Page History

...

The following command will run Maven's clean and install phases natively:

$ mvn clean install

This is a very common command to build a Maven project from source, and install its built artifacts into your .m2 cache for local consumption.

...

The following command will run the same phases within a Docker container, without needing to install Maven on your machine:

$ docker run -it --rm -v $(pwd):/build -w /build maven:3-jdk-8 mvn clean install

...

To easily run your own test Nexus repository via Docker (untested):

$ docker run -d -p 8081:8081 --name nexus sonatype/nexus:oss

OSSRH

See http://central.sonatype.org/pages/ossrh-guide.html

For a more long-term solution for hosting your (open-source) Maven artifacts, you can follow these follow these steps to deploy them to OSSRH. OSSRH

They will even sync your released artifacts with Maven Central on your behalf.

Third-Party Dependencies

...

In general, requirements are as follows:

1. Final bundle.jar must include:
   1. Project POM (i.e. pom.xml)
   2. Compiled JAR (i.e. ir-utils-0.1.0.jar)
   3. JavaDoc JAR (i.e. ir-utils-0.1.0-javadoc.jar)
   4. Sources JAR (i.e. ir-utils-0.1.0-sources.jar)
   5. GPG signatures for all of the above (i.e. ir-utils-0.1.0.jar.asc, ir-utils-0.1.0-javadoc.jar.asc, etc)
2. Final pom.xml must include:
   1. Project coordinates: groupId / artifactId / version
   2. Project name and description
   3. License information
   4. Developer information
   5. SCM information
3. Final pom.xml must NOT include:
   1. <repositories> tags
   2. <pluginRepositories> tags

Working with GPG Keys

See http://central.sonatype.org/pages/working-with-pgp-signatures.html

Generate a Keypair

You will need the gnupg command line tool (on OSX, this can be installed via brew):

$ gpg --gen-key

Upload to Keyserver

Once you have generated a keypair, you will need to upload your public key to a public keyserver.

To list existing keys:

$ gpg --list-keys
/Users/<USERNAME>/.gnupg/pubring.kbx
----------------------------------
pub   rsa2048 2017-05-05 [SC] [expires: 2019-05-05]
      <YOUR_KEY_ID_WHICH_WILL_BE_FAIRLY_LONG>
uid           [ultimate] Craig Willis (https://github.com/craig-willis) <willis8@illinois.edu>
uid           [ultimate] Garrick Sherman (https://github.com/gtsherman) <gsherma2@illinois.edu>
uid           [ultimate] Mike Lambert (https://github.com/bodom0015) <lambert8@illinois.edu>
sub   rsa2048 2017-05-05 [E] [expires: 2019-05-05]

Then execute the following command to upload your public key:

$ gpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys <YOUR_KEY_ID_WHICH_WILL_BE_FAIRLY_LONG>

where <YOUR_KEY_ID_WHICH_WILL_BE_FAIRLY_LONG> is pulled from the output above

Signing a Single File

To sign a file with your GPG key:

$ gpg2 -ab ir-utils-0.1.0.jar

This will output a .asc file that should be included with the file that produced it.

Verifying GPG Signature

Third-Party Dependencies

To publish a single SNAPSHOT artifact to a repository:

...

$ mvn deploy:deploy-file -Dfile=./indri-5.11.jar -DgroupId=edu.illinois.lis -DartifactId=indri -Dversion=5.11-SNAPSHOT -Dpackaging=jar -Durl=https://oss.sonatype.org/content/repositories/snapshots/ -DrepositoryId=ossrh

For staging a new release:

$ mvn deploy:deploy-file -Dfile=./indri-5.11.jar -DgroupId=edu.illinois.lis -DartifactId=indri -Dversion=5.11-SNAPSHOT -Dpackaging=jar -Durl=https://oss.sonatype.org/service/contentlocal/repositoriesstaging/snapshotsdeploy/maven2 -DrepositoryId=ossrh

NOTE: If you attempt to deploy a SNAPSHOT to staging, or a non-SNAPSHOT to snapshots, the command will fail.

Staging a New Release

Syncing to Maven Central

Even OSSRH has a strict list of requirements for syncing artifacts to Maven Central.

...