GitHub Open source Java project (disconf) upload to Maven central Repository method detailed description

I recently made an open source project disconf:distributed configuration Management Platform (distributed configuration Management Platform), simply, is the platform system that manages the configuration files for all business platform systems. For a more detailed introduction, see the Project homepage.

The project is written in Java, Maven managed, then, naturally, the entire project should be exposed to the user using the Maven warehouse Pom method. So I've been tossing maven central Repository for the two days.

This article uses the Sonatype Nexus as the agent repository. That means posting the software here, and then they'll sync to Maven's central repository, which seems to be the simplest and most effective way to do it now. Sonatype uses Nexus to provide managed services for open source projects. You can either publish the snapshot (snapshot) or the stable version (release) to the MAVEN central repository. We just need to register a sonatype Jira account, create a Jira ticket, and then configure the Pom file slightly.

Introduction to the project structure of disconf

disconf    - disconf-client    - disconf-core    - disconf-web    - disconf-demos

I'm going to push Disconf-core and disconf-client to Maven's central repository because these two packages are needed by the programming user. The Disconf-web compilation result is a war package and therefore will not be pushed to Maven's central repository.

The push process of the Disconf-core package is carefully described below.

0th step: Connect your computer to GitHub

The contents of the id_rsa.pub generated by Ssh-key are placed in the https://github.com/settings/ssh.

First step: Modify the Disconf-core pom file

It should include at least the following tags:

See also: Https://github.com/knightliao/disconf/blob/master/disconf-core/pom.xml

  <modelVersion>4.0.0</modelVersion><artifactId>disconf-core</artifactId>< Packaging>jar</packaging><version>2.3-snapshot</version><name>disconf-core</name ><parent> <groupId>com.baidu.disconf</groupId> <artifactid>disconf-base</ Artifactid> <version>2.1</version> <relativepath> ... /</relativepath></parent><url>https://github.com/knightliao/disconf/tree/master/disconf-core </url><description>https://github.com/knightliao/disconf/tree/master/disconf-core</description ><organization> <name>Baidu</name> <url>http://www.baidu.com</url></ Organization><scm> <url>scm:git:[email protected]:knightliao/disconf</url> < Connection>scm:git:[email protected]:knightliao/disconf</connection> <tag>disconf-core</ Tag></scm>  

The following sets a profile for it, named release, which means to publish to the Central Library. There are two libraries, one snapshots, and the other is the official publishing library.

In addition, the central repository requires source and doc, so add two plugin.

<profiles> <profile> <id>release</id> <distributionManagement> & Lt;snapshotrepository> <id>nexus-release</id> <url>https://oss.sonatype                .org/content/repositories/snapshots/</url> </snapshotRepository> <repository> <id>nexus-release</id> &LT;URL&GT;HTTPS://OSS.SONATYPE.ORG/SERVICE/LOCAL/STAGING/DEP            loy/maven2/</url> </repository> </distributionManagement> <build> <plugins> <!--Source--<plugin> <groupid>o                    Rg.apache.maven.plugins</groupid> <artifactId>maven-source-plugin</artifactId> <version>2.2.1</version> <executions> <executi                  On>          <phase>package</phase> <goals> <g                    Oal>jar-no-fork</goal> </goals> </execution> </executions> </plugin> <!--Javadoc-<p Lugin> <groupId>org.apache.maven.plugins</groupId> <artifactId> Maven-javadoc-plugin</artifactid> <version>2.9.1</version> <exe                            Cutions> <execution> <phase>package</phase> <goals> <goal>jar</goal> & lt;/goals> </execution> </executions> </plugin&                Gt <pLugin> <groupId>org.apache.maven.plugins</groupId> <artifactId> Maven-gpg-plugin</artifactid> <version>1.5</version> <execution                            S> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> &                    Lt;goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> </build> </pro File></profiles>

Step Two: Modify the disconf pom file

Disconf Pom is the parent pom of disconf-core.

See also: Https://github.com/knightliao/disconf/blob/master/pom.xml

It should include at least the following tags:

<developers>    <developer>        <name>Liao Qiqi</name>        <id>knightliao</id>        <email>liaoqiqi (AT) baidu.com</email>        <roles>            <role>Developer</role>        </roles>        <timezone>+8</timezone>    </developer>    <developer>        <name>Wu Ning</name>        <id>wuning</id>        <email>wuning01 (AT) baidu.com</email>        <roles>            <role>Developer</role>        </roles>        <timezone>+8</timezone>    </developer></developers>

Step three: Prepare the GPG tools.

After we have generated a good jar package locally, to upload to the Central Library, in order to ensure that the upload process data check is right, Sonatype requires us to use GPG for data validation.

gpg --gen-key

Enter 1 when prompted as follows:

Enter the number of digits of the desired key after the following prompt, and if there is no special need, the direct return can also be:

You will then be asked for the validity period of the key, which is 0 by default, which means never expire:

Then enter Y and return to confirm permanent validity. You will then receive the following prompt asking for your real name:

According to the prompt to enter the name, mailbox and notes, and then prompted to enter the password used to protect the key (passphrase), if you do not need a password to enter directly, if you entered a password then be sure to remember that the password will be used later. Next, you will be asked to enter some random characters, you can click on the keyboard letters and symbols, but do not press ENTER.

Note that here the name and mailbox, password three things to remember.

The message will appear after the build succeeds:

public and secret key created and signed

To view the existing public key, enter:

gpg --list-keys

The output is formatted like this:

[email protected]:~$ gpg --list-keys           gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u/home/knightliao/.gnupg/pubring.gpg-----------------------------------pub   2048R/XX 2014-07-08uid                  用户名 <邮箱>sub   2048R/YY 2014-07-08

Here, by the way, if you have more than one key, you want to delete one of these keys by:

gpg --delete-keys XX

After the key has been generated, we need to upload the public key to the server according to Sonatype requirements. Input:

gpg --keyserver <a href="http://hkp://pool.sks-keyservers.net">hkp://pool.sks-keyservers.net</a> --send-keys XX

This server address is sonatype and therefore does not need to be modified.

Verify that:

gpg --keyserver <a href="http://hkp://pool.sks-keyservers.net">hkp://pool.sks-keyservers.net</a> --recv-keys C67A5D26

If you print the following, the upload is successful:

gpg: requesting key C67A5D26 from hkp server <a href="http://pool.sks-keyservers.net">pool.sks-keyservers.net</a>gpg: key C67A5D26: "用户名 <邮箱>" not changedgpg: Total number processed: 1gpg:              unchanged: 1

Fourth Step: Register Sonatype

It's going to be like Sonatype filing. First, you need to apply for their Jira account here. After you get your account, submit an application ticket here. Click Create issue, Project to select Support-open Source project Repository hosting,issue type select New Project. Again: GroupID is very important, or use the domain name that you own. Either use the project-managed sub-domain name, such as Com.github.username. In order to save time, if you use the domain name you own, then you can write clearly in the description, otherwise customer service may ask, so that a back and forth will require a working day.

An example is: https://issues.sonatype.org/browse/OSSRH-10550

Note that the user name and mailbox must be the user name and mailbox in the third step when registering.

Once the registration is successful, they will send you an email and then you can log in here to view: https://oss.sonatype.org/

Fifth step: Modify the local maven Settings.xml

Populate here with the user name and password that you registered with the previous step:

Nexus-release User name password

Here the ID to and Pom.xml file inside the repository ID corresponding, user name and password is sonatype jira account number and password.

Sixth step: compiling the local code

Go to the disconf root directory and execute mvn clean install

And then

cd disconf-coremvn clean install

If there is no problem, the instructions are ready to be uploaded.

One of the seventh steps: Upload snapshot version code

If your project is snapshot, you can upload it using this step, which is uploaded to Https://oss.sonatype.org/content/repositories/snapshots

First of all, to make sure that the entire directory of the project does not have local uncommitted modifications, it is best to pull it once to ensure that there are no conflicts in the subsequent steps. Then run:

mvn release:prepare

MVN Release:prepare does the following:

1. Checks that your local source code does not has any modifications
2. Writes a release.properties file with details of what's it is doing
3. Modifies the Pom.xml to the release versions
4. Does a build as far as "package" in order to assure itself that it ' s changes has not broken the build
5. Commits the modified Pom.xml files to SCM
6. Tags the Trunk
7. Modifies the pom.xml to the next snapshot version
8. Commits the modified Pom.xml files to SCM

If the command runs smoothly, this step is done. If there is a problem in the middle, you can run the command again after fixing the problem, and if you want more detailed information, you can run:

mvn release:prepare -X

If you do not want to start from the end of the place, but want to start again, you can enter:

mvn release:prepare -Dresume=false

If you want to roll back,

mvn release:rollback

If this step succeeds, it is uploaded to Https://oss.sonatype.org/content/repositories/snapshots here.

Seventh Step Two: Upload non-snapshot version code

Snapshot generally represents a bug version, and online code is generally not used, so the non-snapshot version of the package is what we really need.

Do not perform "one of the seventh steps" to perform:

mvn clean deploy -P release -Dgpg.passphrase=第三步中的密码

MVN Release:perform does the following

1. Checks out the tagged release to target/checkout
2. Forks a "mvn deploy Site-deploy"
3. Removes the Release.properties file

Note: mvn clean deploy-p release-dgpg.passphrase= The password in step three, if your version is a snapshot, upload the snapshot, and if it is non-snapshot, Maven will upload it based on the module's version number ( The version in the Pom file) with-snapshot to determine whether it is a snapshot or an official version.

Release build

Enter https://oss.sonatype.org and landing, there will be a staging on the left repositories click to enter, in the right panel to find your widget, the status should be open, you want to set it to closed, click the Close button above

Then the system will automatically verify the validity, if your group ID and pom.xml No errors, the status will automatically become closed, if there is a problem, you will be prompted there is a problem, add a problem you can click the drop button to delete the widget, modify and then re-execute step 7.

Next you need to click the release button to publish your widget.

Notify workers in issue

Then go back to Jira your issue, write a comment, I wrote component has been successfully. Tell the staff that I have finished publishing and wait for them to review. After the audit, we can search our widget in the Central Library! The search address is: http://search.maven.org/

Best Practices for uploading

1. Get your computer connected to GitHub first
2. Download it under git clone code
3. Execute mvn clean Install on local code to solve the problem of compiling the code itself
4. Prepare the GPG tool.
5. Application for registration Sonatype
6. For the snapshot version, the MVN release:prepare is executed, and once an error is found, mvn release:rollback needs to be performed, and when the project is finished, MVN Release:clean
7. For release version, the password in the third step of mvn clean deploy-p release-dgpg.passphrase= is executed.

Some of the problems encountered

Return code is:401, reasonphrase:unauthorized. Release:perform

This is because your configuration in Maven's settings.xml does not correspond to the Disconf-core pom.xml configuration. It is possible that the ID does not match.

Maven Error: "You don't have a SNAPSHOT project in the reactor projects list."

If the version of the project is not snapshot and you are uploading using one of the seventh steps, this error will be reported.

I am getting permgen size error in Jenkins how to increase

Upload in Sonatype interface

I tried to compile it locally into a jar package and then upload it in the interface. Practice proves that this method is not advisable. Because the signature verification does not pass.

GitHub Open source Java project (disconf) upload to Maven central Repository method detailed description