Hello World

吞风吻雨葬落日 欺山赶海踏雪径

0%

2024发布jar包到maven中央仓库

发表于 更新于 分类于

2024年3月12日起所有的注册通过中央仓库官网,使用新的流程发布。这次过程中踩坑不少,这里做个记录。

注册账号创建项目

官网地址: https://central.sonatype.com/
注册账号之后需要创建Namespace,有单独域名的话需要设置一条 DNS Text Record 设置完等一会有回自动验证成功。

注意:这里的NamespaceGroupId 是必须一样的,否则后续部署上传会失败。

创建好 Namespace 之后,在 View Account 中生成一下 Generate User Token ,这个是上传组件的凭证。

1
2
3
4
5
<server>
    <id>自己指定名称</id>
    <username>xxx</username>
    <password>xxx</password>
</server>

以上配置需要在~/.m2/settings.xml中,后续central-publishing-maven-plugin部署插件会使用到。

发布组件

发布组件需要很多前置准备,建议参见详细的官方文档: https://central.sonatype.org/publish/requirements/#publishing-your-components

上传组件的内容需要包含

1
2
3
4
example-application-1.4.7.pom
example-application-1.4.7.jar
example-application-1.4.7-sources.jar
example-application-1.4.7-javadoc.jar

同时还需要各自文件的签名文件,这里使用GPG

GPG的安装

1
brew install gnupg

查看一下版本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
~ gpg --version

gpg (GnuPG) 2.4.5
libgcrypt 1.10.3
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/xxx/.gnupg
支持的算法:
公钥: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
密文: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
散列: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
压缩:  不压缩, ZIP, ZLIB, BZIP2

生成密钥

1
gpg --gen-key

这里填写姓名邮箱地址

发送公钥到--keyserver 

1
gpg --keyserver keyserver.ubuntu.com --send-keys xxx

这里上传到了Ubuntukeyserver,所有的keyserver 服务器都会自动同步,发布到一个就可以了。

配置pom

maven 中心仓库要求必须有源码与javadoc文件,所以需要配置很多插件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<plugins>
    <!--   central发布插件    -->
    <plugin>
        <groupId>org.sonatype.central</groupId>
        <artifactId>central-publishing-maven-plugin</artifactId>
        <version>0.4.0</version>
        <extensions>true</extensions>
        <configuration>
            <publishingServerId>sonatype-nexus</publishingServerId>
            <tokenAuth>true</tokenAuth>
        </configuration>
    </plugin>

    <!-- 编译插件 -->
    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.5.1</version>
        <configuration>
            <source>1.8</source>
            <target>1.8</target>
            <encoding>UTF-8</encoding>
        </configuration>
    </plugin>
    <!-- 源码插件 -->
    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-source-plugin</artifactId>
        <version>3.2.1</version>
        <executions>
            <execution>
                <id>attach-sources</id>
                <goals>
                    <goal>jar</goal>
                </goals>
            </execution>
        </executions>
    </plugin>
    <!-- javadoc插件 -->
    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-javadoc-plugin</artifactId>
        <version>2.9.1</version>
        <configuration>
            <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
        </configuration>
        <executions>
            <execution>
                <id>attach-javadocs</id>
                <goals>
                    <goal>jar</goal>
                </goals>
            </execution>
        </executions>
    </plugin>

    <!-- gpg -->
    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-gpg-plugin</artifactId>
        <version>1.6</version>
        <executions>
            <execution>
                <id>sign-artifacts</id>
                <phase>verify</phase>
                <goals>
                    <goal>sign</goal>
                </goals>
            </execution>
        </executions>
    </plugin>
</plugins>

可以使用mvn package 查看打包内容,使用 mvn verify 查看文件签名。

mac电脑执行 maven-java-javadoc-plugin 插件的时候可能会报错: 找不到javadoc可执行文件,需要增加配置:

1
2
3
<configuration>
    <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
</configuration>

我用的是jdk 1.8 版本,${java.home} 指向的是 JRE 目录,不存在javadoc 文件,这里简单直接复制了一份 JDK 目录下的可执行文件。

还有一点需要注意gpg 执行需要输入密码,但是因为打包终端无法弹出密码输入框,所以会失败。解决方案如下:
/.gnupg 目录下新建 gpg.conf 文件,内容如下

1
2
use-agent
pinentry-mode loopback

gpg-agent.conf文件:

1
allow-loopback-pinentry

以上配置如果都正确,应该就可以成功打包上传了,但是第一次上传的组件需要在后台手动点击publish 执行发布。

完整配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>xxx</groupId>
    <artifactId>xxx</artifactId>
    <version>0.0.1</version>
    <packaging>jar</packaging>
    <name>xxx</name>
    <description>xxx</description>
    <url>xxx</url>

    <licenses>
        <license>
            <name>MIT License</name>
            <url>http://www.opensource.org/licenses/mit-license.php</url>
        </license>
    </licenses>

    <developers>
        <developer>
            <name>xxx</name>
            <email>xxx@xxx.com</email>
            <roles>
                <role>Developer</role>
            </roles>
            <organization>xxx</organization>
        </developer>
    </developers>

    <scm>
        <connection>scm:git:http://not.for.public/private.git</connection>
        <developerConnection>scm:git:http://not.for.public/private.git</developerConnection>
        <url>scm:git:http://not.for.public/private.git</url>
    </scm>

    <distributionManagement>
        <snapshotRepository>
            <id>sonatype-nexus</id>
            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
        </snapshotRepository>
        <repository>
            <id>sonatype-nexus</id>
            <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
        </repository>
    </distributionManagement>


    <dependencies>
    </dependencies>

    <build>
        <plugins>
            <!--   central发布插件    -->
            <plugin>
                <groupId>org.sonatype.central</groupId>
                <artifactId>central-publishing-maven-plugin</artifactId>
                <version>0.4.0</version>
                <extensions>true</extensions>
                <configuration>
                    <publishingServerId>sonatype-nexus</publishingServerId>
                    <tokenAuth>true</tokenAuth>
                </configuration>
            </plugin>

            <!-- 编译插件 -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.5.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
            <!-- 源码插件 -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-source-plugin</artifactId>
                <version>3.2.1</version>
                <executions>
                    <execution>
                        <id>attach-sources</id>
                        <goals>
                            <goal>jar</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <!-- javadoc插件 -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
                <version>2.9.1</version>
                <configuration>
                    <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
                </configuration>
                <executions>
                    <execution>
                        <id>attach-javadocs</id>
                        <goals>
                            <goal>jar</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>

            <!-- gpg -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-gpg-plugin</artifactId>
                <version>1.6</version>
                <executions>
                    <execution>
                        <id>sign-artifacts</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

参考

mac gpg: 签名时失败
如何发布jar包到maven中央仓库