关于maven:发布Jar到maven中央仓库

36次阅读

共计 14654 个字符,预计需要花费 37 分钟才能阅读完成。

账号注册

首先咱们要先注册 sonatype 账号,拜访地址 sonatype 输出必须的内容就能够胜利注册一个账号, 不过对明码就有一些非凡的平安要求,正确注册就能够了。

sonatype 工单

新建工单

点击新建按钮,项目选择 open 的那个,问题类型抉择 new project,概要,形容轻易写就 ok 了

新建实现后如下图:

增加 txt 记录

如上边的图所示,它为了验证你是域名的所有者,会让你去解析一条 txt 记录。两种计划选一种就能够了,我这里抉择的是增加一条 txt 的记录,如下图所示,我这里是不分明规定,提交了两个工单,所以增加了两条记录,最初其中一个工单被认为是反复提交,已敞开。其中记录值填写你的工单地址,下图中框住的局部,主机记录就是 jira tiket.

这里 txt 解析的值起源就是你的问题 url,如下:

解析完后就能够再期待审核了,我的大略是凌晨 3 点进行的审核,通过当前会有邮件告诉,工单下边也有评论, 此时咱们就能够筹备公布咱们的 jar 包了。

com.iminling has been prepared, now user(s) yslao can:
Publish snapshot and release artifacts to https://oss.sonatype.org
Have a look at this section of our official guide for deployment instructions:
https://central.sonatype.org/pages/ossrh-guide.html#deployment

Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central.
Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide:
https://central.sonatype.org/pages/releasing-the-deployment.html

公布筹备

gpg 装置

mac 装置 gpg

这里利用 brew 进行装置

brew install gpg

windows 装置 gpg

windows 装置了 git 客户端就自带了这个性能

查看 gpg 版本

有些装置胜利后是 gpg, 有些是 gpg2, 所以依据本人的状况进行查看

$ gpg --version
gpg (GnuPG) 2.2.13-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /c/Users/kongh/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

# 或者应用 gpg2, 就看本人的电脑上哪个命令能够运行.

生成 key

mac 生成

$ gpg --gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

留神:应用“gpg --full-generate-key”以取得一个性能残缺的密钥产生对话框。GnuPG 须要构建用户标识以识别您的密钥。实在姓名:yslao
电子邮件地址:yslao@outlook.com
您选定了此用户标识:“yslao <yslao@outlook.com>”更改姓名(N)、正文(C)、电子邮件地址(E)或确定(O)/ 退出(Q)?O
咱们须要生成大量的随机字节。在质数生成期间做些其余操作(敲打键盘、挪动鼠标、读写硬盘之类的)将会是一个不错的主见;这会让随机数
发生器有更好的机会取得足够的熵。咱们须要生成大量的随机字节。在质数生成期间做些其余操作(敲打键盘、挪动鼠标、读写硬盘之类的)将会是一个不错的主见;这会让随机数
发生器有更好的机会取得足够的熵。gpg: /Users/konghang/.gnupg/trustdb.gpg:建设了信任度数据库
gpg: 密钥 84040E735F931A32 被标记为相对信赖
gpg: 目录‘/Users/konghang/.gnupg/openpgp-revocs.d’已创立
gpg: 撤消证书已被存储为‘/Users/konghang/.gnupg/openpgp-revocs.d/DD1E1B8213D07DA46FC3F2B684040E735F931A32.rev’公钥和私钥曾经生成并被签名。pub   rsa3072 2021-02-20 [SC] [无效至:2023-02-20]
      DD1E1B8213A07DA46FC3F2B684040E735F931A32
uid                      yslao <yslao@outlook.com>
sub   rsa3072 2021-02-20 [E] [无效至:2023-02-20]

期间会让输出明码,请牢记次明码,公布 jar 的时候要用到。如下图所示:

windos 生成

根本和 mac 差不多,也请牢记住明码。

$ gpg --gen-key
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/c/Users/kongh/.gnupg' created
gpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: yslao
Email address: yslao@outlook.com
You selected this USER-ID:
    "yslao <yslao@outlook.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb created
gpg: key 7204BFB944405DA7 marked as ultimately trusted
gpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev'
public and secret key created and signed.

pub   rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
      C87B0403E54CB05D431E5C1A7204BFB944405DA7
uid                      yslao <yslao@outlook.com>
sub   rsa2048 2021-02-20 [E] [expires: 2023-02-20]

key 操作

查看 key

$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-02-20
/c/Users/kongh/.gnupg/pubring.kbx
---------------------------------
pub   rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
      C87B0403E54CD05D431E5C1A7204BFB944405DA7
uid           [ultimate] yslao <yslao@outlook.com>
sub   rsa2048 2021-02-20 [E] [expires: 2023-02-20]

公布 public key

# 命令格局:gpg --keyserver [key 的服务器](这个有很多,轻易找一个就行了) --send-keys [key] key 就是查看 key 操作中 pub 对应的那串字符串
$ gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys C87B0403E54CD05D431E5C1A7204BFB944405DA7
gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371

解决过期 key(没有试验过, 仅记录)

# 先用 list-keys 列出 key 列表
gpg --list-keys
# 编辑某个 key
$ gpg --edit-key C87B0403E54AB05D431E5C1A7204BFB944405DA7
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/7204BFB944405DA7
     created: 2021-02-20  expires: 2023-02-20  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/B9A87F6417B16CA8
     created: 2021-02-20  expires: 2023-02-20  usage: E
[ultimate] (1). yslao <yslao@outlook.com>
# 抉择须要批改的 id
gpg> 1

sec  rsa2048/7204BFB944405DA7
     created: 2021-02-20  expires: 2023-02-20  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/B9A87F6417B16CA8
     created: 2021-02-20  expires: 2023-02-20  usage: E
[ultimate] (1)* yslao <yslao@outlook.com>
# 输出 expire 设置过期工夫
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
# 输出 10m 代表 10 个月, 而后回车
10m
# 输出 save 进行保留, 缩短有效期
gpg> save

pom.xml 和 setting.xml 批改

Distribution 治理

批改 pom.xml, 增加以下代码

<!-- 父级是 project-->
<distributionManagement>
    <snapshotRepository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/content/repositories/snapshots</url>
    </snapshotRepository>
    <repository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
</distributionManagement>

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <version>1.6.7</version>
      <extensions>true</extensions>
      <configuration>
        <serverId>ossrh</serverId>
        <nexusUrl>https://oss.sonatype.org/</nexusUrl>
        <autoReleaseAfterClose>true</autoReleaseAfterClose>
      </configuration>
    </plugin>
  </plugins>
</build>

认证配置

setting.xml 中增加认证信息, 此处的 id 要和 pom 文件中的 distributionManagementsnapshotRepositoryrepository 的 id 保持一致.

<settings>
  <servers>
    <server>
      <id>ossrh</id>
      <!-- username 就是注册 sonatype 时的 username -->
      <username>your-jira-id</username>
      <!-- password 就是注册 sonatype 时的 password -->
      <password>your-jira-pwd</password>
    </server>
  </servers>
</settings>

javadoc 和源代码治理

在 pom.xml 中增加配置如下

<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-source-plugin</artifactId>
      <version>2.2.1</version>
      <executions>
        <execution>
          <id>attach-sources</id>
          <goals>
            <goal>jar-no-fork</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-javadoc-plugin</artifactId>
      <version>2.9.1</version>
      <executions>
        <execution>
          <id>attach-javadocs</id>
          <goals>
            <goal>jar</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>

gpg 签名组件配置

在 pom 中增加 gpg 插件

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.5</version>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
</plugin>

在 setting.xml 中增加 gpg profile 配置,gpg.executable属性要依据本人的电脑环境进行增加.

<settings>
  <profiles>
    <profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <!-- 这里依据理论状况填写 gpg 或 gpg2, 看本人的环境能应用哪个命令 -->
        <gpg.executable>gpg2</gpg.executable>
        <!--passphrase 就是咱们在 gpg 装置生成 key 的时候设置的 -->
        <gpg.passphrase>the_pass_phrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
</settings>

Nexus Staging Maven 插件,用于部署和公布

在 pom.xml 中增加以下内容

<plugin>
  <groupId>org.sonatype.plugins</groupId>
  <artifactId>nexus-staging-maven-plugin</artifactId>
  <version>1.6.7</version>
  <extensions>true</extensions>
  <configuration>
     <serverId>ossrh</serverId>
     <nexusUrl>https://oss.sonatype.org/</nexusUrl>
     <autoReleaseAfterClose>true</autoReleaseAfterClose>
  </configuration>
</plugin>

公布

所有的公布操作确保 gpg 命令是能够用的, 在 windows 下进行公布肯定要留神是在 git bash 客户端中进行, 以确保 gpg 能够应用. 以及公布过程中可能会让你再次输出 gpg 的明码,这里须要留神一下。

快照版本

我的项目的版本如果是以 -SNAPSHOT 结尾的, 就会公布到快照仓库, 如下:

D:\project\idea\base-iminling-parent>mvn clean deploy
INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0-SNAPSHOT
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0-SNAPSHOT
[INFO] --------------------------------[pom]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0-SNAPSHOT\base-iminling-parent-1.0.0-S
NAPSHOT.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.03
4207-1.pom
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034
207-1.pom (14 kB at 4.8 kB/s)
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml (609 B at 263 B/s)
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 15.105 s
[INFO] Finished at: 2021-05-20T11:42:18+08:00
[INFO] ------------------------------------------------------------------------

release 版本

我的项目的版本不是以 -SNAPSHOT 结尾的, 就会公布到 release 仓库, 如下:

D:\project\idea\base-iminling-parent>mvn clean deploy
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0
[INFO] --------------------------------[pom]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0\base-iminling-parent-1.0.0.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom (14 kB at 59
7 B/s)
Downloading from ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 32.049 s
[INFO] Finished at: 2021-02-20T14:11:23+08:00
[INFO] ------------------------------------------------------------------------

遇到的问题

在 mac 上进行公布的时候遇到下边问题:

[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ base-iminling-parent ---
gpg: 签名时失败:Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 17.069 s
[INFO] Finished at: 2021-02-21T09:36:03+08:00
[INFO] ------------------------------------------------------------------------

上网查问后,起因是 gpg 在以后终端无奈弹出明码输出页面。

解决办法很简略:

export GPG_TTY=$(tty)

从新执行,发现会弹出一个明码输出界面。

公布后续

公布后咱们还须要在 sonatype 中问题下方进行评论, 来激活同步到 maven 核心仓库.

版本援用

release

失常引入坐标就能够援用

snapshot

<!-- 定义 snapshots 库的地址 -->
<repositories>
    <repository>
        <id>sonatype-snapshots</id>
        <name>sonatype-snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
    </repository>
</repositories>
<!-- 经测试, 不要下边的应该也是能够的, 留着做不时之需 -->
<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>sonatype-snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>    
    </pluginRepository>
</pluginRepositories>

后续保护

查看官网文档:https://oss.sonatype.org/#sta…

下边放上我的两个仓库的地址,对于残缺 pom 请查看仓库里的。

  • base-iminling-parent, 父 pom
  • base-iminling-core, 一个根底 jar,具体见仓库 READEME.md

正文完
 0