- Sign up for a Sonatype JIRA account here
- Click Sign Up in the login box, follow instructions
- Go to community support
- Ask for publish rights by creating an issue similar to this one
- You must be logged in to create a new issue
- Use the Create button at the top tab
-
Install GNU Privacy Guard (GPG)
- GPG is installed by default on Ubuntu systems
- For other systems, see GnuPG download page
-
Generate the key
gpg --gen-key- Keep the defaults, but specify a passphrase
- The passphrase can be random; you just need to remember it long enough to finish the next step
- One way to make a random passphrase:
base64 /dev/urandom | head -c20; echo;
-
Find the ID of your public key
gpg --list-secret-keys- Look for the line with format
sec 2048R/ABCDEFGH 2015-11-17 - The
ABCDEFGHis the ID for your public key
- Look for the line with format
-
Upload your public key to a public server:
gpg --send-keys --keyserver hkp://pgp.mit.edu ABCDEFGH- If you see the error,
gpg: keyserver send failed: No data, try again in ~5m. The mit server semi-frequently has trouble accepting keys
- If you see the error,
- Create a file at
$HOME/.m2/settings.xmlwith your passphrase and your sonatype username and password
<settings>
<profiles>
<profile>
<id>ossrh</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.passphrase>[the password for your gpg key]</gpg.passphrase>
</properties>
</profile>
</profiles>
<servers>
<server>
<id>ossrh</id>
<username>[your sonatype account name]</username>
<password>[your sonatype account password]</password>
</server>
</servers>
</settings>
Minor changes should be a point increase (0.6.0 -> 0.6.1). Additions to API or breaking changes should be a major release. (0.6.0 -> 0.7.0)
- Run
releasetool start. Select "minor" or "patch" for the release type. This will bump the artifact versions, ask you to edit release notes, and create the release pull request. - Run
mvn clean install deploy -DperformRelease=trueto stage the release. - Verify the result here.
- If there is a problem, undo by
mvn nexus-staging:drop.
- If there is a problem, undo by
mvn nexus-staging:release -DperformRelease=true- It will take some time (10 minutes to 8 hours) for the package to be released
- Confirm that the release appears in the parent folder on Maven Central
- If the release doesn't show up, do the following to check for failures:
- Go to Sonatype and log in
- Click on Staging Repositories on the left
- Filter down to the repository by typing the package's groupId in the search box
- In our case,
com.google.auth
- In our case,
- Click on the repository and check for errors
- Submit the pull request to bump the version numbers
- Update Javadoc on Github using
scripts/update_javadoc.sh. - Run
releasetool tagto create the GitHub release. - Run
releasetool startto bump the next snapshot version. Select "snapshot" when prompted for the release type. This will bump the artifact versions and create a pull request. - Review and submit the PR.
- Check out the version you want to deploy
git checkout <ref>
- Make sure all
pom.xmlfile are not usingSNAPSHOTversions - Proceed to Deploy to Sonatype