Maven (Java) is the standard maven repository, available by default to any maven build, and indexed at The direct way to publish an artifact into this repository is to go through

Some example release steps can be found in the Dagger and AutoValue release docs.

Maven artifacts are "deployed" to a release repository. Open source projects can publish their released binaries to, which will create an ad-hoc staging repository to which one deploys a release. The release engineer will then use the dashboard on to close and release that staging repository, at which point it will be published to the main repository mirrors.

The following includes non-sonatype actions, as a full release typically involves some intertwined steps.


As a one-time setup, pushing to sonatype requires the following:

  1. Create an account on (sign up on http://linkremoved/)
  2. Request permission for that account to push artifacts with the group<yourpackage>
    1. File an issue on http://linkremoved/
    2. If asked to verify this request by someone with publish access to a* address, file a issuetracker bug here and someone from OSPO will verify your request.
  3. Create a pgp certificate (via gnupg) with a public key published to via gpg --keyserver --send-keys <yourkeyid> or the equivalent
  4. Your project must inherit from the sonatype oss parent artifact (see Dagger parent pom.xml here as an example), or manually declare a release repository with the id sonatype-nexus-staging
  5. Create a ${HOME}/.m2/settings.xml file containing the credentials for the account created in step #1, associated with the server id sonatype-nexus-staging. <<--- important
  6. [optional] Create a release profile to make releases a one-line operation. e.g. protobuf-testing which has a custom release profile.
    • Projects which inherit from org.sonatype.oss:oss-parent will get such a profile automatically, called sonatype-oss-release

The administrative steps above are all documented in Sonatype's OSSRH Guide. The GPG instructions particular to this process can be found in this Sonatype GPG blog entry.

Regular releasing steps

For each release, you would:

  1. Ensure that the project does not depend on any projects with a -SNAPSHOT version number.
  2. Update your project's pom.xml files to the intended release version.
  3. Perform a clean build and test of your artifacts
  4. Perform any source-repository-related maintenance
    1. tag the commit and push the tag to github, etc.
    2. prepare release notes, update release entry in github, etc (can be in parallel)
  5. Generate the artifact, javadoc, and sources sub-artifacts, and sign them.
    • Generally people set up a release profile a mvn -Prelease deploy (or mvn -Psonatype-oss-release deploy if using sonatype's parent pom.xml)
  6. Log into and
    1. Navigate to the staging repositories
    2. Find the staging repository for your release (nearly always the last)
    3. Spot-check the contents, the version number, etc.
    4. "Close" the repository in preparation for release.
    5. Hit refresh a lot (approx 1 minute wait time)
    6. "Release" the repository to sonatype's mirrors.
  7. Announce on any relevant media.


TODO(**********) describe bintray->sonatype and other links.