将自己开源的Java项目发布到Maven中央仓库中,以便开发人员可以再maven中直接使用,本文将结合开源加密库UopenCryptionKit4Java发布流程为例进行阐述
步骤
1.创建Maven项目
2.创建GitHub仓库,并将项目推送到仓库中
3.中央仓库操作
3.1 注册sonatype账号
3.2 创建issue,并指定git地址
3.3 回复issue
3.4 安装GPG
3.5 生成秘钥
4 maven全局账号配置
5 maven项目配置
6 编译,构建,上传
7 登入仓库手动发布release
Step1.创建Maven项目 (UopenCryptionKit4Java)
创建一个普通maven项目即可,这里不做过多介绍,项目结构如下
Step2.将创建好的项目推送到GitHub中
1)如果没有github账号需要注册一个,注册号账号以后创建一个New Repository, 命名为UopenCryptionKit4Java
2) 将现有的项目推送到远程仓库
git init
git add .
git remote add origin https://github.com/fpleihub/UopenCryptionKit4Java.git
git pull –rebase origin main
git commit -m ‘first’
git push -u origin main
PS:截至20227月github已经让使用token方式进行操作了,账号和密码无法在继续操作仓库,操作路径:
Settings—> Developer settings—>Personal access tokens—Generate new token
将repo相关操作和gist勾选上,点击confirm即可生成token,这个token需要记住,因为只会展示这一次,不记得下次只能重新生成。
Step3.中央仓库操作
3.1 注册sonatype账号
通过https://issues.sonatype.org网站注册账号
3.2 创建issue,并指定git仓库、
点击上图中”新建“按钮,在弹框中填写如下项:
项目(project):Community Support Open
问题类型(issue):New Project
概要:可填写项目名称
描述:输入一段项目描述
GroupId: maven中项目groupid (这里要注意下,个人通过github发布的最好格式是io.github.+github用户名,否则后面会有一大堆麻烦问题,如这里填:io.github.fpleihub)
Project Url: github项目地址 (https://github.com/fpleihub/UopenCryptionKit4Java.git)
SCM URL: 填github地址即可
Username:github用户名 (这里我填自己用户名 fpleihub)
Already Synced to Central: 是否马上同步到仓库,这里选择No
3.3 回复issue
提交过几分钟后马上回有回复,大概内容如下图:
意思是有2点需要验证
1)在github中创建一个空的项目,命名为”OSSRH-82559“
2)需要调整下GroupId(这里是因为开始填的groupid不合法,所以让重新填了)
3)做完以上两步以后,需要回复一下”Bot Central-OSSRH“ 例如:
Hello, I have created a repository called OSSRH-82559, and updated the groupId, the repository link is: https://github.com/fpleihub/OSSRH-82559
thanks!
4)如果验证没什么问题,大概10分钟左右会受到成功的回复和邮件
提示已经创建成功,图中红色框框要记录一下,后面配置maven会使用到,这里相当于给了snapshot和release的发布地址
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
3.4 安装GPG,并生成秘钥
由于jar发布到中央仓库需要GPG工具对上传的数据进行签名,所以这里需要安装GPG
下载地址:https://www.gnupg.org/download/
根据系统类型下载就行,这里我使用mac os为例
安装好GPG后,接下来进行配置
1)打开控制台输入 gpg –gen-key
需要输入 用户名(可以和github保持一致)、email、GPG密码
Real name: fpleihub
Email address: 1553234169@qq.com
You selected this USER-ID:
"fpleihub <1553234169@qq.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /Users/fplei/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/Users/fplei/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/fplei/.gnupg/openpgp-revocs.d/xxxxxx0A57D444EF6881908079ABA6D31AA30FB1.rev'
public and secret key created and signed.
pub ed25519 2022-07-11 [SC] [expires: 2024-07-10]
E524A30A57D444EF6881908079ABA6D31AA30FB1
uid fpleihub <1553234169@qq.com>
sub cv25519 2022-07-11 [E] [expires: 2024-07-10]
2)将秘钥同步到云端
gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys xxxxxx0A57D444EF6881908079ABA6D31AA30FB1
Step4.全局Maven账户配置
4.1 打开maven的setting.xml配置文件,在servers节点添加一个sonatype的账号密码
<server>
<id>ossrh</id>
<username>fpleihub</username>
<password>demo123</password>
</server>
4.2 同时在profiles节点下新增 上面使用gpg创建的秘钥信息
<profile>
<id>gpg</id>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.passphrase>创建gpg时输入的密码</gpg.passphrase>
</properties>
</profile>
Step5.项目Maven配置
主要是修改项目的pom.xml配置
5.1 基本信息,一个不能缺
<!-- 1.基本信息,一个不能缺 -->
<name>UopenCryptionKit4Java</name>
<groupId>io.github.fpleihub</groupId>
<artifactId>UopenCryptionKit4Java</artifactId>
<version>1.0</version>
<packaging>jar</packaging>
<url>https://github.com/fpleihub/UopenCryptionKit4Java.git</url>
<description>Create a unified encryption and decryption class library for use, provide operation interfaces as much as possible, and separate the secret key and encryption call process, so that developers pay more attention to business operations。
</description>
5.2 开源证书
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
5.3 源码仓库信息
<scm>
<connection>scm:git:git@github.com:fpleihub/UopenCryptionKit4Java.git</connection>
<developerConnection>scm:git:git@github.com:fpleihub/UopenCryptionKit4Java.git</developerConnection>
<url>https://github.com/fpleihub/UopenCryptionKit4Java/tree/main</url>
</scm>
5.4 开发人员列表
<developers>
<developer>
<name>fpleihub</name>
<email>1553234169@qq.com</email>
<organization>https://github.com/fpleihub</organization>
<timezone>+8</timezone>
</developer>
</developers>
5.5 上传的仓库地址配置
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
5.6 配置pluginManagement插件
<pluginManagement>
<plugins>
<!-- 6. 上传到sonatype的插件 -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<!-- 这里的id必须要和全局配置中的server一致 -->
<serverId>ossrh</serverId>
<!-- 这个地址,一定要和issue的评论中给出的地址一致! -->
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<!-- 如果希望发布后自动执行close和release操作,此处可以调整为true -->
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
<!-- 7. 上传源码的插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.1.0</version>
<inherited>true</inherited>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<excludeResources>true</excludeResources>
<useDefaultExcludes>true</useDefaultExcludes>
</configuration>
</plugin>
<!-- 8. 生成doc文档的插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.0.0</version>
<inherited>true</inherited>
<executions>
<execution>
<id>bundle-sources</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<maxmemory>1024</maxmemory>
<encoding>UTF-8</encoding>
<show>protected</show>
<notree>true</notree>
<!-- Avoid running into Java 8's very restrictive doclint issues -->
<failOnError>false</failOnError>
<doclint>none</doclint>
</configuration>
</plugin>
<!-- 9. 编译构建maven工程的插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</pluginManagement>
5.7 profiles配置
<profiles>
<profile>
<id>release</id>
<build>
<plugins>
<!-- 11. 生成签名,确定使用那个gpg秘钥 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<!-- 必须和配置中的gpg校验id一致 -->
<id>gpg</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
Step6.编译,构建,上传
确保计算机的全局环境以及配置了JAVA_HOME,M2_HOME 的环境变量
打开控制台,进入项目跟目标 执行 : mvn clean javadoc:jar deploy -P release
过程中可能会报错,一般是mvn执行中找到的jdk是ids内部的,导致生成javadoc失败,这里可以制定下mvn中的JAVA环境,修改mavn/bin 目录下的 mvn.cmd 即可,在文件第一行添加:
set JAVA_HOME=xxxx
出现如下图表示构建并上传到仓库成功了
Step7.登入仓库手动发布release
找到issue中开始给的地址 https://s01.oss.sonatype.org ,登入账号密码是在sonatype中注册的那个,登入后如下:
1.点击Staging Repositories
2.勾选对应的版本
3.点击Release
4.发布成功后在下面Activity会有相应的提醒
5.发布后,大概过10分钟左右issue上会受到一条评论,提升同步操作以及激活,三十分钟内同步到https://repo1.maven.org/,四小时内同步到https://search.maven.org
Central sync is activated for io.github.fpleihub. After you successfully release, your component will be available to the public on Central https://repo1.maven.org/maven2/, typically within 30 minutes, though updates to https://search.maven.org can take up to four hours.
同步结果查看可以登入查看即可
https://repo1.maven.org/
https://search.maven.org
https://mvnrepository.com/