Publish JAR To Central Maven

Repository
 Steps to Publish to Central Maven Repository
o Create a Sonatype Account and Claim your Namespace
o Create and Publish PGP Keys
o Prepare Your Project Maven POM File
 Configure POM File for Distribution Management
 Configure POM File for Nexus Staging Plugin
 Configure POM File for Sources
 Configure POM File for JavaDoc
 Configure POM File for Signing JAR Files
 Configure settings.xml
 Publish JAR File
Jakob Jenkov
Last update: 2020-01-25

     

To publish a JAR file with compiled Java classes to the Maven central
repository you need to go through set of steps. This tutorial contains a
checklist of what steps you need to take to be able to publish your Java
project or product to the central Maven repository, along with comments about
what you need to do, plus relevant links.

Publishing a JAR file to the central Maven repository makes that JAR file
available to anyone using Maven to manage dependencies for their Java
project. Thus, the central Maven repository is a handy way for open source
projects to distribute the JAR files for their code. It is also a handy way for
other types of public code to be shared, like an API for a SaaS or cloud
platform. That client might not be open source, but it should still be easily and
freely available to its users.

This is not a fully exhaustive manual for publishing to the Maven central
repository, but this tutorial is a good place to start learning about what it takes.
The official manual can be found here: Producers Guide to Publishing to
Central Maven Repository. The official manual, however, is easy to "get lost" in
- meaning you easily lose overview of what step you are at, and how many
steps you need etc. Hopefully the checklist in this tutorial will help you get an
overview and stay on course. Over time I will add more information to this
tutorial, so it will become more and more helpful to you.

This guide is still "work in progress" ! Please be patient ! More information will
follow as I dig it up!

Steps to Publish to Central Maven Repository

To publish JAR files to the central Maven repository there are 3 sets of steps
you must go through. Each of these sets of steps are explained in the
following sections.

Create a Sonatype Account and Claim your Namespace

Before you, or your organization, can publish anything to the central Maven
repository, you will need to go through the following steps:

 Create account at Sonatype

 Claim your product's name space

These steps are a one-time setup process you need to go through.

Create and Publish PGP Keys

All JAR files published to the central Maven repository must be digitally signed
using a PGP private key. To do so, you must create your own PGP private
key / public key pair and publish the public key to a public key server. The
private key you must keep to yourself. You need that to sign all JAR files that
you want to publish to the central Maven repository. The public key is used to
verify the signature by users downloading the JAR files from the central
Maven repository. Creating the PGP key pair and publishing it requires the
following steps:

 Create a PGP private / public key pair to sign your JAR files with
 Publish your key to public key server

The PGP private key will eventually expire. You don't need to "extend" the
private key. You can just create a new and publish to the public key server
when the old one expires. New releases are then signed with this new key
pair.

You can find more information about creating and publishing a public key /
priate key pair from the Sonatype producers
page: https://central.sonatype.org/pages/producers.html . It can be a bit
challenging to get it to work on windows, because Windows PGP shows a bit
different output and behaves a little bit different than the examples shown in
the official documentation. But keep searching around on the web, and you
will eventually get it to work. I know I did.

Prepare Your Project Maven POM File

For each Java project you want to publish the JAR files of to the central
Maven repository, you need to go through the following set of POM file
configuration steps:

 Configure POM file with project coordinates

 Configure POM file with project name
 Configure POM file with project description
 Configure POM file with project URL
 Configure POM file with project license
 Configure POM file with project developers
 Configure POM file with project distribution management

Steps for the project POM - plugins:

 Configure POM file for Nexus staging plugin

 Configure POM file for Sources
 Configure POM file for JavaDoc
 Configure POM file for Signing

For a full POM file, check out the pom.xml in this github repository: RION Ops
for Java GitHub Repository

Steps for your Maven settings.xml file:

 Configure Sonatype account login

 Configure PGP key used to sign JAR files

Configure POM File for Distribution Management

<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>

<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>

Configure POM File for Nexus Staging Plugin

<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>

Configure POM File for Sources

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>

Configure POM File for JavaDoc

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
 <execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>

Configure POM File for Signing JAR Files

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>

Configure settings.xml
<settings>

<localRepository>/maven-repo</localRepository>

<servers>
<server>
<id>ossrh</id>
<username>username</username>
<password>password</password>
</server>
</servers>

<profiles>
<profile>
<id>ossrh</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg2</gpg.executable>
<gpg.passphrase>passphrase</gpg.passphrase>
</properties>
 </profile>
</profiles>

</settings>

Publish JAR File

Once you have completed all of the above steps you are ready to release your
JAR file. You do so via this Maven command:

mvn clean deploy

That's it! During the execution of this command you might be asked for the
password for your PGP private key. At least, I am asked for that when running
this (on Windows). Then I just type in my password and hit enter, and Maven
continues the release and publication process.