How to Publish a Repo
If you want to publish the changed version of a project locally, on your machine, use this command: sbt publish-local
Note: The following instructions are for repository administrators only!
For external public releases, remote publishing is required.
Sonatype is the company that provides support and tools for Maven central. Crucially, they provide the access point for making projects available in the Maven Central Repository. You need to create a free account at Sonatype's JIRA issue management system: https://issues.sonatype.org/
At this JIRA site, the "Community Support - Open Source Project Reposity Hosting (OSSRH)" project is where we can file an issue to request help, such as connecting a new Sonatype account to the our repositories. https://issues.sonatype.org/browse/OSSRH
Once you have a Sonatype account and it is linked to the CLU Lab repositories, Sonatype's online Nexus Repository Manager is used to manage the publishing lifecycle. https://oss.sonatype.org/
This plugin does the artifact signing work for us. Install it by following the simple instructions here: http://www.scala-sbt.org/sbt-pgp/
Summary: create a plugin file: ~/.sbt/0.13/plugins/gpg.sbt containing this plugin specification:
addSbtPlugin("com.jsuereth" % "sbt-pgp" % "1.0.0")
Next, create a file to hold your Sonatype credentials: ~/.sbt/0.13/plugins/sonatype.sbt
Add the credentials from the Sonatype account you created in Step 1 to the credentials file:
credentials += Credentials("Sonatype Nexus Repository Manager",
"oss.sonatype.org",
"your-login",
"your-password")
All artifacts, within a project which is released to Maven, must be signed. The Nexus Repository Manager will verify the signing signature against a public key server. If you have not already published a public key, you will need to create and publish one for use by Sonatype.
You can do this using the either the SBT GPG plugin or the GnuPG program. Both programs seem about the same level of difficulty and are quite compatible: the SBT GPG plugin will look for and use your key rings at the same default location where GnuPG creates them, for example.
Instructions for using the GPG plugin are here: http://www.scala-sbt.org/sbt-pgp/usage.html and instructions for installing and using the GnuPGP program are here: http://central.sonatype.org/pages/working-with-pgp-signatures.html and here: http://blog.sonatype.com/2010/01/how-to-generate-pgp-signatures-with-maven/
Note that the crucial steps are: (1) generate a key pair and (2) publish the public key to one or more public key servers. While public keys are synced among key servers, the syncing process may take awhile. Using the plugin or the GnuPG program, you can easily publish to several of the major key servers in rapid succession.
- Make sure the version numbers match the version you plan to release in
build.sbt,CHANGES,README. -
git tagto create a tag with this version number. - Type
sbt publishSignedin the project you plan to release to upload it to a "staging repository" on the Sonatype server. This step is where the SBT PGP plugin automatically creates the signature files necessary for remote publication on Maven Central.
This involves "closing" the project in the Sonatype staging repository, checking for errors, then "releasing" the project.
- Go to https://oss.sonatype.org/index.html#stagingRepositories and login with the account you created in Step 1.
- After login you should see a page with the available staging repositories that looks like this:
- Scroll to the bottom of the page to find your staging repository (the name should start with
org.clulab). - Select the project. Then
Closeit (using the button in the top bar of the window). Wait a few seconds, then clickRefresh. - Check that the close operation succeeded by clicking on the Activity tab in the bottom half of the screen and selecting your most recent (bottom-most) close operation. Any errors are marked with a red dot and error details are available by clicking on the failed close activity line. Since we used the SBT PGP plugin to publishSigned, the most common error here is likely to be that your public key signature was not yet found on a public key server.
- If the Close operation was successful, the
Releasebutton should now be active. Click it, and answerYesto the question about whether the repository should be dropped (this just means it will be removed from Sonatype's list of staging repositories). - You are done: the repository has now been pushed to Maven, and it should be publicly available in 3-4 hours.
- (See this page for more details: http://central.sonatype.org/pages/releasing-the-deployment.html)
Advance the version number of the project, e.g., if you just released 5.8.1 the next version should be 5.8.2-SNAPSHOT. Commit and push the new number.
- Please do not release a repository without Mihai's approval.
- Please do not create private repositories without Mihai's approval (we have a limited number of these).
- Please do not change any permissions of the teams in the CLULab organization without Mihai's approval.
-
You first need to create a Sonatype account, steps 1 and 3 in this page: http://wickedsource.org/2013/09/23/releasing-your-project-to-maven-central-guide/. Step 2 is not needed if you release an existing project!
-
Follow the instructions in the first section of this page to create and publish PGP keys (if you don't have them already).
For remote publishing, please follow the instructions from this page: http://www.scala-sbt.org/release/docs/Using-Sonatype.html. These instructions work well, with a few observations: