Skip to content

Latest commit

 

History

History
99 lines (69 loc) · 3.43 KB

DEPLOY.md

File metadata and controls

99 lines (69 loc) · 3.43 KB

Deploying to maven central

This guide is for maintainers of the regola project only.

Pre-requisites

  • Have release access to sonatype for com.adobe.abp

  • brew install gpg (follow the sonatype guide)

    • You will need to upload your public key to a keyserver with:
    gpg --keyserver <server> --send-keys  <key_id_from: gpg --list-keys>

# Run the command above for each of the following servers (some may not respond):
- keys.openpgp.org
- keyserver.ubuntu.com
- pgp.mit.edu
    • Example: gpg --keyserver keyserver.ubuntu.com --send-keys 9ADC71851C6B40511143070F3912D719680E00000

  • Generate a User Access Token

  • Store your sonatype username and password as environment variables:

    export SONATYPE_USERNAME=<your_sonatype_username>
export SONATYPE_PASSWORD=<your_sonatype_password>

Important

Remember to never share passwords or passphrases in git!

Pre-Merge Checks

Before merging the following should be run to ensure that a release would be successful from a build, test and documentation point of view:

mvn clean install

Snapshot Releases

To produce a snapshot release you should run:

mvn clean deploy

Upon success, you can check the sonatype snapshot repository to see the latest snapshot.

As per sonatype docs:

SNAPSHOT versions are not synchronized to the Central Repository. If you wish your users to consume your SNAPSHOT versions, they would need to add the snapshot repository to their Nexus Repository Manager, settings.xml, or pom.xml.

Version Releases

To produce a release you should:

  • Switch to the main branch and ensure you have the latest HEAD revision
  • Run mvn release:clean release:prepare, accepting the defaults
  • Run mvn release:perform.

This will:

  • Drop the -SNAPSHOT qualifier from the version number
  • Create a tag in git
  • Push the commit and tag to GitHub
  • Publish the artifacts to the maven central repository
  • Increase the version number and add the SNAPSHOT qualifier

Upon success, you can check the sonatype nexus repository to check all the released versions.

The change will show up in the sonatype central repository after 30 minutes or so.

As per sonatype docs:

Upon release, your component will be published to Central: this typically occurs within 30 minutes, though updates to search can take up to four hours.

Troubleshooting

GPG - waiting for lock

If you get the following error:

[INFO] --- gpg:3.1.0:sign (sign-artifacts) @ regola ---
[INFO] Signing 4 files with default secret key.
gpg: waiting for lock (held by 66728) ...
gpg: waiting for lock (held by 66728) ...
gpg: waiting for lock (held by 66728) ...
gpg: waiting for lock (held by 66728) ...
...

Then you will need to identify the lock file (e.g., gnupg_spawn_keyboxd_sentinel.lock) for 66728 (or whatever PID you have been assigned) in ~/.gnupg and delete it.

401 Unauthorized error

See the documentation here.