Getting your opensource JAR published to Maven Central is free, but requires a little bit of up front work. I use Sonatype to help publish the jars for metrics-statsd, which makes life much easier. Most of the process is documented by Sonatype, which you can read about here:
There were a few tricky parts that either weren’t documented well or I just found confusing. I have tried to document some of these parts below.
In case you’re as easily confused as I was, Sonatype uses three different terms when talking about pushing jars:
- Deploy refers to deploying snapshots to Sonatype.
- Staging refers to pushing potential release artifacts to Sonatype. Note that staging an artifact does not automatically push it to Maven Central.
- Release refers to marking the artifacts for release on Sonatype’s Nexus server so that they get pushed to Maven Central.
Pushing jars to Maven Central requires that you produce three artifacts:
- Main jar with compiled classes
- Sources jar
- Javadocs jar
To automatically generate the second and third artifacts, add the following to the build plugins section of your
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Maven Central requires that you sign your released artifacts with GPG. Note that snapshots do not need to be signed. Sonatype has a thorough article on signing your artifacts:
How to Generate PGP Signatures With Maven
The key steps are:
- Generate a key pair
- Distribute your public key
- Update your
The first two steps are straightforward. The only trick with the third step is that you only want to sign artifacts during the release process. If you add the
maven-gpg-plugin to your main, every single build will get signed and Maven will prompt you for your passphrase with every build. Instead, you can define a Maven profile with a specific name and include the
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Following the recommendation from Sonatype, you will remove the
<repositories></repositories> section of your
pom.xml. Once you do that, Maven no longer knows what server to use when deploying or staging. To compensate, you need to add a
1 2 3 4 5 6 7 8 9 10
Sonatype Parent POM
You need to configure your
pom.xml to inherit from the Sonatype Parent POM:
1 2 3 4 5
Assuming you’ve followed the instructions from Sonatype and setup an account, you’re now ready to deploy snapshots. The process is simple:
That will automatically clean, build and push your snapshot to Sonatype.
Pushing a release jar to Maven Central consists of two parts: staging and releasing.
In this part we clean everything up; prepare for the build by creating a tag for the release and updating the pom.xml; perform the build; deploy the artifacts to Sonatype.
The process consists of three commands:
1 2 3
release:prepare step will prompt you for release information. Here is some sample output from the 2.3.0 release of metrics-statsd:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Once the artifacts are staged on Sonatype’s Nexus, you need to go through a few annoying steps:
- Close out the staging release in Sonatype
- Release the artifacts in Sonatype
That process is well documented (with images) by Sonatype:
Within two hours, Sonatype will push the artifacts to Maven Centrl.