As a mature product, it *should* be easier to prepare a product release bundle for Maven artifacts. I had a hard time, both with a product that used Maven builds and one that did not. However, the purpose of this blog entry isn’t to complain, it’s to document the process. To be honest, my motivation to write this blog entry is really for my personal reference rather than public consumption.
Resource Requirements
Sonatype login to submit group creation requests (login available here) and deploy artifacts.
A GPG signer tool (I use Gpg4win).
One-time Workstation Set-up Tasks
Create a public / private key pair. Instructions using Gpg4win tool Kleopatra here.
Command to create a public/private pair with no password (not needed here) are as follows. Just follow the prompts and enter a blank password.
gpg --delete-secret-key myKeyId
gpg --delete-key myKeyId
Command to create a public/private pair with no password (not needed here) are as follows. Just follow the prompts and enter a blank password.
gpg --gen-keygpg2 --list-keysgpg2 --list-secret-keysgpg --delete-secret-key myKeyId
gpg --delete-key myKeyId
Project Build Set-up (Maven project)
Add creation of the “sources” jar to your maven build. Maven makes this easy via a plug-in. Pom addition here:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
Add creation of the “javadoc” jar to your maven build. Maven makes this easy via a plug-in. Pom addition here:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
Execute your Maven build with the repository:bundle-create goal. This will verify that you’ve provided all needed information for your project (e.g. description, SCM url, project url, etc.) in the pom file. It will also create an unsigned deployment bundle (which is useless).
Add bundle creation and signing to your maven build. My sample requires that you define an environment variable GPG_HOME that denotes the location of where you installed your GPG software (example C:\Software\GNU\GnuPG). I use the ant plugin for Maven to accomplish this. This really should be easier. Pom addition here:
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<phase>install</phase>
<configuration>
<tasks>
<property environment="env" />
<fail if="${env.GPG_HOME}" message="GPG_HOME environment variable not defined." />
<mkdir dir="target/mavenrepo" />
<copy file="pom.xml"
tofile="target/mavenrepo/${project.name}-${project.version}.pom" />
<replace
file="target/mavenrepo/${project.name}-${project.version}.pom">
<replacefilter>
<replacetoken>$</replacetoken>
<replacevalue>#</replacevalue>
</replacefilter>
<replacefilter>
<replacetoken>#{project.version}</replacetoken>
<replacevalue>${project.version}</replacevalue>
</replacefilter>
<replacefilter>
<replacetoken>#{project.url}</replacetoken>
<replacevalue>${project.url}</replacevalue>
</replacefilter>
<replacefilter>
<replacetoken>#{project.name}</replacetoken>
<replacevalue>${project.name}</replacevalue>
</replacefilter>
</replace>
<copy todir="target/mavenrepo">
<fileset dir="target" includes="*.jar" />
</copy>
<exec executable="cmd" dir="target/mavenrepo">
<env key="PATH" path="${env.GPG_HOME}" />
<arg line="/c" />
<arg line="gpg2.exe" />
<arg line="-ab" />
<arg
line="${project.build.directory}\mavenrepo\${project.name}-${project.version}.pom" />
</exec>
<exec executable="cmd" dir="target/mavenrepo">
<env key="PATH" path="${env.GPG_HOME}" />
<arg line="/c" />
<arg line="gpg2.exe" />
<arg line="-ab" />
<arg
line="${project.build.directory}\mavenrepo\${project.name}-${project.version}.jar" />
</exec>
<exec executable="cmd" dir="target/mavenrepo">
<env key="PATH" path="${env.GPG_HOME}" />
<arg line="/c" />
<arg line="gpg2.exe" />
<arg line="-ab" />
<arg
line="${project.build.directory}\mavenrepo\${project.name}-${project.version}-javadoc.jar" />
</exec>
<exec executable="cmd" dir="target/mavenrepo">
<env key="PATH" path="${env.GPG_HOME}" />
<arg line="/c" />
<arg line="gpg2.exe" />
<arg line="-ab" />
<arg
line="${project.build.directory}\mavenrepo\${project.name}-${project.version}-sources.jar" />
</exec>
<jar destfile="target/${project.name}-${project.version}-bundle.jar">
<fileset dir="target/mavenrepo" includes="*.jar" />
<fileset dir="target/mavenrepo" includes="*.pom" />
<fileset dir="target/mavenrepo" includes="*.asc" />
</jar>
</tasks>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
</plugin>
Run you build and produce a signed bundle jar. Example content of a properly created and sign bundle are as follows:
Manual Artifact Deployment
After successful project setup, you’ll receive an email notification. Then you can issue deployments. It’s possible to incorporate deployment of the bundle in your build script, but that’s a battle I haven’t fought; I deploy mine artifacts manually. This is fine as I don’t need to deploy very often.
Log into Sonatype (here) to manually upload your deployment bundle and release the artifact , select the “Staging Upload” link, and select the “Artifact Bundle” upload mode.
Then you’re off to the races. My hope is that this process gets *much* easier over time and that this post becomes useless and obsolete. Please let me know if I can make any of these instructions clearer.
No comments:
Post a Comment