Due to Maven Central's very particular requirements, the release process is a bit elaborate and requires a good deal of local configuration. This guide should walk you through it. It won't do anyone outside of KeepSafe any good, but the workflow is representative of just about any project deploying via Sonatype.
We currently deploy to Maven Central (via Sonatype's OSS Nexus instance).
- A published GPG code-signing key
- A Sonatype Nexus OSS account with permission to publish in com.getkeepsafe
- Permission to push directly to https://github.com/KeepSafe/Cashier
- Add your GPG key to your github profile - this is required for github to know that your commits and tags are "verified".
- Configure your code-signing key in ~/.gradle/gradle.properties:
signing.keyId=<key ID of your GPG signing key> signing.password=<your key's passphrase> signing.secretKeyRingFile=/path/to/your/secring.gpg
- Configure your Sonatype credentials in ~/.gradle/gradle.properties:
SONATYPE_NEXUS_USERNAME=<nexus username> SONATYPE_NEXUS_PASSWORD=<nexus password> SONATYPE_STAGING_PROFILE=com.getkeepsafe
- Configure git with your codesigning key; make sure it's the same as the one
you use to sign binaries (i.e. it's the same one you added to gradle.properties):
# Do this for the Cashier repo only git config user.email "your@email.com" git config user.signingKey "your-key-id"
- Edit gradle.properties, update the VERSION property for the new version release
- Edit changelog, add relevant changes, note the date and new version (follow the existing pattern)
- Add new
## [Unreleased]
header for next release - Verify that the everything works:
./gradlew clean check
- Make a signed commit:
git commit -S -m "Release version X.Y.Z"
- Make a signed tag:
git tag -s -a X.Y.Z
- Upload binaries to Staging:
./gradlew publish
- Publish to Release:
./gradlew closeAndReleaseRepository
- Wait until that's done. It takes a while to publish and be available in MavenCentral. Monitor until the latest published version is visible.
- Hooray, we're in Maven Central now!
- Push all of our work to Github to make it official. Check previous releases and edit tag release changes:
git push --tags origin master