一、创建一个 OSS 账户
OSS 账户的密码要求比较严格,建议记录备注好;且 OSS 账户的用户名以及密码在后续需要配置到 Maven 的 setting.xml 文件中。
二、为新项目托管创建 Jira 问题
登录刚刚注册的 OSS 账号,点击新建
在创建好一个 Jira Issue 并提交后,等待工作人员审核通过。如果没有问题,你提交的 Issue 会更改状态为 RESOLVED。说明配置成功。
三、安装并配置 GPG
我们需要安装 GNU PG ,安装完毕后,在我们的 Terminal 中输入命令:
gpg -- version
查看是否安装成功。
安装完毕后,生成密钥对,输入命令gpg --full-gen-key
| gpg --full-gen-key | |
| gpg --full-gen-key | |
| gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. | |
| This is free software: you are free to change and redistribute it. | |
| There is NO WARRANTY, to the extent permitted by law. | |
| gpg: keybox 'C:/Users/Nadeem/AppData/Roaming/gnupg/pubring.kbx' created | |
| Please select what kind of key you want: | |
| (1) RSA and RSA (default) | |
| (2) DSA and Elgamal | |
| (3) DSA (sign only) | |
| (4) RSA (sign only) | |
| Your selection? 1 | |
| RSA keys may be between 1024 and 4096 bits long. | |
| What keysize do you want? (2048) | |
| Requested keysize is 2048 bits | |
| Please specify how long the key should be valid. | |
| 0 = key does not expir |
输入好用户名,邮箱等信息之后,会弹出一个输入框,要求我们输入 Passphrase:
我们需要记住设置好的 Passphrase,后续在 Maven 的 setting.xml 文件中需要用到!
设置好加密密钥后,我们需要将公钥发布到 OSSRH 服务器上,因为你会使用这个公钥来加密你的 jar 包,当你上传你的 jar 包到 OSSRH 服务器时,就会用私钥来解密。
输入命令:
gpg --list-key
即可查看我们设置的密钥
| pub rsa2048 2021-06-10 [SC] | |
| EAA2F85838644032D5FC5A3070DB8094C525F6FE | |
| uid [ultimate] jinrunheng (yes) <1175088275@qq.com> | |
| sub rsa2048 2021-06-10 [E] |
这里面 EAA2F85838644032D5FC5A3070DB8094C525F6FE 就是公钥
将公钥上传到 pool.sks-keyservers.net
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys EAA2F85838644032D5FC5A3070DB8094C525F6FE
四、配置 Maven 的 setting.xml
配置 oss 仓库的认证信息
| <servers> | |
| <server> | |
| <id>ossrh</id> | |
| <username>你注册的 oss 的用户名</username> | |
| <password>你注册的 oss 的密码</password> | |
| </server> | |
| <server> | |
| <id>oss</id> | |
| <username>你注册的 oss 的用户名</username> | |
| <password>你注册的 oss 的密码</password> | |
| </server> | |
| </servers> |
配置 GPG 密钥方面的关键信息:
| <profiles> | |
| <profile> | |
| <id>ossrh</id> | |
| <activation> | |
| <activeByDefault>true</activeByDefault> | |
| </activation> | |
| <properties> | |
| <gpg.executable>gpg</gpg.executable> | |
| <gpg.passphrase>你设置的 Passphrase </gpg.passphrase> | |
| <gpg.executable>/usr/local/bin/gpg</gpg.executable> | |
| <gpg.homedir>/Users/macbook/.gnupg</gpg.homedir> | |
| </properties> | |
| </profile> | |
| </profiles> |
gpg.executable 的信息我们可以通过命令:
which gpg
来查看
gpg.homedir 的信息可以通过命令:
gpg --list-key
来查看,公钥列表之前,就包含 homedir 的路径
| ➜ ~ gpg --list-key | |
| /Users/macbook/.gnupg/pubring.kbx |
五、配置项目的 pom.xml
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> | |
| <modelVersion>4.0.0</modelVersion> | |
| <groupId>io.github.jinrunheng</groupId> | |
| <artifactId>sensitive-words-filter</artifactId> | |
| <version>0.0.1</version> | |
| <name>sensitive-words-filter</name> | |
| <description>This is a Chinese sensitive words filter implemented in Java</description> | |
| <url>https://github.com/jinrunheng/sensitive-words-filter</url> | |
| <properties> | |
| <java.version>1.8</java.version> | |
| <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | |
| <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> | |
| <maven.compiler.source>${java.version}</maven.compiler.source> | |
| <maven.compiler.target>${java.version}</maven.compiler.target> | |
| </properties> | |
| <dependencies> | |
| <!--commons-lang3--> | |
| <dependency> | |
| <groupId>org.apache.commons</groupId> | |
| <artifactId>commons-lang3</artifactId> | |
| <version>3.9</version> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.junit.jupiter</groupId> | |
| <artifactId>junit-jupiter</artifactId> | |
| <version>5.7.2</version> | |
| <scope>test</scope> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.apache.commons</groupId> | |
| <artifactId>commons-lang3</artifactId> | |
| <version>3.11</version> | |
| </dependency> | |
| </dependencies> | |
| <licenses> | |
| <license> | |
| <name>The Apache Software License, Version 2.0</name> | |
| <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> | |
| <distribution>repo</distribution> | |
| </license> | |
| </licenses> | |
| <developers> | |
| <developer> | |
| <!--输入在sonatype创建的账户和联系邮箱 --> | |
| <name>dubyKim</name> | |
| <email>1175088275@qq.com</email> | |
| </developer> | |
| </developers> | |
| <scm> | |
| <connection>scm:git:git@github.com:jinrunheng/sensitive-words-filter.git</connection> | |
| <developerConnection>scm:git:git@github.com:jinrunheng/sensitive-words-filter.git</developerConnection> | |
| <url>git@github.com:jinrunheng/sensitive-words-filter.git</url> | |
| <tag>sensitive-words-filter-0.0.1</tag> | |
| </scm> | |
| <build> | |
| <plugins> | |
| <plugin> | |
| <!--for unit test--> | |
| <artifactId>maven-surefire-plugin</artifactId> | |
| <version>2.22.2</version> | |
| </plugin> | |
| <plugin> | |
| <groupId>org.apache.maven.plugins</groupId> | |
| <artifactId>maven-scm-plugin</artifactId> | |
| <version>1.8.1</version> | |
| </plugin> | |
| <!--源代码--> | |
| <plugin> | |
| <groupId>org.apache.maven.plugins</groupId> | |
| <artifactId>maven-source-plugin</artifactId> | |
| <version>2.1.2</version> | |
| <executions> | |
| <execution> | |
| <id>attach-sources</id> | |
| <phase>verify</phase> | |
| <goals> | |
| <goal>jar-no-fork</goal> | |
| </goals> | |
| </execution> | |
| </executions> | |
| </plugin> | |
| <!--Java doc--> | |
| <plugin> | |
| <groupId>org.apache.maven.plugins</groupId> | |
| <artifactId>maven-javadoc-plugin</artifactId> | |
| <version>2.9.1</version> | |
| <configuration> | |
| <source>8</source> | |
| <aggregate>true</aggregate> | |
| <charset>UTF-8</charset> | |
| <encoding>UTF-8</encoding> | |
| <docencoding>UTF-8</docencoding> | |
| <additionalparam>-Xdoclint:none</additionalparam> | |
| </configuration> | |
| <executions> | |
| <execution> | |
| <phase>package</phase> | |
| <goals> | |
| <goal>jar</goal> | |
| </goals> | |
| </execution> | |
| </executions> | |
| </plugin> | |
| <!--部署--> | |
| <plugin> | |
| <artifactId>maven-deploy-plugin</artifactId> | |
| <version>2.8.2</version> | |
| <executions> | |
| <execution> | |
| <id>default-deploy</id> | |
| <phase>deploy</phase> | |
| <goals> | |
| <goal>deploy</goal> | |
| </goals> | |
| </execution> | |
| </executions> | |
| </plugin> | |
| <!--GPG 打包插件--> | |
| <plugin> | |
| <groupId>org.apache.maven.plugins</groupId> | |
| <artifactId>maven-gpg-plugin</artifactId> | |
| <executions> | |
| <execution> | |
| <phase>verify</phase> | |
| <goals> | |
| <goal>sign</goal> | |
| </goals> | |
| </execution> | |
| </executions> | |
| </plugin> | |
| <!--将组件部署到 OSSRH 并将其发布到 Central Repository--> | |
| <plugin> | |
| <groupId>org.sonatype.plugins</groupId> | |
| <artifactId>nexus-staging-maven-plugin</artifactId> | |
| <version>1.6.7</version> | |
| <extensions>true</extensions> | |
| <configuration> | |
| <serverId>ossrh</serverId> | |
| <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> | |
| <autoReleaseAfterClose>true</autoReleaseAfterClose> | |
| </configuration> | |
| </plugin> | |
| </plugins> | |
| </build> | |
| <distributionManagement> | |
| <snapshotRepository> | |
| <id>oss</id> | |
| <url>https://oss.sonatype.org/content/repositories/snapshots/</url> | |
| </snapshotRepository> | |
| <repository> | |
| <id>ossrh</id> | |
| <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url> | |
| </repository> | |
| </distributionManagement> | |
| </project> |
pom 的配置要求严格,必须包括 name,description,url,licenses,developers,scm 等这些基本信息,另外需要注意的是 snapshotRepository 与 repository 中的 id 一定要与 setting.xml 中 server 的 id 保持一致!
这里面需要注意的是很多旧文档中,nexus-staging-maven-plugin 的nexusUrl 配置的地址为 oss.sonatype.org/。
但是2021年2月份,最新发布的官方文档中已经建议我们将地址配置为s01.oss.sonatype.org/
详情请移步到链接:central.sonatype.org/publish/relea...
六、发布 jar 包
执行命令
mvn clean deploy
如果项目 build success,等待一段时间后,我们就可以在 Nexus 上,找到我们发布的包了
七、参考链接
文章参考链接: