This is the 13th day of my participation in the More text Challenge. For details, see more text Challenge
[TOC]
Release of the Maven project
I use other people’s Maven projects in my daily development, and it is necessary to release my own program as a standard programmer.
The repair order to apply for
- Before release, you need to have your own project home page and open source code, you can use GitHub or code cloud, the following content to Oschina as an example, in other words, we need to release our project source code to the code cloud platform. Maven, after all, is open source. Therefore, it is necessary to provide your source code to Maven
Registered Sonatype OSSRH
-
Secondly, we need to apply on the Sonatype platform. If you have an account, you can log in to Sonatype directly. If you don’t have an account, you can click on the login interface to register
-
After registering our account, we can log on to the Sonatype platform and start creating work orders
Create a work order
- So now THAT I’ve created my local project, the coordinates are
< the groupId > com. Making. ZxhTom < / groupId > < artifactId > CSDN - SDK < / artifactId > < version > 1.0.0 < / version >Copy the code
- So the work order information I created is as follows
- We need to wait 3~5 minutes to create the work order, we will receive an email telling us that the work order has been created successfully! The email address here is filled in at the time of registration, so I won’t say much here. We can find the finished order in our own account or go to the home page to find it, because it is just created. In the home page, there will be a list of our work orders in the recent information (the home page is in reverse time). So to find the previously created work order, we have to look in our own work list.
The repair order parameter
Attribute values | Attribute interpretation |
---|---|
Summary | This is the project description, you can write the individual project, make a general |
Project URL | Just fill it out on your Github or git.oschina.net or your personal website |
SCM URL | It doesn’t matter if it’s the same as the Project URL |
username | The user name |
If you are hosted on Github or Git@OSC, you can use com.github. Binarylei or net.oschina.XXX. The rest can be specified according to the actual situation. Such as hosted address, etc. (Hosted address and other information will be displayed when using maven repository search to help users find your project address and ask for help). The groupId must be the same as the groupIdd in the POM of the component you want to publish.
The repair order waiting
- We have successfully created the work order above, but the review still needs to wait for a while. Wait for 1 to 5 hours. It depends on personal luck. Mine is still waiting. During the waiting process, the customer service staff will comment on the status of all work orders under the comments of your work order, and we can (must) reply to the questions of the customer service staff below.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — long wait — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
- Well, after a long wait, the work order we created has finally been answered. because
com.github.zxhTom
I have registered for this groupid before, so here Sonatype replies that I will not create work order for me again and let me use the previous work order. Let’s take a look at two work orders
! [oytmxyuek.bkt.clouddn.com/20181008005…].
! [oytmxyuek.bkt.clouddn.com/20181008006…].
- Above is the work order I created before, you can see the comments I went to in the comments. This is me talking to Sonatype. The following reply indicates that our creation is ok
! [oytmxyuek.bkt.clouddn.com/20181008007…].
- Then we can release our project. After the release, the work order will automatically reply to the message, telling us about the synchronization of other warehouses. Then you can respond politely
! [oytmxyuek.bkt.clouddn.com/20181008008…].
Gpg2 encryption
-
After downloading GPG, we will install it for fool. I won’t go into details here
-
GPG –version Check whether GPG is installed successfully
gpg --gen-key
Generating a public key
gpg --list-keys
View the public key; The pub is our public key ID that we need to upload. The format and length of pub ID generated vary with GPG versions. We don’t have to worry- The process of generating public and secret keys requires input
passphrase
thepassphrase
It’s our credentials. Remember that - ps :
- Real name: name
- Email address: Indicates the Email address
- Comment: Describes the Comment
GPG -- keyServer hkp://pool.sks-keyservers.net -- senders --keys Public key ID
- Release the public key to the Internet. In the figure below, GPG –list-keys is executed on another computer. The version is not the same as the previous one on the computer. Here is the pub ID for scabbers. Here we just need to select the following characters
GPG -- keyServer hkp://pool.sks-keyservers.net --recv-keys Public key ID
Viewing a Public Key
Maven configuration
- In poM, you need to configure doc compile and other necessary plug-ins
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> The < source > 1.7 < / source > < target > 1.7 < / target > < encoding > utf-8 < / encoding > < showDeprecation > true < / showDeprecation > <showWarnings>true</showWarnings> <optimize>true</optimize> <compilerArguments> <verbose/> <! ${Java. Home}/lib/rt.jar; ${Java. Home}/lib/rt.jar; ${java.home}/lib/jce.jar</bootclasspath> </compilerArguments> </configuration> </plugin> <plugin> . < groupId > org, apache maven plugins < / groupId > < artifactId > maven - source - the plugin < / artifactId > < version > 2.1.2 < / version > <configuration> </configuration> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar-no-fork</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> < artifactId > maven - javadoc - plugin < / artifactId > < version > 2.7 < / version > < configuration > < charset > utf-8 < / charset > <docencoding>UTF-8</docencoding> <! </aggregate> <! Because the plug-in is more rigorous now, this tag is ignored for strict validation. Executions > <execution> <execution> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin>Copy the code
- The above process is hard conditional preparation. All we need to do in this step is configure this information.
- Maven provides us with published projects that we only need to inherit, but in practice we have our own foundation projects to inherit, so inheritance is just one way. We can actually reconfigure it ourselves. The following two configurations are implemented. Readers only need to choose one of the configuration PS: two ways to choose one can >
inheritanceoss-parent
- In our project’s POM file
oss-parent
<parent>
<groupId>org.sonatype.oss</groupId>
<artifactId>oss-parent</artifactId>
<version>7</version>
</parent>
Copy the code
- Then add the following configuration in the POM, the specific configuration information to their own project information on the line. It is also easy to understand
<plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> Executions > <execution> <id>sign-artifacts</id> <phase>verify</phase> <goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> <licenses> <license> <name>The Apache Software License, Version 2.0 < / name > < url > http://www.apache.org/licenses/LICENSE-2.0.txt < / url > < distribution > '< / distribution > </license> </licenses> <scm> <connection>scm:git:https://gitee.com/zxhTom/csdnSdk.git</connection> <developerConnection>scm:git:https://gitee.com/zxhTom/csdnSdk.git</developerConnection> <url>https://gitee.com/zxhTom/csdnSdk</url> <tag>${project.version}</tag> </scm> <developers> <developer> <name>zxhTom</name> <email>[email protected]</email> <roles> <role>developer</role> </roles> <timezone>+8</timezone> </developer> </developers>Copy the code
- Then add the following configuration in maven Settings
<servers> <server> <id>sonatype-nexus-snapshots</id> <username>Sonatype account </username> <password> sonatype password </password> </server> <server> <id>sonatype-nexus-staging</id> <username>Sonatype account </username> <password>Sonatype password </password> </server> </servers>Copy the code
Ps: I did not adopt this method at the beginning, so I did not test it personally, but the following method is my deformation according to the first one. So this one should work. MVN Clean Deploy is ready to publish. The process of publishing requires entering GPG Passphrase validation. This is just configuration. Let’s continue with the actual release.
! [. / maven release / 019 PNG]
Configure only the Maven repository (global) and project POM (project).
Settings. The XML configuration
- Add a server to the Servers node in settings. XML. Add server information to it, including the username and password for the Sonatype account
- Then there’s Maven’s remote repository. Configuring the remote repository here is your choice. There is no need to give a default remote address configuration
<profile>
<id>default_maven</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>central</id>
<name>Central Repository</name>
<url>http://repo.maven.apache.org/maven2</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<name>CentralRepository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
Copy the code
-
And that’s pretty much the end of it. Because maven releases require encryption and decrypting, we use GPG encryption above. Here we need to configure GPG information into a profile, so that MVN deploys aware of GPG. This configuration requires something that I told you to remember when I released the GPG public key, passphrase. The pixelated image below is my passphrase
-
Here is the configuration, according to the version is not the same as GPG, gpG2. Try both and you’ll know which version fits you
Project POM configuration
- As with the first one, you need to add information about Licenses, SCM and Developers. There’s a repository that’s redundant. Readers can remove it at their discretion. This is already configured in the profile in settings. XML global and is enabled by default. Even if it’s not configured in Settings
Maven also reads this address by default (remote central repository)
<plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> Executions > <execution> <id>sign-artifacts</id> <phase>verify</phase> <goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> <licenses> <license> <name>The Apache License, Version 2.0 < / name > < url > http://www.apache.org/licenses/LICENSE-2.0.txt < / url > < / license > < / licenses > < developers > <developer> <name>zxhTom</name> <email>[email protected]</email> <roles> <role>developer</role> </roles> <timezone>+8</timezone> </developer> </developers> <scm> <connection>scm:git:https://gitee.com/zxhTom/csdnSdk.git</connection> <developerConnection>scm:git:https://gitee.com/zxhTom/csdnSdk.git</developerConnection> <url>https://gitee.com/zxhTom/csdnSdk</url> <tag>${project.version}</tag> </scm> <repositories> <repository> <id>maven-central</id> <name>maven-central</name> <url>https://repo.maven.apache.org/maven2</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> </repositories>Copy the code
-
The only difference is that there are more distributionManagement methods. The Ids in The Repository and snapshotRepository in distributionManagement must be consistent with the server IDS in Settings
-
This is why the server needs to be configured with two ids in the first method, because the two ids of distributionManagement in OSSS-parent are different. And our custom ones can define consistency. We can configure only one server in our Settings.
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<name>Maven Central Staging
Repository
</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
Copy the code
- Ps: The two methods are basically the same. Only one is provided by Maven. Just another custom
Release the jar
-
Well, the preliminary preparations have been completed. So now we can start configuring our project and publish maven to the central repository.
-
Run the MVN clean deploy command. I’m executing it in idea because GPG is already configured in settings. XML, so I don’t need to follow the GPG information.
-
Once this is done, we can view the project we just released at https://oss.sonatype.org, not yet released to the central repository; The password for logging in to this website is sonatype. At the bottom of the list in Build Promotion -> Staging Repositories is the project that should be released by us
- The information we see is open, so we need to pay attention to this state, so open–>close–>relese. Eventually it will be released to a central repository and then synchronized to the rest of Maven for some time, possibly several days
When you close, you need to look at the message. The activity will tell you what errors occurred when the close failed. There are also some POM details that I can’t go into here, timing matters
Click on me to view my POM project (Sonatype branch)
- Staging Repositories disappeared after release. Search in the left side, the search is successful, we wait for the central warehouse will search our project
Update project
- For security reasons, we can’t modify the builds we’ve released. That is, the same GAV is prohibited to upload and publish. GAV – Maven coordinates
- However, we can release the snapshot version for the team to develop, because the project is sure to change constantly during development. Snapshots and releases are the same as snapshots
- However, snapshot is not found in the central repository or any other repository. If you can’t find it, it doesn’t mean you don’t have it. In fact, our component already exists in the Snapshot warehouse in the central warehouse, but you can’t find it through the page. We’ll just keep it in the team.
- In other words, we publish snapshots that are hidden from others. But as long as you know the GAV of your snapshot you can use it.
Release the other projects again
-
Republishing only requires the configuration and publishing of those two pieces. This is actually the POM configuration for the project. No more work orders or anything. The same groupid only needs one work order, and you don’t have to care about it in the future.
-
Central Warehouse address
-
MVN address