How to auto deploy your MAVEN project to Sonatype Nexus Repository with GPG signature

This guide describes how can you sign and deploy your Maven project to the Sonatype Nexus Repository.

GnuPG-Logo

[wp_ad_camp_1]

Generate PGP key

  1. Open command line and run command
    gpg --gen-key
  2. Program shows you several options. Select option „(1) RSA and RSA (default)“
  3. On question „What keysize do you want? (2048)“ press ENTER key
  4. On question „Please specify how long the key should be valid.“ select option „0 = key does not expire“
  5. On question „Key does not expire at all. Is this correct? (y/N)“ answer „Y“
  6. Enter your „Real name:“
  7. Enter your „Email address:“
  8. Enter „Comment:“ (this step is optional)
  9. Approve your entries by entry „O“ like „OK“
  10. „Enter passphrase:“ to protect your key
  11. When you see message „We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.“
    Do some other work to collect more entropy.
  12. When you finish, check generated certificate by commands
    gpg2 --fingerprint your@email.adr
    
    pub rsa2048/60A37611 2016-07-16 [SC]
     Key fingerprint = 1AE6 F02C 9F2A 7857 258E D154 7B1F 845A 511F 9852
    uid [ultimate] John Dove <john@dove.com>
    sub rsa2048/D5BEA871 2016-07-16 [E]
  13. We ahve to send your key to key server by command
    gpg2 --keyserver pgp.mit.edu --send-keys 60A37611
    
    gpg: sending key 60A37611 to hkp://pgp.mit.edu

[wp_ad_camp_1]

 

Modify you settings.xml file

You have to first put your sonatype credentials to your settings.xml file which is located in {home}/.m2 folder. e.g: /home/jdove/.m2/settings.xml
Put lines below to the file and modify „sonatype-username“ and „sonatype-password“ to you credentials which you use on Sonatype JIRA portal.

<settings>
   <servers>
      <!-- Sonatype Nexus Repository -->
      <server>
         <id>sonatype-nexus-staging</id>
         <username>sonatype-username</username>
         <password>sonatype-password</password>
      </server>
    </servers>
    ...
</settings>

 

Modify you pom.xml file

Add these lines to your project pom.xml file

<project>
   ...
   <distributionManagement> 
      <repository>
         <id>sonatype-nexus-staging</id>
         <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
      </repository>
   </distributionManagement>
   ...
   <build>
      ...
      <plugins>
         ...
         <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-gpg-plugin</artifactId>
            <version>1.6</version>
            <executions>
               <execution>
                  <id>sign-artifacts</id>
                  <phase>verify</phase>
                  <goals>
                     <goal>sign</goal>
                  </goals>
              </execution>
            </executions>
         </plugin>
      </plugins>
   </build>
</project>

 

[wp_ad_camp_1]

 

Compile, sign and deploy

Go to your project root folder (where is located pom.xml) and run command.

mvn verify gpg:sign install:install deploy:deploy

 

Compile without sign and deploy

If you don’t want sign and deploy your build you can use command.

mvn install -DskipTests -Dgpg.skip

 

Travis CI

Travis CI doesn’t have your PGP key and build will failed on signature. If you add line bellow to your .travis.yml file in project, Travis CI will skip signature and deploy steps, you have to deploy your project manually as mentioned above.

install: mvn install -DskipTests -Dgpg.skip

 

Moving to release

  1. Now you can login to your Sonatype Nexus Repository (https://oss.sonatype.org)
  2. In list of repositories found your repository, select it by checkbox and click close button in a toolbar
  3. If all checks pass, you can select your repository again and click release button in the toolbar
  4. Your project should be uploaded in the central repository now

 

[wp_ad_camp_1]

63 thoughts to “How to auto deploy your MAVEN project to Sonatype Nexus Repository with GPG signature”

  1. To determine internal swelling is difficult enough, therefore, consequently, they influence the body for a long time, which threatens the normal fetus. Fluids are dangerous because they break blood circulation. Such situation leads to worsening feeding and the breath baby, created hypoxia.
    Fighting such a pathology should be done with the help of correction feeding and special procedures so that fluid does not stay tissues. If the woman is resting, then under the feet preferably put a cushion or pillow to improve the blood circulation of tired legs. Do not long time to sit or stand, as this leads to stagnation in the body. It is recommended that the knee-elbow position several times a day in order to increase blood flow.
    swollen feet and legs during pregnancy

  2. „Thanks for your write-up on the travel industry. I will also like to add that if you are a senior thinking of traveling, it is absolutely imperative that you buy travel insurance for senior citizens. When traveling, older persons are at biggest risk of experiencing a professional medical emergency. Buying the right insurance cover package in your age group can protect your health and provide you with peace of mind.“

  3. The very root of your writing while appearing agreeable initially, did not really settle perfectly with me personally after some time. Someplace within the paragraphs you actually were able to make me a believer but only for a while. I nevertheless have a problem with your leaps in assumptions and you would do well to help fill in all those breaks. If you actually can accomplish that, I could surely end up being fascinated.

  4. Thanks for your whole labor on this site. Betty takes pleasure in going through research and it is easy to see why. A number of us learn all concerning the powerful mode you produce vital suggestions by means of this web blog and therefore foster contribution from website visitors on the topic then my child is really understanding a lot. Enjoy the rest of the year. Your performing a really good job.

  5. I definitely wanted to make a note in order to express gratitude to you for these remarkable solutions you are posting here. My time consuming internet investigation has finally been compensated with awesome facts and techniques to share with my classmates and friends. I would suppose that many of us site visitors are rather fortunate to be in a decent site with so many wonderful people with great guidelines. I feel somewhat privileged to have encountered the web site and look forward to some more pleasurable minutes reading here. Thanks a lot once more for everything.

  6. I’m also commenting to let you understand what a superb discovery my wife’s princess encountered visiting your site. She noticed several details, including what it’s like to have a very effective coaching mood to have many more quite simply understand several problematic issues. You undoubtedly surpassed my desires. I appreciate you for offering those necessary, safe, educational as well as unique tips about your topic to Gloria.

Napsat komentář

Vaše emailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *