前言
本文基于官方文档 https://central.sonatype.org/publish/publish-guide/ 编写。
发布步骤:
- 创建账号
- 创建用户 Token
- 创建命名空间
- 配置 GPG
- 配置项目
- 发布。
创建账号步骤如下:
打开官网 https://central.sonatype.com/ 点击右上角的Sign In,然后在打开的登录页直接输入用户名和密码登录,也可以直接选择 Google 或者 Github 关联登录。
2.注册成功之后会提示验证邮箱。
3.打开邮箱,收取邮件,点击Confirm My Account
验证邮箱。
4.在打开的页面中提示邮箱已验证,表示注册成功。
创建用户 Token
1.打开官网 https://central.sonatype.com/ 点击右上角的Sign In,然后在打开的登录页直接输入用户名和密码登录,也可以直接选择 Google 或者 Github 关联登录。
2.点击右上角的账号,在下拉菜单中选择View Account。
3.点击Generate User Token
。
4.然后在弹出来的对话框中点击Ok
,就会生成如下形式的 Token。
<server>
<id>${server}</id>
<username>Z45G4ZZ3</username>
<password>mOigWvzUHBb7qWAWJ22tcyn6v42R5EejxC6hyuan5Skd</password>
</server>
注意这里的id
信息,需要改成你自定义的,后面会用到。然后将上述内容复制到要发布项目使用的settings.xml
文件中,这里将id
值改为central
。
<servers>
<server>
<id>central</id>
<username>Z45G4ZZ3</username>
<password>mOigWvzUHBb7qWAWJ22tcyn6v42R5EejxC6hyuan5Skd</password>
</server>
</servers>
创建命名空间步骤如下:
1.打开官网 https://central.sonatype.com/ 点击右上角的Sign In,然后在打开的登录页直接输入用户名和密码登录,也可以直接选择 Google 或者 Github 关联登录。
2.点击右上角的账号,在下拉菜单中选择View Namespaces。
3.在打开的页面中点击Add Namespace
。
4.在弹出来的对话框中输入自定义的 Namespace。
5.创建成功之后显示 Namespace 是待验证状态,点击Verify Namespace
进行验证。
配置 GPG
-
打开官网https://gnupg.org/download/index.html#sec-1-2下载系统对应的版本并安装。使用
gpg --version
验证是否安装成功。
C:\Users\Administrator>gpg --version
gpg (GnuPG) 2.3.8
libgcrypt 1.10.1
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: C:\Users\Administrator\AppData\Roaming\gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
2.
使用gpg --gen-key命令生成密钥对,过程中会提示输入Real name和Email address(建议输入真实的邮箱,以便以后用于秘钥恢复),输入之后,会弹窗要求你输入密码(注意:每次发布项目都会用到这个密码),然后就会生成密钥对。
下面内容中的5BBA74D9F7E76AAA234ACB337B583099E6B290D8就是生成的公钥,接下来需要把它发送到秘钥服务器,因为其他人需要这个公钥来验证你发布的文件。
C:\Users\Administrator>gpg --gen-key
gpg (GnuPG) 2.3.8; Copyright (C) 2021 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: t1
Email address: t1@test.com
You selected this USER-ID:
"t1 <t1@test.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as 'C:\\Users\\Administrator\\AppData\\Roaming\\gnupg\\openpgp-revocs.d\\5BBA74D9F7E76AAA234ACB337B583099E6B290D8.rev'
public and secret key created and signed.
pub ed25519 2024-08-26 [SC] [expires: 2026-08-26]
5BBA74D9F7E76AAA234ACB337B583099E6B290D8
uid t1 <t1@test.com>
sub cv25519 2024-08-26 [E] [expires: 2026-08-26]
3.使用gpg --keyserver keyserver.ubuntu.com --send-keys <公钥>
命令将公钥发送至服务器,如果出现发送失败的情况,可以选择其他服务器多次重试,总会成功的。
中央服务器支持的GPG密钥服务器有:
- keyserver.ubuntu.com
- keys.openpgp.org
- pgp.mit.edu
# 发送公钥
C:\Users\Administrator>gpg --keyserver keyserver.ubuntu.com --send-keys 5BBA74D9F7E76AAA234ACB337B583099E6B290D8
gpg: sending key 7B583099E6B290D8 to hkp://keyserver.ubuntu.com
# 验证公钥失败
C:\Users\Administrator>gpg --keyserver keyserver.ubuntu.com --recv-keys 5BBA74D9F7E76AAA234ACB337B583099E6B290D8
gpg: keyserver receive failed: No data
# 验证公钥成功
C:\Users\Administrator>gpg --keyserver keyserver.ubuntu.com --recv-keys 5BBA74D9F7E76AAA234ACB337B583099E6B290D8
gpg: key 7B583099E6B290D8: "t1 <t1@test.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
配置项目
以下为一个项目完整的pom.xml
配置示例,你需要根据项目的实际信息做出修改:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>io.github.operationbasic</groupId>
<artifactId>example</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<name>No Bug</name>
<description>desc</description>
<url>https://github.com/740227680/operationBasic</url>
<licenses>
<license>
<name>Apache License, Version 2.0</name>
<url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<scm>
<url>https://github.com/740227680/operationBasic</url>
<connection>scm:git:https://github.com/740227680/operationBasic.git</connection>
<developerConnection>scm:git:https://github.com/740227680/operationBasic.git</developerConnection>
</scm>
<developers>
<developer>
<name>chenwei</name>
<email>740227680@qq.com</email>
</developer>
</developers>
<properties>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.7.5</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- 正确的 Spring Boot Starter -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>5.3.18</version> <!-- 使用适当的版本 -->
</dependency>
</dependencies>
<build>
<plugins>
<!-- Compiler -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
<encoding>${project.build.sourceEncoding}</encoding>
</configuration>
</plugin>
<!-- Source -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Javadoc -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>release</id>
<build>
<plugins>
<!-- GPG -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
<version>0.5.0</version>
<extensions>true</extensions>
<configuration>
<publishingServerId>central</publishingServerId>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
说明:
- groupId:前面步骤认证的 Namespace。
- licenses:项目的许可证信息。
- scm:source control system,源代码管理系统。这部分元素是必需的,如果URL本身不需要是公开的。你可以指定一个公众无法访问的URL,甚至是一个占位符,指出你的SCM URL是私有的,不适合公众访问。
- developers:开发人员信息。
- build:打包的公共插件。
- profiles:定义不同环境的配置,使用id作为标识,可用于执行mvn命令时,选择指定环境。这里定义了release环境用于项目发布,其中central-publishing-maven-plugin是用来发布项目的,其中publishingServerId对应用户Token设置的id。
发布阶段
在Profiles
选中release
,然后依次执行clean
、deploy
命令。展示 出如下页面表示发布成功。
以在别的项目引用
<dependency> <groupId>io.github.operationbasic</groupId> <artifactId>example</artifactId> <version>1.0.0</version> </dependency>