一、创建一个 OSS 账户
OSS 账户的密码要求比较严格,建议记录备注好;且 OSS 账户的用户名以及密码在后续需要配置到 Maven 的 setting.xml 文件中。
二、为新项目托管创建 Jira 问题
登录刚刚注册的 OSS 账号,点击新建
在创建好一个 Jira Issue 并提交后,等待工作人员审核通过。如果没有问题,你提交的 Issue 会更改状态为 RESOLVED。说明配置成功。
三、安装并配置 GPG
我们需要安装 GNU PG ,安装完毕后,在我们的 Terminal 中输入命令:
gpg -- version
查看是否安装成功。
安装完毕后,生成密钥对,输入命令gpg --full-gen-key
gpg --full-gen-key
gpg --full-gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keybox 'C:/Users/Nadeem/AppData/Roaming/gnupg/pubring.kbx' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expir
输入好用户名,邮箱等信息之后,会弹出一个输入框,要求我们输入 Passphrase:
我们需要记住设置好的 Passphrase,后续在 Maven 的 setting.xml 文件中需要用到!
设置好加密密钥后,我们需要将公钥发布到 OSSRH 服务器上,因为你会使用这个公钥来加密你的 jar 包,当你上传你的 jar 包到 OSSRH 服务器时,就会用私钥来解密。
输入命令:
gpg --list-key
即可查看我们设置的密钥
pub rsa2048 2021-06-10 [SC]
EAA2F85838644032D5FC5A3070DB8094C525F6FE
uid [ultimate] jinrunheng (yes) <1175088275@qq.com>
sub rsa2048 2021-06-10 [E]
这里面 EAA2F85838644032D5FC5A3070DB8094C525F6FE 就是公钥
将公钥上传到 pool.sks-keyservers.net
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys EAA2F85838644032D5FC5A3070DB8094C525F6FE
四、配置 Maven 的 setting.xml
配置 oss 仓库的认证信息
<servers>
<server>
<id>ossrh</id>
<username>你注册的 oss 的用户名</username>
<password>你注册的 oss 的密码</password>
</server>
<server>
<id>oss</id>
<username>你注册的 oss 的用户名</username>
<password>你注册的 oss 的密码</password>
</server>
</servers>
配置 GPG 密钥方面的关键信息:
<profiles>
<profile>
<id>ossrh</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.passphrase>你设置的 Passphrase </gpg.passphrase>
<gpg.executable>/usr/local/bin/gpg</gpg.executable>
<gpg.homedir>/Users/macbook/.gnupg</gpg.homedir>
</properties>
</profile>
</profiles>
gpg.executable 的信息我们可以通过命令:
which gpg
来查看
gpg.homedir 的信息可以通过命令:
gpg --list-key
来查看,公钥列表之前,就包含 homedir 的路径
➜ ~ gpg --list-key /Users/macbook/.gnupg/pubring.kbx
五、配置项目的 pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>io.github.jinrunheng</groupId>
<artifactId>sensitive-words-filter</artifactId>
<version>0.0.1</version>
<name>sensitive-words-filter</name>
<description>This is a Chinese sensitive words filter implemented in Java</description>
<url>https://github.com/jinrunheng/sensitive-words-filter</url>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
</properties>
<dependencies>
<!--commons-lang3-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.9</version>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>5.7.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.11</version>
</dependency>
</dependencies>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<!--输入在sonatype创建的账户和联系邮箱 -->
<name>dubyKim</name>
<email>1175088275@qq.com</email>
</developer>
</developers>
<scm>
<connection>scm:git:git@github.com:jinrunheng/sensitive-words-filter.git</connection>
<developerConnection>scm:git:git@github.com:jinrunheng/sensitive-words-filter.git</developerConnection>
<url>git@github.com:jinrunheng/sensitive-words-filter.git</url>
<tag>sensitive-words-filter-0.0.1</tag>
</scm>
<build>
<plugins>
<plugin>
<!--for unit test-->
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-scm-plugin</artifactId>
<version>1.8.1</version>
</plugin>
<!--源代码-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.1.2</version>
<executions>
<execution>
<id>attach-sources</id>
<phase>verify</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<!--Java doc-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<configuration>
<source>8</source>
<aggregate>true</aggregate>
<charset>UTF-8</charset>
<encoding>UTF-8</encoding>
<docencoding>UTF-8</docencoding>
<additionalparam>-Xdoclint:none</additionalparam>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<!--部署-->
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
<executions>
<execution>
<id>default-deploy</id>
<phase>deploy</phase>
<goals>
<goal>deploy</goal>
</goals>
</execution>
</executions>
</plugin>
<!--GPG 打包插件-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<!--将组件部署到 OSSRH 并将其发布到 Central Repository-->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
<distributionManagement>
<snapshotRepository>
<id>oss</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
pom 的配置要求严格,必须包括 name,description,url,licenses,developers,scm 等这些基本信息,另外需要注意的是 snapshotRepository 与 repository 中的 id 一定要与 setting.xml 中 server 的 id 保持一致!
这里面需要注意的是很多旧文档中,nexus-staging-maven-plugin 的nexusUrl 配置的地址为 oss.sonatype.org/。
但是2021年2月份,最新发布的官方文档中已经建议我们将地址配置为s01.oss.sonatype.org/
详情请移步到链接:central.sonatype.org/publish/relea...
六、发布 jar 包
执行命令
mvn clean deploy
如果项目 build success,等待一段时间后,我们就可以在 Nexus 上,找到我们发布的包了
七、参考链接
文章参考链接: