifacts to Maven Central

Using the remote repositories feature, you can publish Maven artifacts from a Space Packages repository to Maven Central.

To publish an antiquity to Maven Central

1. Configure publishing of artifacts to a Space Packages repository according to the post-obit guides:

   • Gradle

   • Maven

2. Perform initial setup of your OSSRH repository:

   • Create a Sonatype JIRA business relationship.

   • Create a JIRA ticket for creating a new repository for your project. For example, like this i.

   For details, refer to the official Sonatype documentation.

3. The artifacts published to Maven Central must be signed with PGP. To generate a signing key:

   • Download the GPG tool.

   • Generate a key by running:

     gpg --gen-fundamental

     For example:

     PS C:\Program Files (x86)\GNU\GnuPG> .\gpg.exe --gen-fundamental gpg (GnuPG) 1.4.23; Copyright (C) 2015 Gratis Software Foundation, Inc. This is free software: you are free to alter and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of fundamental you desire: (1) RSA and RSA (default) (ii) DSA and Elgamal (three) DSA (sign only) (4) RSA (sign just) Your selection? i RSA keys may exist between 1024 and 4096 bits long. What keysize exercise you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does non elapse <north> = key expires in n days <n>west = key expires in n weeks <n>g = key expires in n months <n>y = key expires in n years Central is valid for? (0) Key does not elapse at all Is this right? (y/N) y You lot need a user ID to place your primal; the software constructs the user ID from the Real Proper noun, Comment and Electronic mail Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real proper name: John Doe Email address: johndoe@instance.com Annotate: sample key You selected this USER-ID: "John Doe (sample key) <johndoe@example.com>" Change (N)ame, (C)omment, (E)postal service or (O)kay/(Q)uit? O You need a Passphrase to protect your cloak-and-dagger key. Nosotros need to generate a lot of random bytes. It is a skilful idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better take chances to gain enough entropy. .+++++ +++++ Nosotros demand to generate a lot of random bytes. It is a good idea to perform some other activeness (type on the keyboard, movement the mouse, utilize the disks) during the prime generation; this gives the random number generator a meliorate chance to gain enough entropy. ...+++++ ....+++++ gpg: C:/Users/John.Doe/AppData/Roaming/gnupg\trustdb.gpg: trustdb created gpg: key 8A37B4C1 marked as ultimately trusted public and underground key created and signed. gpg: checking the trustdb gpg: three marginal(southward) needed, ane complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/8A37B4C1 2021-04-20 Key fingerprint = 31FE BA03 2679 13C3 5DDD B277 6176 785A 8A37 B4C1 uid John Doe (sample key) <johndoe@example.com> sub 2048R/EA490E42 2021-04-20

4. Configure signing for the projection:

   There is a number of ways to configure signing depending on your environment. For the details, refer to the official Gradle documentation. For instance, this is how you can configure signing for your local builds:

   • Include the signing plugin into build.gradle:

     plugins { id 'signing' }

   • Specify what to sign. For example, yous tin configure Gradle to sign all published artifacts. To practice this, add to build.gradle:

     signing { sign publishing.publications }

   • Add together the signing fundamental data to your local gradle.backdrop. For case:

     signing.keyId=24875D73 signing.password=pwd1234 signing.secretKeyRingFile=C:/Users/John.Doe/AppData/Roaming/gnupg/secring.gpg

     Where

     • keyId is the public key ID that you tin can get with gpg -M.

     • password is the passphrase you used when creating the key.

     • secretKeyRingFile is the absolute path to the private key.

   • To build a signed artifact, run:

     gradle sign

   • To publish a signed artifact, run:

     gradle publish

   There is a number of ways to configure signing depending on your environment. For the details, refer to the official Maven documentation. For example, this is how you can configure signing for your local builds:

   • Include the Apache Maven GPG plugin into pom.xml:

     <projection> ... <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.6</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> </build> ... </projection>

   • Add the signing cardinal data to your local settings.xml. For example:

     <settings> [...] <servers> [...] <server> <id>gpg.passphrase</id> <passphrase>pwd1234</passphrase> </server> </servers> </settings>

     Where passphrase is the passphrase yous used when creating the central. Notation that this volition work only in case yous have a single (default) signing central. For more than information on configuring the Maven GPG plugin, refer to the official documentation.

   • To publish a signed artifact, run:

     mvn deploy

5. In Infinite, open the repository where you published the signed artifacts.

6. Configure a remote repository:

   • In repository settings, open the Remote Repositories tab and click New remote repository.

   • Specify remote repository settings:

     • URL: the URL you lot got from Sonatype during the initial setup. Typically, information technology's https://s01.oss.sonatype.org/content/repositories/snapshots/ for SNAPSHOT artifact versions or https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ for release versions. Acquire more.

     • In Authentication, select Basic and specify Username and Password you used to register in Sonatype JIRA.

     • Nexus Staging Contour: the profile y'all got during the initial setup. Space automatically connects to Sonatype Nexus using your credentials and shows yous the list of available staging profiles.

     

   • Click Create.

7. Publish the required artifact to the remote repository (Maven Central):

   • Find the required package.

   • In the packet card, choose Publish to remote repository.

   • In the list, select the mirror created on previous step and click Publish.

Concluding modified: 05 Apr 2022

Source: https://www.jetbrains.com/help/space/publish-artifacts-to-maven-central.html

Posted by: chungandutimmose1944.blogspot.com

Share this post