Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support deploying JARs and POMs to Maven compatible repositories #953

Closed
aalmiray opened this issue Sep 15, 2022 · 6 comments
Closed

Support deploying JARs and POMs to Maven compatible repositories #953

aalmiray opened this issue Sep 15, 2022 · 6 comments
Assignees
@aalmiray
Labels
enhancement New feature or request released Issue has been released
Milestone
v1.3.0

Comments

@aalmiray
Copy link
Member

Sonatype Nexus2 powers Maven Central for the time being. Publishing artifacts to Maven Central has been requested since the early days.

JReleaser may need a new wrokflow step: deploy.
JARs & POMs should be "staged" using the build tool of choice that is, files should be placed at a local directory using the default layout expected by Nexus. For example

target/
└── staging-deploy
    └── test
        └── jreleaser
            └── app
                ├── 1.0.0
                │   ├── app-1.0.0.pom
                │   ├── app-1.0.0.pom.asc
                │   ├── app-1.0.0.pom.asc.md5
                │   ├── app-1.0.0.pom.asc.sha1
                │   ├── app-1.0.0.pom.md5
                │   └── app-1.0.0.pom.sha1
                ├── maven-metadata.xml
                ├── maven-metadata.xml.md5
                └── maven-metadata.xml.sha1

Additionally, JReleaser may perform the following tasks before deploying takes place:

  • pom files comply with the minimum set of elements (via pomchecker)
  • -sources & -javadoc JARs are available
  • generate sha256 and sha512 checksums
  • sign all artifacts when PGP is configured. Avoids configuring PGP on the build tool
@aalmiray aalmiray added the enhancement New feature or request label Sep 15, 2022
@hboutemy
Copy link

hboutemy commented Sep 16, 2022
edited

notice that .asc.md5 and .asc.sha1 and other checksums for .asc are not useful (even if they are not forbidden): https://central.sonatype.org/publish/requirements/#sign-files-with-gpgpgp

@aalmiray
Copy link
Member Author

What do you mean with "not useful"? AFAICT there's a checksum rule that triggers when there are no matching checksum files.

@hboutemy
Copy link

hboutemy commented Sep 17, 2022
edited

no, not for .asc because they are not an attached artifact
see for example https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-artifact-plugin/3.3.0/ and you'll see that .asc is there, but no checksums for it

@aalmiray
Copy link
Member Author

aalmiray commented Sep 17, 2022
edited

Oh, oh, So it's the gradle plugin I'm using that calculates checksums for signature files ... well what a surprise there 😏

Thus, I only have to calculate checksums for JARs & POMs, but not for signatures, right?

@aalmiray aalmiray added this to the v1.3.0 milestone Sep 17, 2022
@aalmiray aalmiray self-assigned this Sep 17, 2022
@aalmiray aalmiray changed the title Support deploying JARs and POMs to Sonatype Nexus2 Support deploying JARs and POMs to Maven compatible repositories Sep 18, 2022
@aalmiray
Copy link
Member Author

aalmiray commented Sep 18, 2022
edited

Also support:

  • JFrog Artifactory
  • Gitea Packages
  • Gitlab Packages
  • Github packages

aalmiray added a commit to jreleaser/jreleaser.github.io that referenced this issue Sep 19, 2022
@aalmiray
Document jreleaser/jreleaser#953
9784bcc
aalmiray added a commit that referenced this issue Oct 27, 2022
@aalmiray
feat(deploy): Initial maven deploy support. Resolves #953
6178409
@aalmiray
Copy link
Member Author

Released in v1.3.0 -> https://github.com/jreleaser/jreleaser/releases/tag/v1.3.0

@aalmiray aalmiray added the released Issue has been released label Oct 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aalmiray aalmiray

Labels
enhancement New feature or request released Issue has been released
Projects
None yet
Milestone
v1.3.0
Development

No branches or pull requests
2 participants
@aalmiray @hboutemy