| Software | Version |
|---|---|
| Gradle | 7.4.2 |
| GnuPG | 2.4.0 |
Upload your code to a VCS like github.
Your project will have a custom package path - example given "com.yourwebsite.yourapp".
This must be claimed in the maven central repository.
During this process, a member of Sonatype will create an account on the nexus for you.
The url to the nexus is e.g. "https://s01.oss.sonatype.org/".
| Topic | Value |
|---|---|
| Projekt | Community Support - Open Source Project Repository Hosting |
| Type | New Project |
| Summary | Global/Central open source project packages hosting |
| Description | There is need for a library which simplifies abc development |
| Group Id | The group id |
| Project URL | e.g. https://github.com/yourname/yourapp |
| SCM URL | e.g. https://github.com/yourname/yourapp.git |
| Username(s) | Usernames (your username on github) |
| Already synced to central | No |
A bot will guide you through this process. In short:
If your namespace is a website, then you must create a DNS TXT record with your JIRA ticket id.
You can lookup this process in the internet - this is not too hard.
As alternative you can set your namespace to something like this: "io.github.yourgithubusername".
Then you only need to create a temporary public repository with the ticket id as name.
You will be informed per email if everything is ok or if there is a problem.
You need this for signing your code. This is mandatory because if you do not do this, no one can verify, if this code is really your code.
https://www.gnupg.org/download/
Go through the wizard and type in your information:
gpg --full-generate-key
Keytype: RSA and RSA
Keylength: 2048 Bit
Validity: Does not expire (be aware of this!)
This will display your created public key:
gpg --list-keys
pub rsa2048 2023-03-27 [SC]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX12345678 <-(The last 8 characters are your key id)
uid [ ultimativ ] Firstname Lastname [email protected]
sub rsa2048 2023-03-27 [E]
In this step you will be forced to enter a password.
DO NOT FORGET THIS PASSWORD. YOUR KEY WILL BE LOST FOREVER. BACKUP THIS PASSWORD.
Create your private key:
gpg --export-secret-keys 12345678 > "C:\Users\<username>\.gnupg\secring.gpg"
Check if your private key is created:
gpg --list-secret-keys
Do not ignore this step.
You can not recover your keys if they are messed up.
Your key will live in the internet forever.
If this step does not work, try as long as you need until this step works.
Do not go any further without creating a backup.
I recommend during both style of the backup - just for security.
cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/
cp /path/to/backups/*.gpg ~/.gnupg/
Backup the public keys:
gpg --export --export-options backup --output publicKeysBackup.gpg
Backup the private keys:
gpg --export-secret-keys --export-options backup --output privateKeysBackup.gpg
Backup the trust relationship database:
gpg --export-ownertrust > trustBackup.gpg
Import the public keys:
gpg --import publicKeysBackup.gpg
Import the private keys:
gpg --import privateKeysBackup.gpg
Import the trust relationship database:
gpg --import-ownertrust trustBackup.gpg
If this does not work, try this:
gpg --edit-key [email protected]
Enter: trust
Enter: 5
Enter: j/y
Check for correct import:
gpg --list-secret-keys --keyid-format LONG
https://central.sonatype.org/publish/requirements/gpg/#distributing-your-public-key
Publish your key:
gpg --keyserver keyserver.ubuntu.com --send-keys XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX12345678
Check if your key is published:
gpg --keyserver hkp://keyserver.ubuntu.com --search-key '[email protected]'
The global gradle.properties are located in "userHome/.gradle/gradle.properties".
If this file does not exist, then create it.
The project intern gradle wrapper will look into this file too.
Here you can save your password from your key etc. This should not be published. ;)
Please look in the directory "exampleFiles".
Please read the comments in this file.
Please look in the directory "exampleFiles".
Please read the comments in this file.
Execute the gradlew task "publish" to publish to the OSSRH nexus.
Now you need to wait around 5-30 minutes and after that, your uploaded library will appear in the repositories tab
at https://s01.oss.sonatype.org/.
After publishing to the nexus, your library is in the state "open".
You need to set the state to "close" with the "close" button.
Press the "refresh" button, because this seems to be buggy.
Now the "release" button is activated.
Press the "release" button for releasing your library.
Your library will by synced to the maven central repository within 30 minutes.
Please read this articles (annoying, but necessary):
https://central.sonatype.org/publish/release/#locate-and-examine-your-staging-repository
https://central.sonatype.org/publish/publish-guide/#releasing-to-central
If any error occurs, than rerun the task "gradle publish" with "--stacktrace". It will show you hints why.
Check your gpg version with "gpg --version". If your version is >2 and your environment variable "PATH" contains the path to GnuPG (e.g. "C:\Program Files (x86)\gnupg\bin"), then check if there is a file called "gpg2.exe". If not, check if there is a file called "gpg.exe" and rename it to "gpg2.exe".
IMPORTANT: From now on, you need to use "gpg2 --version" in your terminal/command prompt because there is no longer a "gpg.exe"!!!