Professional Documents
Culture Documents
Publish JAR To Central Maven Repository
Publish JAR To Central Maven Repository
Repository
Steps to Publish to Central Maven Repository
o Create a Sonatype Account and Claim your Namespace
o Create and Publish PGP Keys
o Prepare Your Project Maven POM File
Configure POM File for Distribution Management
Configure POM File for Nexus Staging Plugin
Configure POM File for Sources
Configure POM File for JavaDoc
Configure POM File for Signing JAR Files
Configure settings.xml
Publish JAR File
Jakob Jenkov
Last update: 2020-01-25
To publish a JAR file with compiled Java classes to the Maven central
repository you need to go through set of steps. This tutorial contains a
checklist of what steps you need to take to be able to publish your Java
project or product to the central Maven repository, along with comments about
what you need to do, plus relevant links.
Publishing a JAR file to the central Maven repository makes that JAR file
available to anyone using Maven to manage dependencies for their Java
project. Thus, the central Maven repository is a handy way for open source
projects to distribute the JAR files for their code. It is also a handy way for
other types of public code to be shared, like an API for a SaaS or cloud
platform. That client might not be open source, but it should still be easily and
freely available to its users.
This is not a fully exhaustive manual for publishing to the Maven central
repository, but this tutorial is a good place to start learning about what it takes.
The official manual can be found here: Producers Guide to Publishing to
Central Maven Repository. The official manual, however, is easy to "get lost" in
- meaning you easily lose overview of what step you are at, and how many
steps you need etc. Hopefully the checklist in this tutorial will help you get an
overview and stay on course. Over time I will add more information to this
tutorial, so it will become more and more helpful to you.
This guide is still "work in progress" ! Please be patient ! More information will
follow as I dig it up!
Before you, or your organization, can publish anything to the central Maven
repository, you will need to go through the following steps:
All JAR files published to the central Maven repository must be digitally signed
using a PGP private key. To do so, you must create your own PGP private
key / public key pair and publish the public key to a public key server. The
private key you must keep to yourself. You need that to sign all JAR files that
you want to publish to the central Maven repository. The public key is used to
verify the signature by users downloading the JAR files from the central
Maven repository. Creating the PGP key pair and publishing it requires the
following steps:
Create a PGP private / public key pair to sign your JAR files with
Publish your key to public key server
The PGP private key will eventually expire. You don't need to "extend" the
private key. You can just create a new and publish to the public key server
when the old one expires. New releases are then signed with this new key
pair.
You can find more information about creating and publishing a public key /
priate key pair from the Sonatype producers
page: https://central.sonatype.org/pages/producers.html . It can be a bit
challenging to get it to work on windows, because Windows PGP shows a bit
different output and behaves a little bit different than the examples shown in
the official documentation. But keep searching around on the web, and you
will eventually get it to work. I know I did.
For each Java project you want to publish the JAR files of to the central
Maven repository, you need to go through the following set of POM file
configuration steps:
For a full POM file, check out the pom.xml in this github repository: RION Ops
for Java GitHub Repository
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
Configure settings.xml
<settings>
<localRepository>/maven-repo</localRepository>
<servers>
<server>
<id>ossrh</id>
<username>username</username>
<password>password</password>
</server>
</servers>
<profiles>
<profile>
<id>ossrh</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg2</gpg.executable>
<gpg.passphrase>passphrase</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>
That's it! During the execution of this command you might be asked for the
password for your PGP private key. At least, I am asked for that when running
this (on Windows). Then I just type in my password and hit enter, and Maven
continues the release and publication process.