Maven (Java)

http://repo1.maven.org/maven2 is the standard maven repository, available by default to any maven build, and indexed at http://search.maven.org. The direct way to publish an artifact into this repository is to go through http://oss.sonatype.org.

Some example release steps can be found in the Dagger and AutoValue release docs.

oss.sonatype.org

Maven artifacts are "deployed" to a release repository. Open source projects can publish their released binaries to oss.sonatype.org, which will create an ad-hoc staging repository to which one deploys a release. The release engineer will then use the dashboard on oss.sonatype.org to close and release that staging repository, at which point it will be published to the main repository mirrors.

The following includes non-sonatype actions, as a full release typically involves some intertwined steps.

Note: Maven artifacts are write-once, so don't close and release unless you are certain your artifact is correct.

Setup

As a one-time setup, pushing to sonatype requires the following:

Create an account on oss.sonatype.org (sign up on http://linkremoved/)
Request permission for that account to push artifacts with the group com.google.<yourpackage>
1. File an issue on http://linkremoved/
2. If asked to verify this request by someone with publish access to a com.google.* address, file a issuetracker bug here and someone from OSPO will verify your request.
Create a pgp certificate (via gnupg) with a public key published to keyserver.ubuntu.com via gpg --keyserver keyserver.ubuntu.com --send-keys <yourkeyid> or the equivalent
Your project must inherit from the sonatype oss parent artifact (see Dagger parent pom.xml here as an example), or manually declare a release repository with the id sonatype-nexus-staging
Create a ${HOME}/.m2/settings.xml file containing the credentials for the account created in step #1, associated with the server id sonatype-nexus-staging. <<--- important
[optional] Create a release profile to make releases a one-line operation. e.g. protobuf-testing which has a custom release profile.
- Projects which inherit from org.sonatype.oss:oss-parent will get such a profile automatically, called sonatype-oss-release

The administrative steps above are all documented in Sonatype's OSSRH Guide. The GPG instructions particular to this process can be found in this Sonatype GPG blog entry.

Regular releasing steps

For each release, you would:

Ensure that the project does not depend on any projects with a -SNAPSHOT version number.
Update your project's pom.xml files to the intended release version.
Perform a clean build and test of your artifacts
Perform any source-repository-related maintenance
1. tag the commit and push the tag to github, etc.
2. prepare release notes, update release entry in github, etc (can be in parallel)
Generate the artifact, javadoc, and sources sub-artifacts, and sign them.
- Generally people set up a release profile a mvn -Prelease deploy (or mvn -Psonatype-oss-release deploy if using sonatype's parent pom.xml)
Log into oss.sonatype.org and
1. Navigate to the staging repositories
2. Find the staging repository for your release (nearly always the last)
3. Spot-check the contents, the version number, etc.
4. "Close" the repository in preparation for release.
5. Hit refresh a lot (approx 1 minute wait time)
6. "Release" the repository to sonatype's mirrors.
Announce on any relevant media.

Alternatives

TODO(**********) describe bintray->sonatype and other links.