Development Notes

Maven Configuration

Publishing to Maven Central

Publishing artifacts to Maven Central involves several steps, including configuring the Sonatype repository, signing artifacts, and running Maven commands to deploy them. Key areas to configure include your Maven settings.xml file and the required plugins.

Pre-Requisites:
  • Ensure you have a Sonatype account registered and permissions to publish to your repository.
  • Install GPG (GNU Privacy Guard) on your system for artifact signing.
  • Set up your gpg key for signing.
  • Create a Sonatype Token for authentication when deploying to Maven Central.
Useful Resources:

Configuring settings.xml

Maven uses a settings.xml file to store important configurations, server credentials, and profile-specific settings. Below is an example configuration:

File: settings.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">

    <!-- Define Profiles -->
    <profiles>
        <!-- Release Profile -->
        <profile>
            <id>release</id>  <!-- Profile for artifact release -->
            <properties>
                <gpg.executable>gpg</gpg.executable> <!-- Path to the GPG executable -->
                <gpg.keyname>YOUR_KEY_ID</gpg.keyname> <!-- Your GPG Key ID -->
            </properties>
        </profile>

        <!-- Default Repository Configuration -->
        <profile>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <repositories>
                <repository>
                    <id>central-snapshots</id>
                    <url>https://central.sonatype.com/repository/maven-snapshots</url>
                    <releases>
                        <enabled>false</enabled>
                    </releases>
                    <snapshots>
                        <enabled>true</enabled>
                    </snapshots>
                </repository>
                <repository>
                    <id>central</id>
                    <url>https://repo1.maven.org/maven2/</url>
                    <releases>
                        <enabled>true</enabled>
                    </releases>
                    <snapshots>
                        <enabled>false</enabled>
                    </snapshots>
                </repository>
            </repositories>

            <!-- Plugin Repositories -->
            <pluginRepositories>
                <pluginRepository>
                    <id>plugin-snapshots</id>
                    <url>https://central.sonatype.com/repository/maven-snapshots</url>
                </pluginRepository>
            </pluginRepositories>
        </profile>
    </profiles>

    <!-- Server Credentials -->
    <servers>
        <server>
            <id>central</id> <!-- Configure the Central Repository ID -->
            <username><!-- your token username --></username> <!-- Token Username (Sonatype) -->
            <password><!-- your token password --></password> <!-- Token Password -->
        </server>
    </servers>
</settings>

Signing Artifacts with GPG

To publish artifacts on Maven Central, they must be signed using GPG. This ensures the integrity and authenticity of your artifacts.

Setup GPG Key

  1. Generate a GPG Key: Run the following command to generate a new GPG key:

    gpg --full-generate-key
    • Choose RSA and RSA for the key type.
    • Provide a secure passphrase.
    • Use the generated key.

  2. List Your GPG Key:

    gpg --list-keys

    Locate the Key ID (e.g., ABCDEF1234567890) for use in your Maven configuration.

  3. Associate GPG Key with Your Sonatype Account:

    • Export your public key: 
      gpg --armor --export ABCDEF1234567890
    • Log in to your Sonatype account and upload this public key.

Deploying Artifacts to Maven Central

With your settings.xml and GPG configuration in place, you can package and deploy your artifacts to Maven Central.

Commands for Deployment

  1. Clean and Build the Project: Run this to ensure everything is in a fresh state:

    mvn clean install

  2. Deploy Artifacts to Staging Repository: Use the release profile to sign and upload artifacts:

    mvn clean deploy -P release

  3. Verify Staging Repository:

  4. Release Artifacts: After verifying your artifacts in the staging repository, release them to Maven Central.

Notes and Troubleshooting

Common Issues

  1. GPG Signing Issues:

    • Ensure gpg is installed and available in your system's path.
    • Test GPG functionality with: 
      gpg --armor --sign test.txt
    • If signing artifacts fails, verify the key ID in your settings.xml.

  2. Publishing Errors (401 Unauthorized):

    • Verify that your username and password are correctly configured in the <server> section of settings.xml.
    • Ensure that the Sonatype token is active and has the necessary permissions.

  3. Staging Repository Validation Failures:

    • Verify all required metadata is present in your pom.xml, including the project description, license information, and developer details.