...
The following command will run Maven's clean and install phases natively:
Code Block | ||
---|---|---|
| ||
$ mvn clean install |
This is a very common command to build a Maven project from source, and install its built artifacts into your .m2 cache for local consumption.
...
The following command will run the same phases within a Docker container, without needing to install Maven on your machine:
Code Block | ||
---|---|---|
| ||
$ docker run -it --rm -v $(pwd):/build -w /build maven:3-jdk-8 mvn clean install |
...
To easily run your own test Nexus repository via Docker (untested):
Code Block | ||
---|---|---|
| ||
$ docker run -d -p 8081:8081 --name nexus sonatype/nexus:oss |
OSSRH
See http://central.sonatype.org/pages/ossrh-guide.html
For a more long-term solution for hosting your (open-source) Maven artifacts, you can follow these follow these steps to deploy them to OSSRH. OSSRH
They will even sync your released artifacts with Maven Central on your behalf.
Third-Party Dependencies
...
In general, requirements are as follows:
- Final bundle.jar must include:
- Project POM (i.e. pom.xml)
- Compiled JAR (i.e. ir-utils-0.1.0.jar)
- JavaDoc JAR (i.e. ir-utils-0.1.0-javadoc.jar)
- Sources JAR (i.e. ir-utils-0.1.0-sources.jar)
- GPG signatures for all of the above (i.e. ir-utils-0.1.0.jar.asc, ir-utils-0.1.0-javadoc.jar.asc, etc)
- Final pom.xml must include:
- Project coordinates: groupId / artifactId / version
- Project name and description
- License information
- Developer information
- SCM information
- Final pom.xml must NOT include:
- <repositories> tags
- <pluginRepositories> tags
Working with GPG Keys
See http://central.sonatype.org/pages/working-with-pgp-signatures.html
Generate a Keypair
You will need the gnupg command line tool (on OSX, this can be installed via brew):
Code Block | ||
---|---|---|
| ||
$ gpg --gen-key |
Upload to Keyserver
Once you have generated a keypair, you will need to upload your public key to a public keyserver.
To list existing keys:
Code Block | ||
---|---|---|
| ||
$ gpg --list-keys
/Users/<USERNAME>/.gnupg/pubring.kbx
----------------------------------
pub rsa2048 2017-05-05 [SC] [expires: 2019-05-05]
<YOUR_KEY_ID_WHICH_WILL_BE_FAIRLY_LONG>
uid [ultimate] Craig Willis (https://github.com/craig-willis) <willis8@illinois.edu>
uid [ultimate] Garrick Sherman (https://github.com/gtsherman) <gsherma2@illinois.edu>
uid [ultimate] Mike Lambert (https://github.com/bodom0015) <lambert8@illinois.edu>
sub rsa2048 2017-05-05 [E] [expires: 2019-05-05] |
Then execute the following command to upload your public key:
Code Block | ||
---|---|---|
| ||
$ gpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys <YOUR_KEY_ID_WHICH_WILL_BE_FAIRLY_LONG> |
where <YOUR_KEY_ID_WHICH_WILL_BE_FAIRLY_LONG> is pulled from the output above
Signing a Single File
To sign a file with your GPG key:
Code Block | ||
---|---|---|
| ||
$ gpg2 -ab ir-utils-0.1.0.jar |
This will output a .asc file that should be included with the file that produced it.
Verifying GPG Signature
Third-Party Dependencies
To publish a single SNAPSHOT artifact to a repository:
...
Code Block | ||
---|---|---|
| ||
$ mvn deploy:deploy-file -Dfile=./indri-5.11.jar -DgroupId=edu.illinois.lis -DartifactId=indri -Dversion=5.11-SNAPSHOT -Dpackaging=jar -Durl=https://oss.sonatype.org/content/repositories/snapshots/ -DrepositoryId=ossrh |
For staging a new release:
Code Block | ||
---|---|---|
| ||
$ mvn deploy:deploy-file -Dfile=./indri-5.11.jar -DgroupId=edu.illinois.lis -DartifactId=indri -Dversion=5.11-SNAPSHOT -Dpackaging=jar -Durl=https://oss.sonatype.org/service/contentlocal/repositoriesstaging/snapshotsdeploy/maven2 -DrepositoryId=ossrh |
NOTE: If you attempt to deploy a SNAPSHOT to staging, or a non-SNAPSHOT to snapshots, the command will fail.
Staging a New Release
Syncing to Maven Central
Even OSSRH has a strict list of requirements for syncing artifacts to Maven Central.
...