http://repo1.maven.org/maven2 is the standard maven repository, available by default to any maven build, and indexed at http://search.maven.org. The direct way to publish an artifact into this repository is to go through http://oss.sonatype.org.
Some example release steps can be found in the Dagger and AutoValue release docs.
oss.sonatype.org
Maven artifacts are "deployed" to a release repository. Open source projects can publish their released binaries to oss.sonatype.org, which will create an ad hoc staging repository to which one deploys a release. The release engineer will then use the dashboard on oss.sonatype.org to close and release that staging repository, at which point it will be published to the main repository mirrors.
The following includes non-sonatype actions, as a full release typically involves some intertwined steps.
Setup
As a one-time setup, pushing to sonatype requires the following:
- Create an account on oss.sonatype.org (sign up on http://linkremoved/)
- Request permission for that account to push artifacts with the group
com.google.<yourpackage>
- File an issue on http://linkremoved/
- If asked to verify this request by someone with publish access to a com.google.* address, file a issuetracker bug here and someone from OSPO will verify your request.
- Create a pgp certificate (via gnupg) with a public key published to
keyserver.ubuntu.com using
gpg --keyserver keyserver.ubuntu.com --send-keys <yourkeyid>
or the equivalent - Your project must inherit from the sonatype oss parent artifact
(see Dagger parent pom.xml here as an example), or
manually declare a release repository with the id
sonatype-nexus-staging
- Create a ${HOME}/.m2/settings.xml file containing the
credentials for the account created in step #1, associated with the server
id
sonatype-nexus-staging
. <<--- important - [optional] Create a release profile to make releases a one-line operation.
e.g. protobuf-testing which has a custom release profile.
- Projects which inherit from org.sonatype.oss:oss-parent will get such a
profile automatically, called
sonatype-oss-release
- Projects which inherit from org.sonatype.oss:oss-parent will get such a
profile automatically, called
These administrative steps are all documented in Sonatype's OSSRH Guide. The GPG instructions particular to this process can be found in this Sonatype GPG blog entry.
Regular releasing steps
For each release, you would:
- Ensure that the project does not depend on any projects with a
-SNAPSHOT
version number. - Update your project's pom.xml files to the intended release version.
- Perform a clean build and test of your artifacts
- Perform any source-repository-related maintenance
- tag the commit and push the tag to GitHub, etc.
- prepare release notes, update release entry in GitHub, etc. (can be in parallel)
- Generate the artifact, javadoc, and sources sub-artifacts, and sign them.
- Generally people set up a release profile a
mvn -Prelease deploy
(ormvn -Psonatype-oss-release deploy
if using sonatype's parent pom.xml)
- Generally people set up a release profile a
- Log into oss.sonatype.org and
- Navigate to the staging repositories
- Find the staging repository for your release (nearly always the last)
- Spot-check the contents, the version number, etc.
- "Close" the repository in preparation for release.
- Hit refresh a lot (approx 1 minute wait time)
- "Release" the repository to sonatype's mirrors.
- Announce on any relevant media.