准备阶段
namespace 域名认证
当需要在 sonatype 认证 com.xxx命名空间时,需要将 @.xxx.com 配置域名解析。
记录类型:TXT
文本内容:验证的 key。
GPG 公私钥生成
GPG 下载地址:https://www.gnupg.org/download/index.html
Mac 可以使用 brew install gpg直接安装
使用方式可参考:
- https://central.sonatype.org/publish/requirements/gpg/
- https://www.jianshu.com/p/7f19ceacf57c
生成证书
$ gpg --gen-key
查询证书
$ gpg --list-keys
gpg: 正在检查信任度数据库
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: 深度:0 有效性: 1 已签名: 0 信任度:0-,0q,0n,0m,0f,1u
gpg: 下次信任度数据库检查将于 2027-04-06 进行
[keyboxd]
---------
pub ed25519 2024-04-06 [SC] [有效至:2027-04-06]
ABC
uid [ 绝对 ] xxx <xxx@163.com>
sub cv25519 2024-04-06 [E] [有效至:2027-04-06]上传公钥到公钥管理服务器
$ gpg --keyserver keyserver.ubuntu.com --send-keys ABC
gpg: 正在发送密钥 ABC 到 hkp://keyserver.ubuntu.com
如果报错 gpg: keyserver send failed: No route to host可以参考该文章上传公钥:https://vayne.cc/2022/03/13/gpg/
推送阶段
pom.xml 文件配置
配置 url
<url>https://github.com/xxx/yyy</url>配置 license
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>配置 issueManagement
<issueManagement>
<system>github</system>
<url>https://github.com/xxx/yyy/issues</url>
</issueManagement>配置 SCM
<scm>
<connection>scm:git:https://github.com/xxx/yyy.git</connection>
<developerConnection>scm:git:https://github.com/xxx/yyy.git</developerConnection>
<url>https://github.com/xxx/yyy</url>
</scm>配置开发者信息
<developers>
<developer>
<name>xxx</name>
<email>xxx@zzz.com</email>
<url>https://github.com/xxx</url>
</developer>
</developers>通用插件配置
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>flatten-maven-plugin</artifactId>
<version>1.5.0</version>
<configuration>
<updatePomFile>true</updatePomFile>
<flattenMode>oss</flattenMode>
</configuration>
<executions>
<execution>
<id>flatten</id>
<phase>process-resources</phase>
<goals>
<goal>flatten</goal>
</goals>
</execution>
<execution>
<id>flatten.clean</id>
<phase>clean</phase>
<goals>
<goal>clean</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- 不上传源代码,删除该插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.1.0</version>
<inherited>true</inherited>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<excludeResources>true</excludeResources>
<useDefaultExcludes>true</useDefaultExcludes>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.1.0</version>
<inherited>true</inherited>
<executions>
<execution>
<id>bundle-sources</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<maxmemory>1024</maxmemory>
<encoding>UTF-8</encoding>
<show>protected</show>
<notree>true</notree>
<!-- Avoid running into Java 8's very restrictive doclint issues -->
<failOnError>false</failOnError>
<doclint>none</doclint>
</configuration>
</plugin>
</plugins>
</build>
Maven 上传插件配置
<profiles>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<gpgArguments>
<!--表示密码直接输入,不需要弹出密码框-->
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</plugin>
<!-- 配置方式:https://central.sonatype.org/publish/publish-portal-maven/#deploymentname -->
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
<version>0.4.0</version>
<extensions>true</extensions>
<configuration>
<publishingServerId>central</publishingServerId>
<tokenAuth>true</tokenAuth>
<autoPublish>true</autoPublish>
<excludeArtifacts>
<excludeArtifact>xxx-yyy</excludeArtifact>
</excludeArtifacts>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>settings.xml 文件配置
<servers>
<server>
<id>central</id>
<username>xxx</username>
<password>yyy</password>
</server>
</servers>
<profiles>
<profile>
<id>gpg</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.keyname>xxx@zzz.com</gpg.keyname>
<gpg.passphrase>passphrase</gpg.passphrase>
<gpg.useagent>true</gpg.useagent>
</properties>
</profile>
</profiles>执行构建并上传
$ mvn clean deploy -Prelease 上传结果
报错参考
- Javadocs must be provided but not found in entries:需要提供 Javadoc
- License information is missing:需要提供 license 信息
- Project URL is not defined:需要定义项目 URL 信息
- SCM URL is not defined:需要定义 SCM 信息
- version cannot be a SNAPSHOT:Maven 中央仓库不支持推送快照版本
参考文档
- https://central.sonatype.org/publish/publish-portal-maven/
- https://central.sonatype.org/publish/requirements/gpg/
- https://www.gnupg.org/download/index.html
- https://www.jianshu.com/p/7f19ceacf57c
分享并记录所学所见
