How to manually publish JAR to maven central?

Question

I have created an open source project that I'd like to publish to maven central so that the users can use the library by simply referencing it in their pom. Like so:

<dependency>
    <groupId>in.ksharma</groupId>
    <artifactId>log4j-weblayout</artifactId>
    <version>0.0.1-BETA</version>
</dependency>

I've found several online tutorials, but some of them are out of date, some recommend automating the entire process and thereby overtly complicate it.

For example one tutorial recommended creating SSH keys for your github account and having maven automatically create a git tag whenever pushing to maven central. Though this is useful it is not necessary to get started.

Another example, trying to release it directly through maven also gives some kind of error:

mvn release:clean release:prepare release:perform -B -e | tee maven-central-deploy.log

Gives:

svn: E155007: '/home/kshitiz/Documents/workspaces/ggts/log4j-weblayout/pom.xml' is not a working copy

When you're doing something for the first time it often helps to do it manually first and then automate it.

What is the most basic, bare-bones way to put a JAR in maven central?

Answer 1

1) Create your Jira account : Signup Sonatype

---

2) Create a new project ticket (to claim your workspace) : Create new project ticket

---

3) Generate a PGP Signature

gpg2 --gen-key
....
gpg: key YOUR_KEY_ID marked as ultimately trusted
...

---

4) Distributing your public key

gpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys YOUR_KEY_ID

Distribute your key to multiple servers to speed up the synchronization process (pgp.mit.edu, keyserver.ubuntu.com...)

---

5) Update your ~.m2/settings.xml

<settings>
  <servers>
    <server>
      <id>ossrh</id>
      <username>jira_username</username>
      <password>jira_password</password>
    </server>
  </servers>
  <profiles>
    <profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <gpg.executable>gpg2</gpg.executable>
        <gpg.passphrase>your_key_passphrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
</settings>

---

6) Update your project pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <parent>
        <groupId>org.sonatype.oss</groupId>
        <artifactId>oss-parent</artifactId>
        <version>9</version>
    </parent>

    <groupId>xxx.xxx</groupId>
    <artifactId>xxx</artifactId>
    <version>0.1</version>

    <distributionManagement>
        <snapshotRepository>
            <id>ossrh</id>
          <url>https://oss.sonatype.org/content/repositories/snapshots</url>
        </snapshotRepository>
        <repository>
            <id>ossrh</id>
            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
        </repository>
    </distributionManagement>
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-source-plugin</artifactId>
                <version>2.2.1</version>
                <executions>
                    <execution>
                        <id>attach-sources</id>
                        <goals>
                            <goal>jar-no-fork</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
                <version>2.9.1</version>
                <executions>
                    <execution>
                        <id>attach-javadocs</id>
                        <goals>
                            <goal>jar</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-gpg-plugin</artifactId>
                <version>1.5</version>
                <executions>
                    <execution>
                        <id>sign-artifacts</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.sonatype.plugins</groupId>
                <artifactId>nexus-staging-maven-plugin</artifactId>
                <version>1.6.7</version>
                <extensions>true</extensions>
                <configuration>
                    <serverId>ossrh</serverId>
                    <nexusUrl>https://oss.sonatype.org/</nexusUrl>
                    <autoReleaseAfterClose>true</autoReleaseAfterClose>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

---

7) Run Maven

Maven will ask you for your passphrase

mvn clean deploy

---

8) Comment your Jira ticket

This will trigger the synchronization with central for your group id.

I have promoted my first release. Thanks.

---

Resources :

OSSRH Guide

Deploy with Maven

PGP Signatures

Answer 2

This answer assumes that you have a maven based project and that it is in a package-able state. mvn package should run without any errors.

When publishing to maven central you'll need to use a group id that would identify all artifacts uploaded by you. Something like in.ksharma. You'll also need to sign your artifacts so that the users are able to verify that they're actually coming from you.

So first go to sonatype jira and create an account, and then create a jira issue to have your group id approved. Something like this.

Now generate a gpg keypair for signing your artifacts:

$ gpg --gen-key

Define this key in ~/.m2/settings.xml:

<profiles>
  <profile>
    <id>sonatype-oss-release</id>
    <properties>
      <gpg.keyname>B63EFB4D</gpg.keyname>
      <gpg.passphrase>****</gpg.passphrase>
      <gpg.defaultKeyring>true</gpg.defaultKeyring>
      <gpg.useagent>true</gpg.useagent>
      <gpg.lockMode>never</gpg.lockMode>
      <gpg.homedir>/home/kshitiz/.gnupg</gpg.homedir>
    </properties>
  </profile>
</profiles>

Modify your project's pom file and append -SNAPSHOT to your version. So 0.0.1-BETA becomes 0.0.1-BETA-SNAPSHOT. Otherwise maven would complain:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.4.2:prepare (default-cli) on project log4j-weblayout: You don't have a SNAPSHOT project in the reactor projects list. -> [Help 1]

Also add:

<parent>
        <groupId>org.sonatype.oss</groupId>
        <artifactId>oss-parent</artifactId>
        <version>9</version>
</parent>

This parent pom provides you with some ready made functionality like configuring the maven-gpg-plugin to sign your JAR.

Now run mvn release:clean release:prepare to generate your artifacts and gpg signature. It will give you something like:

log4j-weblayout-0.0.1-BETA-javadoc.jar.asc
log4j-weblayout-0.0.1-BETA-sources.jar.asc
log4j-weblayout-0.0.1-BETA.pom.asc
log4j-weblayout-0.0.1-BETA.pom
log4j-weblayout-0.0.1-BETA.jar.asc
log4j-weblayout-0.0.1-BETA-javadoc.jar
log4j-weblayout-0.0.1-BETA-sources.jar
log4j-weblayout-0.0.1-BETA.jar

Now package these into a single JAR:

jar -cvf bundle.jar log4j-weblayout-0.0.1-BETA*

Go to Sonatype Nexus and login with your credentials. Go to staging upload and upload your bundle.

Then go to staging repositories section, select your repository and click release (More help here). Comment on the jira issue that you have released the artifact and wait some time.

Now your users can search and use the artifact from the central repository: