微信公眾號(hào)：bugstack蟲洞棧
沉淀、分享、成長(zhǎng)，專注于原創(chuàng)專題案例，以最易學(xué)習(xí)編程的方式分享知識(shí)，讓自己和他人都能有所收獲。目前已完成的專題有；Netty4.x實(shí)戰(zhàn)專題案例、用Java實(shí)現(xiàn)JVM、基于JavaAgent的全鏈路監(jiān)控、手寫RPC框架、架構(gòu)設(shè)計(jì)專題案例[Ing]等。

前言介紹

(19年12月)最近想基于Spring Boot做個(gè)開源共享項(xiàng)目，開發(fā)一個(gè)分布式任務(wù)DcsSchedule中間件可以把Schedule增強(qiáng)。那么遇到一個(gè)問題希望把Jar包發(fā)包到Maven中央倉(cāng)庫(kù)，這樣需要使用的用戶就可以直接引入。

發(fā)布準(zhǔn)備

跟著節(jié)奏

1. 下載安裝Gpg生成密鑰

我們需要一個(gè)GPG環(huán)境，用來(lái)對(duì)上傳的文件進(jìn)行加密和簽名，保證你的jar包不被篡改

1991年，程序員Phil Zimmermann為了避開政府監(jiān)視，開發(fā)了加密軟件PGP。這個(gè)軟件非常好用，迅速流傳開來(lái)，成了許多程序員的必備工具。但是，它是商業(yè)軟件，不能自由使用。所以，自由軟件基金會(huì)決定，開發(fā)一個(gè)PGP的替代品，取名為GnuPG。這就是GPG的由來(lái)。

1. 下載地址：https:///download.html
2. 下載完成后直接安裝即可，比較傻瓜式安裝很簡(jiǎn)單，記得選中文(如果你英文硬也可以不選)
3. 生成密鑰(可以使用命令行生成，也可以直接在操作界面生成)
   1. 文件>新建密鑰對(duì)(Ctrl+N) – 創(chuàng)建個(gè)人 OpenPGP 密鑰對(duì)
      
   2. 填寫個(gè)人信息姓名和郵箱 并點(diǎn)擊到 新建
      
   3. 填寫密鑰密碼
      
   4. 將公鑰上傳到目錄服務(wù){(diào)如果上傳失敗，則通過：設(shè)置(S)->配置Kleopatra?，修改 OpenPGP密鑰服務(wù)器為：hkp://keyserver.ubuntu.com:80}
      

2. 工單系統(tǒng)賬號(hào)注冊(cè)issues.sonatype

1. 注冊(cè)地址：https://issues./secure/Signup!default.jspa

2. 創(chuàng)建工單

• 項(xiàng)目：Community Support - Open Source Project Repository Hosting
• 概要：發(fā)布Jar的名稱
• 描述：非必填，最好描述清晰
• Group Id：org.itatack.middleware & 和你的域名有關(guān)系，因?yàn)楹罄m(xù)需要使用域名驗(yàn)證
• Project URL：Github項(xiàng)目站點(diǎn)(https://github.com/fuzhengwei/door-spring-boot-starter)
• SCM url：源碼倉(cāng)庫(kù)(https://github.com/fuzhengwei/door-spring-boot-starter.git)

3. 配合人工審核

1. 當(dāng)創(chuàng)建完工單后，會(huì)收到信息反饋(國(guó)外與我們有時(shí)間差，半夜的時(shí)候他們審核的更快)；

   Do you own the domain itstack.org? If so, please verify ownership via one of the following methods:
   
   Add a TXT record to your DNS referencing this JIRA ticket: OSSRH-53637 (Fastest)
   Setup a redirect to your Github page (if it does not already exist)
   If you do not own this domain, please read:
   http://central.sonatype.org/pages/choosing-your-coordinates.html
   You may also choose a groupId that reflects your project hosting, in this case, something like io.github.fuzhengwei or com.github.fuzhengwei
   
   Would you like to use a free managed security reporting service (recommended)?
   Put https://hackerone.com/central-security-project/reports/new as your project's security issue reporting URL. We'll take care of the rest.
   For more details on the Central Security Project, visit https://www.sonatype.com/central-security-project
   

   

2. 配置域名驗(yàn)證簽名；TXT 指向問題域：https://issues./browse/OSSRH-53637
   

3. 在域名驗(yàn)證截圖，回復(fù)到問題下，人工審核會(huì)進(jìn)行驗(yàn)證處理
   

4. 驗(yàn)證成功后，會(huì)收到郵件回復(fù)，也可以在issues看到｛意思就說去發(fā)布你的Jar吧寶貝，發(fā)布完告訴我一下(來(lái)這里回復(fù)下，我就讓你用了)｝

    org.itstack.middleware has been prepared, now user(s) fuzhengwei can:
    * Deploy snapshot artifacts into repository https://oss.sonatype.org/content/repositories/snapshots
    * Deploy release artifacts into the staging repository https://oss.sonatype.org/service/local/staging/deploy/maven2
    * Release staged artifacts into repository 'Releases'
   
    please comment on this ticket when you promoted your first release, thanks
   

5. 接下來(lái)等待發(fā)布Jar包成功后，到這里回復(fù)并收到反饋，如下(證明你成功了！)；

   Central sync is activated for org.itstack.middleware. After you successfully release, your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.
   

   

3. 配置Maven Settings.xml

1. Maven Settings.xml 配置，在servers中添加；

server>
id>sonatype-nexus-snapshots/id>
username>https://issues.sonatype.org的賬號(hào)/username>
password>https://issues.sonatype.org的密碼/password>
/server>
server>
id>sonatype-nexus-staging/id>
username>https://issues.sonatype.org的賬號(hào)/username>
password>https://issues.sonatype.org的密碼/password>
/server>
server>
id>ossrh/id>
username>https://issues.sonatype.org的賬號(hào)/username>
password>https://issues.sonatype.org的密碼/password>
/server>

2. 為了更快的加載Jar，在mirrors中配置了阿里云倉(cāng)庫(kù)；

mirror>
  id>alimavenrepository/id>
  name>aliyun maven repository/name>
  url>http://maven.aliyun.com/nexus/content/groups/public//url>
  mirrorOf>central/mirrorOf>        
/mirror>

3. 密鑰配置，在profile中添加ossrh

profile>
id>ossrh/id>
activation>
activeByDefault>true/activeByDefault>
/activation>
properties>
gpg.executable>D:/Program Files (x86)/GnuPG/bin/gpg.exe/gpg.executable>
gpg.passphrase>上面生成的密鑰密碼：bugstack.cn/gpg.passphrase>
gpg.homedir>{找到dir：cmd->gpg --list-key}C:/Users/fuzhengwei/AppData/Roaming/gnupg/gpg.homedir>
/properties>
/profile>

4. 配置POM文件

1. 在pom文件里添加scm、licenses、developers、distributionManagement

 licenses>
license>
name>The Apache Software License, Version 2.0/name>
url>http://www.apache.org/licenses/LICENSE-2.0.txt/url>
distribution>repo/distribution>
/license>
/licenses>

scm>
url>https://github.com/fuzhengwei/schedule-spring-boot-starter/url>
connection>https://github.com/fuzhengwei/schedule-spring-boot-starter.git/connection>
developerConnection>https://github.com/fuzhengwei/schedule-spring-boot-starter/developerConnection>
/scm>

developers>
developer>
name>fuzhengwei/name>
email>184172133@qq.com/email>
url>https://github.com/fuzhengwei/schedule-spring-boot-starter/url>
/developer>
/developers>

distributionManagement>
snapshotRepository>
id>ossrh/id>
url>https://oss.sonatype.org/content/repositories/snapshots/url>
/snapshotRepository>
/distributionManagement>

2. 配置編譯發(fā)布信息build，gpg相關(guān)插件

• maven-source-plugin 用來(lái)生成Source Jar文件
• maven-javadoc-plugin 用來(lái)生成 javadoc 文檔
• maven-gpg-plugin 用來(lái)對(duì)工程文件進(jìn)行自動(dòng)簽名
• nexus-staging-maven-plugin 用來(lái)將工程發(fā)布到中央倉(cāng)庫(kù)，另外注意生成javadoc文檔時(shí)需要指定關(guān)閉doclint，不然可能因?yàn)槭褂昧瞬灰?guī)范的javadoc注解而導(dǎo)致失敗，完整配置如下

!-- 發(fā)布Jar到Maven倉(cāng)庫(kù) Begin -->
!--生成Source jar文件-->
plugin>
groupId>org.apache.maven.plugins/groupId>
artifactId>maven-source-plugin/artifactId>
version>2.2.1/version>
executions>
execution>
id>attach-sources/id>
goals>
goal>jar-no-fork/goal>
/goals>
/execution>
/executions>
/plugin>
!--生成Javadoc，關(guān)閉doclint,避免注解檢查不通過-->
plugin>
groupId>org.apache.maven.plugins/groupId>
artifactId>maven-javadoc-plugin/artifactId>
version>2.9.1/version>
executions>
execution>
id>attach-javadocs/id>
goals>
goal>jar/goal>
/goals>
configuration>
additionalparam>-Xdoclint:none/additionalparam>
/configuration>
/execution>
/executions>
/plugin>
!--Maven GPG插件用于使用以下配置對(duì)組件進(jìn)行簽名-->
plugin>
groupId>org.apache.maven.plugins/groupId>
artifactId>maven-gpg-plugin/artifactId>
version>1.5/version>
executions>
execution>
id>sign-artifacts/id>
phase>verify/phase>
goals>
goal>sign/goal>
/goals>
/execution>
/executions>
/plugin>
!--Nexus Staging Maven插件是將組件部署到OSSRH并將其發(fā)布到Central Repository的推薦方法-->
plugin>
groupId>org.sonatype.plugins/groupId>
artifactId>nexus-staging-maven-plugin/artifactId>
version>1.6.7/version>
extensions>true/extensions>
configuration>
serverId>ossrh/serverId>
nexusUrl>https://oss.sonatype.org//nexusUrl>
autoReleaseAfterClose>true/autoReleaseAfterClose>
/configuration>
/plugin>
!-- release plugin,用于發(fā)布到release倉(cāng)庫(kù)部署插件 -->
plugin>
groupId>org.apache.maven.plugins/groupId>
artifactId>maven-release-plugin/artifactId>
version>2.4.2/version>
/plugin>
!-- 發(fā)布Jar到Maven倉(cāng)庫(kù) End -->

4. 執(zhí)行發(fā)布；Idea Maven -> Lifecycle -> Deploy

1. 接下來(lái)開發(fā)發(fā)布Jar包，中間會(huì)提示輸入密鑰生成時(shí)候的密碼
2. https://oss. 查看發(fā)布內(nèi)容
   
3. 到上面"配合人工審核",按照說明提交發(fā)布成功信息，驗(yàn)證成功后會(huì)收到回復(fù)，如下；

   Central sync is activated for org.itstack.middleware. After you successfully release, your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.
   

4. https://search. 搜索版本信息
   
5. https://maven.aliyun.com 阿里云倉(cāng)庫(kù)同步較快，可以查看
   

綜上總結(jié)

• 整體流程還是很長(zhǎng)的，如果第一次嘗試去弄，嗯，你可能有一個(gè)不眠夜
• 中間可能會(huì)遇到各種異常錯(cuò)誤，包括密鑰、打包、發(fā)版等等，注意仔細(xì)閱讀本文細(xì)節(jié)以及自己多次嘗試，總歸是會(huì)成功的
• 比較常識(shí)性的問題；同一個(gè)RELEASE版本只能上傳一次否則會(huì)失敗、老外真的是半夜回復(fù)比較快因?yàn)樵蹅儼胍顾麄冋锰炝亮?/li>