1注册sonatype账号
官方网站:http://www.sonatype.org/
注册地址是 https://issues.sonatype.org/secure/Signup!default.jspa 注册
工单创建
1> 访问sonatype并注册账号 https://issues.sonatype.org ,注意要记住账号密码,会用于我们后续的发布及相关操作
2> 如图新建一个issue,项目需要选择 Community Support - Open Source Project Repository Hosting
参考下图填写概要、Group Id、项目地址、代码管理地址,填写后点击确认提交。网上很多都说需要几个小时或者隔天才有回复,我当时等了10分钟就收到回复了。此时,对方跟你说两件事情:
【提醒】确保 group id对应的域名是你的,最好直接按它的提示使用com.github.urname,如果你有自己的官网也可以直接使用你的网址(后面会要求你做验证)
【校验】比如我是的项目地址是github上的,它会让你再github创建一个它要求的项目
这里直接使用别人的图,我提交时没有截图。
如果你上面的创建完成提交后,不符合他们的要求会被设置为Unresolved,你可以重复修改相关配置信息,再次提交让他们处理。
直到官方回复你的内容如下为止,提示你可以发布自己的artifacts 到他们指定的仓库了
com.github.bamboo-cn has been prepared, now user(s) bamboo,bamboo.cn can:
Deploy snapshot artifacts into repository https://oss.sonatype.org/content/repositories/snapshots
Deploy release artifacts into the staging repository https://oss.sonatype.org/service/local/staging/deploy/maven2
Release staged artifacts into repository 'Releases'
please comment on this ticket when you promoted your first release, thanks
GPG安装和生成密钥
PGP(Pretty Good Privacy):是一个加密程序,被广泛用于对文件和邮件进行加密。
中央仓库为了源码安全性,要求对上传的文件进行签名,防止其他地方下载的文件被篡改,作为用户鉴别是否是官方文件的凭证。
windows用户到去下载Gpg4win-Vanilla版来使用,linux的直接安装gpg软件包就行
http://www.gpg4win.org/download.html
安装完成可以启动命令行
C:\Users\Administrator>gpg --gen-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: bamboo
Email address: zjcjava@163.com
You selected this USER-ID:
"bamboo <zjcjava@163.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
输入你的姓名,邮箱,选择字母O创建永久有效的key,然后提示你输入密码,这个密码不要太过私人,因为你可能需要配置到某些文件里面,建议好记又不是私人账户之类使用的秘密。这样即便是别人看到了也不会影响你其他网站或者app密码安全。
创建成功,它会把你的私钥保存起来,这里我们只关注公钥key83BBA674AB2387D3
generator a better chance to gain enough entropy.
gpg: key 83BBA674AB2387D3 marked as ultimately trusted
gpg: revocation certificate stored as 'C:/Users/Administrator/AppData/Roaming/gnupg/openpgp-revocs.d\E36DAEAB6F8207AA5ECF861083BBA674AB2387D3.rev'
public and secret key created and signed.
pub rsa2048 2020-01-07 [SC] [expires: 2022-01-06]
E36DAEAB6F8207AA5ECF861083BBA674AB2387D3
uid zhanghanlong <zjcjava@163.com>
sub rsa2048 2020-01-07 [E] [expires: 2022-01-06]
上传公钥证书到服务器,其他人做鉴别的时候就是使用这个公钥对比文件的签名是否匹配(中央仓库每次都会对比你上传的文件签名,所以必须上传否则会列出异常)
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 83BBA674AB2387D3
gpg: sending key 83BBA674AB2387D3 to hkp://pool.sks-keyservers.net
设置mavn和pom
全局配置存在于 𝐻𝑂𝑀𝐸/.𝑚2/𝑠𝑒𝑡𝑡𝑖𝑛𝑔.𝑥𝑚𝑙
servers标签里面添加你注册中央仓库的账号密码,ID必须和POM中的distributionManagement设置相同
<server>
<id>ossrh</id>
<username>bamboo.cn</username>
<password>你的密码</password>
</server>
pom设置
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.bamboo-cn</groupId>
<artifactId>jt-common-core</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<name>jt-common-core</name>
<url>http://maven.apache.org</url>
<!-- spring web ke用 -->
<licenses>
<license>
<name>The MIT License</name>
<url>https://github.com/fuzhutech/fuzhutech-ueditor/blob/master/LICENSE</url>
</license>
</licenses>
<developers>
<developer>
<name>Bamboo</name>
<email>zjcjava@126.com</email>
<organization>https://gitee.com/purslane;https://github.com/bamboo-cn</organization>
<url>https://blog.csdn.net/zjcjava</url>
</developer>
</developers>
<scm>
<connection>scm:git:https://github.com/bamboo-cn/jt-common-core.git</connection>
<developerConnection>scm:git:https://github.com/bamboo-cn/jt-common-core.git</developerConnection>
<url>https://github.com/bamboo-cn/jt-common-core</url>
</scm>
<parent>
<groupId>org.sonatype.oss</groupId>
<artifactId>oss-parent</artifactId>
<version>7</version>
</parent>
<distributionManagement>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<properties>
<spring.boot.version>2.1.5.RELEASE</spring.boot.version>
</properties>
<dependencies>
</dependencies>
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<includes>
<include>**/*.properties</include>
<include>**/*.xml</include>
<include>**/*.factories</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.properties</include>
<include>**/*.xml</include>
</includes>
<filtering>false</filtering>
</resource>
</resources>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<profiles>
<profile>
<id>release</id>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.10.4</version>
<configuration>
<aggregate>true</aggregate>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
<configuration> <!-- add this to disable checking -->
<additionalparam>-Xdoclint:none</additionalparam>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
以上内容对应修改你的developers,scm其他可以保留即可
发布操作
运行部署项目到中央仓库
mvn clean deploy -P release -Dgpg.passphrase=你的GPG密码
.......
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/github/bamboo-cn/jt-common-core/1.0.0/jt-common-core-1.0.0.jar
Progress (1): 123 kB
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
第一次运行可能会弹出密码框,后面就不会再弹出了,打包完成后,它会自动上传到你的sonatype账号下
登录https://oss.sonatype.org,然后选择staging Repositories,就可以看到你的部署
其中第3步,如果你提交的内容没有包含签名和apidoc,source文件,签名鉴别不成功都会在这里显示出来,你可以处理后重新打包上传,直到如图没有一个警告为止
最后第4步close后才可以点击Releases发布到仓库中
有问题则会出现红色提示的小齿轮,需要你进行修复
查看仓库中的maven
在welcome中搜索你的项目名称
查询结果如下,这样你就可以直接使用这个maven依赖到你的项目了