Publishing artifacts to Sonartype repo
Notes on publishing artifacts
As ever these notes are taken from all over the web and are here as a memory jogger for me, but perhaps others find them useful.
I admit its all a little painful and wierd to publish, but good to do at least once - or many times as I needed for all the little SackFix projects
PGP keys
Generates via Kleopatra
Jonathan Gibbons Jonathan@sackfix.org … Name: Jonathan Gibbons (www.sackfix.org jar key)
Never expires
Certificate created successfully. Fingerprint: …
Key ID: …
Finding the pgp keys
First of all you have to find them on the windows box:
Found where it stores the keys: C:\Users\Jonathan\AppData\Roaming\gnupg
Guessed after reading:
OK, the default location for the GnuPG home directory on Windows is %APPDATA%\GnuPG. This normally expands to C:\Documents and Settings<user>\Application Data\GnuPG.
GnuPG stores its configuration file, gpg.conf, here, as well as the 3 keyring files: pubring.gpg, secring.gpg, & trustdb.gpg.
If you’re going to relocate your keyring files, leave gpg.conf where it is, and just move the three *.gpg files. Then point gpg.conf to the location of the keyring files. Eg, assuming the TrueCrypt volume is mounted as O:,
no-default-keyring
keyring O:\GnuPG\pubring.gpg
primary-keyring O:\GnuPG\pubring.gpg
secret-keyring O:\GnuPG\secring.gpg
trustdb-name O:\GnuPG\trustdb.gpg
Adding keys to SBT
To make my gpg pass phrase available, BUT not checked in, do this Edit C:\Users\Jonathan.sbt\0.13\plugins\pgp.sbt // OLD VERSION: addSbtPlugin(“com.jsuereth” % “sbt-pgp” % “1.0.0”) // in March 2021 this is: addSbtPlugin(“com.github.sbt” % “sbt-pgp” % “2.1.2”)
Edit C:\Users\Jonathan.sbt\0.13\pgp.sbt or C:\Users\Jonathan.sbt\1.0\pgp.sbt
and add
com.typesafe.sbt.pgp.PgpKeys.pgpSecretRing := file(“/Users/Jonathan/AppData/Roaming/gnupg/secring.gpg”)
com.typesafe.sbt.pgp.PgpKeys.pgpPublicRing := file(“/Users/Jonathan/AppData/Roaming/gnupg/pubring.gpg”)
com.typesafe.sbt.pgp.PgpKeys.pgpPassphrase := Some(Array(‘Y’,’o’,’u’,’r’,’P’,’a’,’s’,’s’,’w’,’o’,’r’,’d’))
Configure Sonartype
Edit C:\Users\Jonathan.sbt\0.13\sonartype.sbt
credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", "YourLogin", "YourPassword")
Building in SBT
sbt >project sackfixcommon >show */*:pgpSecretRing >publish-signed >publish-local-signed
Setting up the Sonartype repository
Create a new staging repository: sonatypeOpen “your groupId” “Some staging name” Sign and publish the library to the staging repository: publishSigned You can and should check the published artifacts in the Nexus Repository Manager (same login as Sonatype’s Jira account) Close the staging repository and promote the release to central: sonatypeRelease
sbt >project sackfixcommon # did not need this: creates its own temp staging >sonatypeOpen "org.sackfix" "sackfixstaging" >publishSigned NOW login to Nexus - take a look at the contents of the staging, drop any other staging area that are open etc. https://oss.sonatype.org/#stagingRepositories Search in search box for org.sackfix I then clicked on the close box and said Ready to go, and finally can run: >sonatypeRelease
Some random bits
http://www.scala-sbt.org/0.13/docs/Using-Sonatype.html
Add gpg.exe to the path:
To the project settings add:
useGpg := true
And validate using sbt >check-pgp-signatures