I have built a JAR and want to put it into Maven Central. How do I actually do that?
I have reviewed the instructions here:
https://maven.apache.org/guides/mini/guide-central-repository-upload.html
This has got to be the worst set of instructions I have ever seen. Seriously, try reading it.
These instructions make no sense to me. They are basically impossible to understand. Can someone please share with me a simple plain-English set of steps for how to actually get your JAR into Maven Central? Would really appreciate it.
Like explained between the lines on that page, you need a supported repository hosting location to be able to get your artifact into maven central. Since there is only a handful of such locations, the best bet to get something in there is to have it as open source release, as those have an open one:
The easiest way to upload another project is to use the Open Source
Software Repository Hosting (OSSRH), which is an approved repository
provided by Sonatype for any OSS Project that want to get their
artifacts into Central Repository.
That's what I've used as well. Refer to their instructions for details. In short, you need to
create a jira ticket for your project and get it approved
deploy your artifact (fulfilling the requirements, using either Maven or some other deployment tool) to their private staging area
promote the release to release area
If all goes well, after the last step the release will be synced to maven central in roughly ten minutes.
Related
This question already has an answer here:
Is it mandatory to provide SCM Url for getting project ID in maven central
(1 answer)
Closed 2 years ago.
I need few clarifications regarding releasing the artifacts in maven central. I could see in the requirements that for SCM information project URL need to be added, which means whether we supposed to share the source via SCM. Since my understanding as maven central is public repo and so they expect source need to be shared or we can share our github link (which may point to source related demos).
Since working in an organization we are not interested in share as open source. It is will be commercial project, whether we can release the artifacts in maven central with SCM Url pointing to source demos . Can anybody share your valuable suggestions?
Note: Artifact to be hosted is for commercial purposes.
Maven Central requires you to share the source. From your own link:
Supply Javadoc and Sources
Projects with packaging other than pom have to supply JAR files that contain Javadoc and sources.
While there's no technical requirement that your SCM is world-readable, there's no point in trying to hide it.
Artifact to be hosted is for commercial purposes.
That's not what Maven Central is for. If you have a commercially-licensed, closed-source library and want to provide Maven integration, then set up your own private repository for your customers. You'll also need to invest in some heavy obfuscation if you don't want people trivially decompiling or modifying it though.
I am currently working on several projects each one of them has different artifactory settings. So, when switching between them I have to go to maven folder and change settings file to correspond to correct corporate repository. I'm pretty sure that it is ineffective and most likely someone already have a simple solution for this problem. May be there is some IDEA settings that I need to switch, or maven itself has some way to store them?
So, my question is - does anyone know the simple way to use several settings.xml file in the same maven home folder?
Quick google and stackoverflow search doesn't provide any results so far.
I expect that when I open another project in Idea it will work with its own artifactory instead of using the one from previous project (since these are from different companies, obviously it is not correct to use the same one)
The answer above doesn't quite work for me, since I'm running project via IDEA and it's getting artifacts downloaded using single settings.xml
The usual way you work is to either:
put all repositories you need for all of your projects into your settings.xml so that it works for all projects.
use a Nexus/Artifactory that proxies all the repositories you need and put that as mirror into your settings.xml.
If a repository should really be only accessible for one project, you can put into the pom.xml of that project.
I don't understand how other developers should object to putting the repositories into the pom.xml because they need the very same repositories to run the project (if not, please comment and explain).
why use Maven when you have such quantity of local jars?
So we have a client that have a lot of private jars and custom jars.
For example commons-langMyCompanyCustom.jar which is commons-lang.jar with 10 more classes in it.
So on their environment we use 100% Maven without local dependencies.
But on our site we have the jars for development in Eclipse and have Maven build with the public ones, but we do not have permission to add their jars in our organizational repository.
So we want to use the Maven good things like: compile,test, build uber-jar, add static code analysis, generate java-docs, sources-jars etc. not to do this thinks one by one with the help of Eclipse.
So we have 70 jar some of them are public if I get the effective pom on their environment I found 50 of them in Maven Central, but the other 20 are as I called "custom" jars. I searched for decision of course but found this:
<dependency>
<groupId>sample</groupId>
<artifactId>com.sample</artifactId>
<version>1.0</version>
<scope>system</scope>
<systemPath>${project.basedir}/src/main/resources/yourJar.jar</systemPath>
</dependency>
So for all 20 of them I have to add this in the development maven profile??
Is there a easy way like in Gradle where you can add all folder with its dependencies to the existing ones?
Also installing one by one in every developer's repo is not acceptable.
Please forget the system scope as mentioned before! Too problematic...
Ideally:
Ideally, all your developers have access to Repository Manager in your or their organization (if possible).
A central environment for your System Integration Testing, maybe?
Alternatively, you may have a central environment for testing where all the dependencies are provided. This approach can be used to simulate how a compilation would work as if it's in your client's environment. Plus you only setup jars once.
So on their environment we use 100% Maven without local dependencies.
But on our site we have the jars for development in Eclipse and have
Maven build with the public ones, but we do not have permission to add
their jars in our organizational repository.
According to what you're saying in the above-quoted excerpt I believe you want to have set in your build's pom.xml assuming that in the client setup the dependencies will be present.
Especially, as you indicate that the organization doesn't give you permission to add their jars in your repository, I would use the provided scope.
As stated in the Maven docs, the definition of a provided dependency is as followed:
This is much like compile, but indicates you expect the JDK or a container to provide the dependency at runtime. For example, when building a web application for the Java Enterprise Edition, you would set the dependency on the Servlet API and related Java EE APIs to scope provided because the web container provides those classes. This scope is only available on the compilation and test classpath, and is not transitive.
So basically you assume that these dependencies will be present at your client's setup. However, this has some limitations. Meaning you can build solutions independently but cannot test it locally because you won't have the dependencies on your workstation.
If you won't even have access to the jars to configure your central environment ask if your client can provide a DEV/SIT environment.
None of the above? Inherit a parent pom.
To avoid the whole constant copy-paste process for every single (related) project, maven has the tools to centralize dependency and plugin configurations, one of such is by inheriting the configuration of a parent pom. As is explaining in the following documentation it is quite simple:
First you create a project with just a pom.xml where you define everything you wish to centralize (watch out, certain items have slight differences in their constructs);
Use as property of packaging tag the option pom: <packaging>pom</packaging>;
In the pom's that have to inherit these configurations set the parent configuration tags in <parent> ... </parent> (documentation is very clear with this);
Now everytime you update any "global" pom configuration only the parent version has to be updated on every project. As a result of this, you only need to configure everything once.
You can also apply this together with the abovementioned solutions, this way combining to find a solution that fits best to your needs.
But there is a big Maven world out there, so I advise a good read in its doc's to further acknowledge your possibilities. I remembered these situations because I've been in a similar situation you seem to be now.
Good luck!
Another alternative is the project RepoTree.
This one creates a Maven repository directory (not a server) from another directory which contains just the .jars. In other words, it creates the necessary .pom files and directory structure. It takes into account only the precise information from metadata contained in the archives (MANIFEST.MF, pom.xml).
Utility to recursively install artifacts from a directory into a local
Maven repository Based on Aether 1.7
This is 5 years old, but still should work fine.
TL;DR: MavenHoe creates a Maven repository server (not a directory) which serves the artefacts from a directory, guessing what you ask for if needed. The purpose is to avoid complicated version synchronizing - it simply takes whatever is closest to the requested G:A:V.
I have moved the MavenHoe project, which almost got lost with the decline of Google Code, to Github. Therefore I put it here for availability in the form of a full answer:
One of the options you have when dealing with conditions like that is to take whatever comes in form of a directory with .jar's and treat it as a repository.
Some time ago I have written a tool for that purpose. My situation was that we were building JBoss EAP and recompiled every single dependency.
That resulted in thousands of .jars which were most often the same as their Central counterpart (plus security and bug fixes).
I needed the tests to run against these artifacts rather than the Central ones. However, the Maven coordinates were the same.
Therefore, I wrote this "Maven repository/proxy" which provided the artifact if it found something that could be it, and if not, it proxied the request to Central.
It can derive the G:A:V from three sources:
MANIFEST.MF
META-INF/.../pom.xml
Location of the file in the directory, in combination with a configuration file like this:
jboss-managed.jar org/jboss/man/ jboss-managed 2.1.0.SP1 jboss-managed-2.1.0.SP1.jar
getopt.jar gnu-getopt/ getopt 1.0.12-brew getopt-1.0.12-brew.jar
jboss-kernel.jar org/jboss/microcontainer/ jboss-kernel 2.0.6.GA jboss-kernel-2.0.6.GA.jar
jboss-logging-spi.jar org/jboss/logging/ jboss-logging-spi 2.1.0.GA jboss-logging-spi-2.1.0.GA.jar
...
The first column is the filename in the .zip; Then groupId (with either slashes or dots), artifactId, version, artifact file name, respectively.
Your 70 files would be listed in this file.
See more information at this page:
https://rawgit.com/OndraZizka/MavenHoe/master/docs/README.html
The project is available here.
Feel free to fork and push further, if you don't find anything better.
I am very new to the industry, so apologies in advance for the very likely stupidity of the question.
In the team, we work with Intellij IDEA 13 as IDE, and use Maven 3 for our projects. We provide a few online services and portals, and I'm just starting to work on one: the project has several dependencies that are shared by other older projects, some are JAR archives, some are WARs...
To my questions re: how to edit those dependencies locally (e.g. editing a resources.properties was the case I had in mind) my tutor suggested turning the dependencies into snapshots and work with those.
What I managed to do was create a copy of the appropriate folders in my local repository and change wherever the version of the dependency was in the name or in the files, then modify my pom.xml files.
Now, this works perfectly if I open the JAR/WAR and edit some file, but I'd like to be able to do it from my IDE, also cause not being able to suggests I'm probably doing this in a wrong way. Do I need to somehow unpack the dependency to be able to do so? Is my entire approach wrong?
P.S.: I would ask someone in my office, but oddly enough none of those who could help are at work today anymore!
If none of your colleagues was able to help you, I am afraid there might be something else hidden.
However, let's try it!
I am guessing, here, that your resources.properties is a part of his own project. Project handled by Maven and expressed as a dependency in one of your main project.
I am also guessing that your main projects are WARs (Webapps mostly, services, portals) and the JARs are libraries, configurations, etc...)
Therefore, I am guessing that your webapps are referencing some libraries as Maven dependencies, to a specific version.
That said, IntelliJ (and other IDE) can easily handle modification of either JARs and WARs related to each other via Maven as long as the visioning is meaningful.
Note: Having -SNAPSHOT at the end of the version number tell to Maven NOT to cache the package. On the opposite, a definitive version number is considered as released and is only fetched from the cache. This is important because with a SNAPSHOT, you can publish an illimited number of time and it is guaranteed to have the latest version.
Note: Doing mvn clean install publish a package into your local Maven repository (generally located in ~/.m2) and is only available to you.
The general good practice is to have, in all the development branches of your DVCS, all your owned, often modified projects (Don't be too greedy, it depend on the situation) as SNAPSHOT. And during a release (Maven has a specific plugin for that) change all the versions to a final one, attributed in this precise moment (You never know if you will need a minimal version or a major).
Your code, then, has always the SNAPSHOT number of your expected next release.
Finally, I think that in your case, if you choose to change the pom.xml of one of your library for a SNAPSHOT, you should change the pom.xml of the root project to correspond.
If this dependency version is the same, then, you can add your library as a module within IntelliJ and the IDE will do the math to figure that the Maven dep and the Java module are the same entity.
I don't even know if that's help you (I'm not even sure if it's clear), but I hope it will make you ask more questions about what you need. Your co-workers will probably be able to help you more.
I have a small Java project in a version control system (git), shared by 4 developers. I'm thinking about using Maven in this project as a build tool.
Dependency management is a wanted feature, but I don't want:
- automatic updates of dependencies (as this could break my software).
- to rely on an Internet connection to download dependencies from a remote repository and be able to compile my code.
Therefore, the questions:
1) May I configure Maven to use local dependencies (eg jars shared in a VCS)? I don't have several dependencies shared among several projects and my dependencies rarely will be updated, so using Maven repositories is not worth it to me imho.
2) If I choose to use a Maven repository, may I configure one in my local network? I don't want a remote repository mirror or a portal to the remote repository. I want a standalone repository with my dependencies, located at a server in my local network.
3) If I use the default Maven approach with the remote repository, could I turn off dependency updates after all dependencies are downloaded the first time?
Thanks in advance for any help.
Answer to 1:
Yes you can, google for System-Scope dependencies, BUT: It is not a good idea to do this, because you will remove one of the key-features.
<dependency>
<groupId>com.mycompany</groupId>
<artifactId>app-lib</artifactId>
<version>3.1.0</version>
<scope>system</scope>
<systemPath>${project.basedir}/libs/app-lib-3.1.0.jar</systemPath>
</dependency>
Answer to 2:
Yes you can:
- Artifactory
- Nexus
Answer to 3:
Yes you can. For that case you can use the ---offline flag OR better approach: release all dependencies.
Some thoughts:
You want to use a dependecy-management system, without using dependency-management, sounds strange to mee.
If you fear, that changes within your libs may break your code, just don't use SNAPSHOTs.
Try a kind of version scheme. We use
x.y.z
if z changes in a release, the jar should be compatible.
if y changes, you'll have to change youz code
if x changes... well everthing needs to be renewed.
Your concern about being dependent on Internet connectivity is a valid one, but I don't think it's as bad as you think.
After a dependency is downloaded from the Central Repository, it is saved to a cache on your hard drive (located at "~/.m2/repository"). From then on, the copy in the cache is used and Internet connectivity is no longer required to compile your application.
When you compile your first project in Maven, it will have to download a crap-load of stuff. But after that, all subsequent compilations will go much faster and they won't need to download anything.
Also, Maven's versioning scheme makes it so that all "release" versions of a dependency cannot change once they are deployed to the Central repository. For example, if I'm using version "2.2" of "commons-io", I know that this version of the library will always stay the same. A change cannot be made without releasing a new version.
"Snapshot" versions, however, can change. If a library's version is a snapshot, then it will end in "-SNAPSHOT" (for example, "1.2-SNAPSHOT" means the library will eventually be released as "1.2"). I don't think the Central repository allows snapshot builds though. You shouldn't use them in production code anyway.
I thought that Internet connectivity was only needed in the 1st compile, but I get several download msgs whenever I change code. Msgs like these:
Downloading: http://repo.maven.apache.org/maven2/org/eclipse/core/resources/maven-metadata.xml
Downloading: http://repository.springsource.com/maven/bundles/external/org/eclipse/core/resources/maven-metadata.xml
Downloading: http://repository.springsource.com/maven/bundles/release/org/eclipse/core/resources/maven-metadata.xml
Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/eclipse/core/resources/maven-metadata.xml
Why is that? Is Maven looking for updates in these repositories or is there another reason to download these metadata xmls often?