Publish a Maven Package
Step 0: Create a Sonatype account
Section titled “Step 0: Create a Sonatype account”Visit central.sonatype.com and follow the appropriate steps to create an account and get a verified namespace
Signing up using Github is recommended to simplify the process
Step 1: Get your User Token
Section titled “Step 1: Get your User Token”Navigate to your account and click Generate User Token
Step 2: Set-up settings-security.xml
Section titled “Step 2: Set-up settings-security.xml”Run the following command
mvn --encrypt-master-passwordEnter a master password and the output should look something like the following
{hashed-password}
Create the ~/.m2/settings-security.xml file and write the following xml
<settingsSecurity> <master>hashed-password</master></settingsSecurity>Step 3: Create a gpg key for signing
Section titled “Step 3: Create a gpg key for signing”If not already installed, install gnupg in your system
Generate GPG Key
Section titled “Generate GPG Key”gpg --full-generate-keyYou will be prompted to provide the following information:
- Key Type: Choose RSA and RSA (default).
- Key Size: Enter 4096 for a secure key.
- Key Expiration: Choose a duration (e.g., 0 for no expiration, or 1y for one year).
- Name: Enter your name (this will be publicly visible).
- Email Address: Enter the email address associated with your Sonatype account.
- Comment: Leave this blank or add an optional note.
After confirming the details, set a secure passphrase for your private key.
List your keys
Section titled “List your keys”gpg --list-keysLook for the key ID under the pub section, which will look something like this:
pub rsa4096 2024-11-19 [SC] ABCD1234EF567890GHIJK1234567890ABCDEF123uid [ultimate] Your Name <your.email@example.com>sub rsa4096 2024-11-19 [E]The long string (e.g., ABCD1234EF567890GHIJK1234567890ABCDEF123) is your key fingerprint.
Publish your public key
Section titled “Publish your public key”gpg --send-keys --keyserver hkps://keys.openpgp.org <key-id>Step 4: Set-up settings.xml
Section titled “Step 4: Set-up settings.xml”Create the ~/.m2/settings.xml file and add the following xml
<settings> <servers> <server> <id>central</id> <!-- Name this however you like --> <username>sonatype_token_username</username> <password>sonatype_token_password</password> </server> </servers>
<profiles> <profile> <id>gpg</id> <properties> <gpg.executable>gpg</gpg.executable> <gpg.passphrase>your-secure-passphrase</gpg.passphrase> </properties> </profile> </profiles> <activeProfiles> <activeProfile>gpg</activeProfile> </activeProfiles></settings>your-secure-passphrase can be encrypted using mvn
mvn --encrypt-password "your-secure-passphrase"Use the hashed output instead of your-secure-passphrase
Step 5: Configure your pom.xml
Section titled “Step 5: Configure your pom.xml”Add the necessary information
Section titled “Add the necessary information”The following are taken from my DataBridge library
<groupId>io.github.kdesp73</groupId><artifactId>DataBridge</artifactId><version>2.0.14</version><packaging>jar</packaging>
<name>DataBridge</name><description>A Java library for managing database connections and transactions</description><url>https://github.com/KDesp73/DataBridge</url>
<licenses> <license> <name>MIT</name> <url>https://rem.mit-license.org/license.txt</url> <distribution>repo</distribution> </license></licenses>
<developers> <developer> <id>KDesp73</id> <name>Konstantinos Despoinidis</name> </developer></developers>
<scm> <url>https://github.com/KDesp73/DataBridge</url> <connection>scm:git:git://github.com/KDesp73/DataBridge.git</connection> <tag>HEAD</tag></scm>Distribution Management
Section titled “Distribution Management”<distributionManagement> <snapshotRepository> <id>central</id> <!-- same as settings.xml --> <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>central</id> <!-- same as settings.xml --> <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url> </repository></distributionManagement>Plugins
Section titled “Plugins”<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>3.1.0</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions></plugin><plugin> <groupId>org.sonatype.central</groupId> <artifactId>central-publishing-maven-plugin</artifactId> <version>0.6.0</version> <extensions>true</extensions> <configuration> <publishingServerId>central</publishingServerId> <!-- same as settings.xml --> <autoPublish>true</autoPublish> <waitUntil>uploaded</waitUntil> </configuration></plugin><plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>2.2.1</version> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar-no-fork</goal> </goals> </execution> </executions></plugin><plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>2.9.1</version> <executions> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> </execution> </executions></plugin>Step 6: Deploy your package
Section titled “Step 6: Deploy your package”mvn clean verify
mvn clean deployThat’s it! Your package should be published at any moment.
For more info on publishing using sonatype checkout their documentation