How to release a Scala library to Maven Central using sbt?

Question

I have an open source Scala project using SBT and I would like to release my library to Maven. How do I do it?

pathikrit · Accepted Answer · 2020-05-15T14:59:13.583

I always forget how to do this. So here are my notes:

Once in your life:

Create Sonatype account

For every new developer machine:

Install gpg e.g. on OSX: brew install gpg
Run gpg --gen-key to generate a new key. Remember the passphrase and email you used.

Make sure you see it when you list your secret keys:

> gpg --list-secret-keys
~/.gnupg/pubring.kbx
-----------------------------------
sec   rsa2048 2019-06-13 [SC] [expires: 2021-06-12]
      F5003E5C4718B1F466B244F766AA02EC8AA60DB9
uid   [ultimate] Pathikrit Bhowmick <pathikritbhowmick@msn.com>
ssb   rsa2048 2019-06-13 [E] [expires: 2021-06-12]

Publish your key:

> gpg --keyserver hkp://pool.sks-keyservers.net --send-keys F5003E5C4718B1F466B244F766AA02EC8AA60DB9

gpg: sending key 66AA02EC8AA60DB9 to hkp://pool.sks-keyservers.net

You can also publish your key manually by copy the key

  > gpg --armor --export F5003E5C4718B1F466B244F766AA02EC8AA60DB9

And submitting it here http://keyserver.ubuntu.com:11371/

Verify that key got published by searching gnupg.net or keyserver.net. This may take up to a day to show up

Add default-key to your gpg.conf:

> cat ~/.gnupg/gpg.conf
default-key F5003E5C4718B1F466B244F766AA02EC8AA60DB9

Append following to this file (~/.sbt/${SBT_VERSION}/sonatype.sbt):

credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", "<your username>", "<your password>")

For each new project:

Create new JIRA issue using your Sonatype account to request new repo
Wait till above issue is resolved

Add sbt-pgp, sbt-release and sbt-sonatype as a plugin to your project. Here is an example plugins.sbt:

addSbtPlugin("com.github.gseitz"  %   "sbt-release"             % "1.0.0")
addSbtPlugin("com.jsuereth"       %   "sbt-pgp"                 % "1.0.0")
addSbtPlugin("org.xerial.sbt"     %   "sbt-sonatype"            % "0.5.1")

Here is an example build.sbt that I use for multi-projects.

For each new release:

You may have to do export GPG_TTY=$(tty) to let gpg do password prompt in command line like below:
sbt +release (will prompt for passphrase that you created for gpg)
1. Note: The +release cross releases across your specified crossScalaVersions. If you have pushChanges enabled in your build to push your commit to git remote, make sure you do pushChanges once only on the last crossVersion.
View artifact on Sonatype (the snapshot versions are here). If you cannot see it there you can double check the Nexus Repository Manager
Wait few hours for it to propagate to Maven Central

Starting Over

Sometime release may fail midway and your repository might be stuck in staging. You then have to go to https://oss.sonatype.org > Login > Staging Repositories > Find your repo > Click Drop e.g.

I'm trying to `sbt>module/publishSigned`. It throws the error: `[error] gpg: [don't know]: invalid packet (ctb=2d) [error] gpg: keydb_search failed: Invalid packet [error] gpg: no default secret key: Invalid packet [error] gpg: signing failed: Invalid packet` Do you know how to fix that? — Alexander Myltsev, May 24 '18 at 08:45
Do we need to run sbt publishSigned after sbt +release or not? — Pranjut, Sep 02 '18 at 10:42
@Pranjut: No you don't if you have configured the `release` task like I have — pathikrit, Sep 09 '18 at 07:01
Also, Maven Central will stop supporting `com.github.*` from April 2021, the alternative is to use `io.github.*` https://central.sonatype.org/changelog/#2021-04-01-comgithub-is-not-supported-anymore-as-a-valid-coordinate — julian-alarcon, Apr 13 '21 at 17:49
By the way, here the official sbt documention for uploading jars to Maven Central -> https://www.scala-sbt.org/release/docs/Using-Sonatype.html — Carlos Saltos, Jul 22 '21 at 15:31