Skip to content
This repository was archived by the owner on Feb 14, 2023. It is now read-only.

Publishing new versions to Maven Central

Jump to bottom
Gabriel Valencia edited this page Oct 28, 2022 · 41 revisions

How to Publish

Important: Please keep this document up-to-date as you work with it and find any gaps or new information!

Overview

The IBM Cloud Spring Bind Maven artifact is published via Sonatype. Read through this page and watch the linked videos on it to become familiar with the process of becoming a producer on Sonatype:

https://central.sonatype.org/pages/producers.html

Prerequisites

IBM Cloud Spring Bind

Clone the ibm-cloud-spring-bind code repository into a local directory.

Sonatype (one-time setup)

  1. Create a new account at https://issues.sonatype.org/. Important: Make sure to use your work ibm.com email address. You will use those same credentials to publish the artifact at https://oss.sonatype.org/.
  2. Create a ticket to get access to the IBM Cloud Spring Bind OSSRH repository at https://issues.sonatype.org/secure/CreateIssue!default.jspa. Change the issue type to Task, write a summary like Need access to ibm-cloud-spring-boot-service-bind.
  3. Have someone who is listed as a developer in pom.xml under <developers> add a comment to the ticket you just created approving your access.
  4. Visit https://oss.sonatype.org/, click on your user ID at the top right, and click Profile. In the drop-down menu select User Token and click on Access User Token.
  5. Modify the ~/.m2/settings.xml file. If you don't have this file, go ahead and run mvn clean install on the IBM Cloud Spring Bind project to generate it. Add the following to the <servers> section, replacing with your Sonatype OSSRH user token values: 
    <server>
  <id>ossrh</id>
  <username>tokenValueBeforeColon</username>
  <password>tokenValueAfterColon</password>
</server>

GnuPG (GPG)

  1. Install the command-line GPG tool which is used to sign the jar. On a Mac with Homebrew, execute brew install gnupg. Or visit https://gnupg.org/download/ to download binary releases.
  2. Follow this page to get it set up to sign the jar: https://central.sonatype.org/pages/working-with-pgp-signatures.html.

Make sure you follow the sections to generate a key and distribute your public key.

If you have trouble sending the key to a server, you can follow this solution.

Important: Remember or write down the passphrase for your key in a secure place. You will need it when deploying artifacts to Sonatype.

  1. In your terminal, execute export GPG_TTY=$(tty) to fix a known issue encountered when signing the jar.
  2. Execute mvn verify -Dgpg.passphrase=<your_gpg_passphrase> using the passphrase used with the gpg --gen-key command. If it succeeds, you are all set.

Steps

  1. Make sure you've followed the prerequisites (see above).
  2. Make necessary code changes in your local ibm-cloud-spring-bind code repository and test with mvn clean install. Add new unit tests as needed.
  3. Update the pom.xml file by increasing the <version> tag value. Use a standard Major.Minor.Patch scheme and change the specific version appropriately. Also add yourself to the <developers> section if you are not already there.
  4. Push your changes to the master branch.
  5. Execute mvn clean deploy -Darguments=-Dgpg.passphrase=<your_gpg_passphrase> to push your changes to the Sonatype repository for staging. If you get 401 errors, check to see if the JIRA ticket you created earlier requesting access has been resolved. You cannot upload until that ticket is resolved.
  6. Check that the artifact has been deployed to staging by visiting https://oss.sonatype.org/ and navigating to Staging Repositories on the left. Search for the com.ibm.cloud group ID and select the newly created repository.
  7. Check that all the required artifacts are present (project, javadoc, and source jars as well as associated checksum files). If they are, we can publish this as a new release by closing this repository. Click the Close button at the top. Refresh the page to check the progress. Click on the Activity tab in the bottom area (next to Summary) to see progress and failures, if any.
  8. If all the checks passed under Activity, click on the Release button at the top and then click on Confirm in the dialog box. The release artifact should be available at Maven Central after a day or so. You can search for it here.

References

Clone this wiki locally