Skip to content

Commit e637a82

Browse files
Flossyclaude
andcommitted
build: add Maven Central (OSSRH) deployment configuration
- Add license and URL sections (required for Maven Central) - Configure distributionManagement for OSSRH staging repository - Add snapshot repository configuration - Add release profile with nexus-staging-maven-plugin - Create comprehensive DEPLOYMENT.md guide Maven Central requirements met: - ✅ License information (GPL-3.0) - ✅ Project URL - ✅ SCM information (already present) - ✅ Developer information (already present) - ✅ Source JAR (maven-source-plugin already configured) - ✅ Javadoc JAR (maven-javadoc-plugin already configured) - ✅ GPG signing (maven-gpg-plugin already configured) Deployment: mvn clean deploy -P release The release profile enables: - nexus-staging-maven-plugin for OSSRH - autoReleaseAfterClose for automatic publishing - Proper server configuration (ossrh) DEPLOYMENT.md covers: - OSSRH account setup - GPG key generation and publishing - Maven settings configuration - Step-by-step deployment process - Version management - Troubleshooting - Security best practices Fixes #66 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent e3094dc commit e637a82

2 files changed

Lines changed: 251 additions & 3 deletions

File tree

DEPLOYMENT.md

Lines changed: 210 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,210 @@
1+
# Deployment Guide
2+
3+
This guide covers how to deploy classloader-java to Maven Central.
4+
5+
## Prerequisites
6+
7+
### 1. Sonatype OSSRH Account
8+
9+
1. Create a JIRA account at https://issues.sonatype.org
10+
2. Create a "New Project" ticket requesting access to `org.flossware` groupId
11+
3. Wait for approval (usually 1-2 business days)
12+
13+
### 2. GPG Key Setup
14+
15+
```bash
16+
# Generate GPG key (if you don't have one)
17+
gpg --gen-key
18+
19+
# List your keys
20+
gpg --list-keys
21+
22+
# Publish your public key to key servers
23+
gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID
24+
gpg --keyserver keys.openpgp.org --send-keys YOUR_KEY_ID
25+
```
26+
27+
### 3. Maven Settings
28+
29+
Add to `~/.m2/settings.xml`:
30+
31+
```xml
32+
<settings>
33+
<servers>
34+
<server>
35+
<id>ossrh</id>
36+
<username>YOUR_SONATYPE_USERNAME</username>
37+
<password>YOUR_SONATYPE_PASSWORD</password>
38+
</server>
39+
</servers>
40+
41+
<profiles>
42+
<profile>
43+
<id>ossrh</id>
44+
<activation>
45+
<activeByDefault>true</activeByDefault>
46+
</activation>
47+
<properties>
48+
<gpg.executable>gpg</gpg.executable>
49+
<gpg.passphrase>YOUR_GPG_PASSPHRASE</gpg.passphrase>
50+
</properties>
51+
</profile>
52+
</profiles>
53+
</settings>
54+
```
55+
56+
**Security Note:** Consider using encrypted passwords or environment variables instead of plain text.
57+
58+
## Deployment Steps
59+
60+
### 1. Prepare Release
61+
62+
```bash
63+
# Ensure you're on main branch and up to date
64+
git checkout main
65+
git pull
66+
67+
# Ensure all tests pass
68+
mvn clean verify
69+
70+
# Check version in pom.xml is correct (should be X.Y, not X.Y-SNAPSHOT)
71+
```
72+
73+
### 2. Deploy to Maven Central
74+
75+
```bash
76+
# Deploy using the release profile
77+
mvn clean deploy -P release
78+
79+
# This will:
80+
# 1. Build the project
81+
# 2. Run all tests
82+
# 3. Generate source JAR
83+
# 4. Generate javadoc JAR
84+
# 5. Sign all artifacts with GPG
85+
# 6. Upload to OSSRH staging repository
86+
# 7. Automatically release to Maven Central (if autoReleaseAfterClose=true)
87+
```
88+
89+
### 3. Verify Deployment
90+
91+
After deployment, artifacts will appear in Maven Central within:
92+
- Staging: Immediately
93+
- Search: 2-4 hours
94+
- Full sync: Up to 24 hours
95+
96+
Check at: https://search.maven.org/artifact/org.flossware/classloader-java
97+
98+
### 4. Tag Release
99+
100+
```bash
101+
# Create and push git tag
102+
git tag -a v2.0 -m "Release version 2.0"
103+
git push origin v2.0
104+
105+
# Create GitHub release
106+
gh release create v2.0 --title "v2.0" --notes "Release notes here"
107+
```
108+
109+
## Version Management
110+
111+
### Release Versions
112+
113+
- Format: `X.Y` (e.g., `2.0`, `2.1`)
114+
- No `-SNAPSHOT` suffix
115+
- Use for stable, production-ready releases
116+
117+
### Snapshot Versions
118+
119+
- Format: `X.Y-SNAPSHOT` (e.g., `2.1-SNAPSHOT`)
120+
- For development/testing
121+
- Deployed to snapshot repository
122+
- Can be overwritten
123+
124+
### Version Bumping
125+
126+
```bash
127+
# After releasing 2.0, bump to next snapshot
128+
mvn versions:set -DnewVersion=2.1-SNAPSHOT
129+
git commit -am "Bump version to 2.1-SNAPSHOT"
130+
git push
131+
```
132+
133+
## Troubleshooting
134+
135+
### GPG Signing Fails
136+
137+
```bash
138+
# Verify GPG can sign
139+
echo "test" | gpg --clearsign
140+
141+
# If prompted for passphrase, add to settings.xml or use:
142+
export GPG_TTY=$(tty)
143+
```
144+
145+
### Upload Fails
146+
147+
- Check credentials in `~/.m2/settings.xml`
148+
- Verify OSSRH JIRA ticket is approved for `org.flossware`
149+
- Ensure version is not `-SNAPSHOT` for releases
150+
151+
### Artifacts Not Appearing
152+
153+
- Check OSSRH staging repository: https://s01.oss.sonatype.org/
154+
- Verify signing succeeded (all `.asc` files present)
155+
- Ensure all required files are present:
156+
- `classloader-java-X.Y.jar`
157+
- `classloader-java-X.Y-sources.jar`
158+
- `classloader-java-X.Y-javadoc.jar`
159+
- `classloader-java-X.Y.pom`
160+
- `.asc` signature files for each
161+
162+
## Manual Release (if autoReleaseAfterClose=false)
163+
164+
```bash
165+
# Deploy to staging
166+
mvn clean deploy -P release
167+
168+
# Login to OSSRH
169+
# Go to: https://s01.oss.sonatype.org/#stagingRepositories
170+
# Find your repository (orgflossware-XXXX)
171+
# Click "Close"
172+
# Wait for validation
173+
# Click "Release"
174+
```
175+
176+
## Alternative: packagecloud (Legacy)
177+
178+
The project was previously deployed to packagecloud:
179+
180+
```bash
181+
# Install packagecloud CLI
182+
gem install package_cloud
183+
184+
# Deploy to packagecloud
185+
mvn clean package
186+
package_cloud push flossware/java target/classloader-java-*.jar
187+
```
188+
189+
## Security Best Practices
190+
191+
- ✅ Never commit credentials to version control
192+
- ✅ Use encrypted passwords in settings.xml
193+
- ✅ Rotate GPG keys periodically
194+
- ✅ Keep private keys secure
195+
- ✅ Use environment variables for CI/CD
196+
- ✅ Enable 2FA on Sonatype account
197+
198+
## CI/CD Integration
199+
200+
For automated releases via GitHub Actions, see `.github/workflows/` examples:
201+
202+
- Store secrets in GitHub repository secrets
203+
- Use GPG key export for CI environments
204+
- Automate version bumping and tagging
205+
206+
## References
207+
208+
- [Maven Central OSSRH Guide](https://central.sonatype.org/publish/publish-guide/)
209+
- [Maven GPG Plugin](https://maven.apache.org/plugins/maven-gpg-plugin/)
210+
- [Nexus Staging Plugin](https://github.com/sonatype/nexus-maven-plugins)

pom.xml

Lines changed: 41 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,15 @@
1111

1212
<name>JClassLoader</name>
1313
<description>A Java ClassLoader capable of loading classes from local and remote (HTTP/HTTPS) locations with caching support</description>
14+
<url>https://github.com/FlossWare/classloader-java</url>
15+
16+
<licenses>
17+
<license>
18+
<name>GNU General Public License v3.0</name>
19+
<url>https://www.gnu.org/licenses/gpl-3.0.txt</url>
20+
<distribution>repo</distribution>
21+
</license>
22+
</licenses>
1423

1524
<properties>
1625
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -54,11 +63,17 @@
5463
</issueManagement>
5564

5665
<distributionManagement>
66+
<!-- Maven Central (OSSRH) - for public releases -->
5767
<repository>
58-
<id>packagecloud-flossware</id>
59-
<name>packagecloud-flossware</name>
60-
<url>https://packagecloud.io/flossware/java/maven2/</url>
68+
<id>ossrh</id>
69+
<name>Central Repository OSSRH</name>
70+
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
6171
</repository>
72+
<snapshotRepository>
73+
<id>ossrh</id>
74+
<name>Central Repository OSSRH Snapshots</name>
75+
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
76+
</snapshotRepository>
6277
</distributionManagement>
6378

6479
<repositories>
@@ -363,4 +378,27 @@
363378
</plugin>
364379
</plugins>
365380
</build>
381+
382+
<profiles>
383+
<!-- Maven Central deployment profile -->
384+
<profile>
385+
<id>release</id>
386+
<build>
387+
<plugins>
388+
<!-- Nexus Staging Plugin for Maven Central -->
389+
<plugin>
390+
<groupId>org.sonatype.plugins</groupId>
391+
<artifactId>nexus-staging-maven-plugin</artifactId>
392+
<version>1.6.13</version>
393+
<extensions>true</extensions>
394+
<configuration>
395+
<serverId>ossrh</serverId>
396+
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
397+
<autoReleaseAfterClose>true</autoReleaseAfterClose>
398+
</configuration>
399+
</plugin>
400+
</plugins>
401+
</build>
402+
</profile>
403+
</profiles>
366404
</project>

0 commit comments

Comments
 (0)