Lab Notes

Things I want to remember how to do.

Publishing to the Maven Central Repository

April 13, 2017

As an exercise in creating a Java library and submitting it to the Central Repository, I created an implementation of the xirr (irregular internal rate of return) function in Java.

If you are interested in what needs to be done to publish to the Maven Central Repository, check out the xirr pom.xml for starters. The distributionManagement section contains configuration for pointing to the Nexus Repository Manager at oss.sonatype.org. This Nexus installation is used as a staging platform for the Central Repository.

Next in the plugins section we include the maven-source-plugin and maven-javadoc-plugin in order to generate the source and javadoc jars for the repository. Your library will not be accepted without these.

Next there is the maven-gpg-plugin for generating signature files for the artifacts. In order to generate the signature files, you will need to have a GPG key and placed the public key on a keyserver. If you don't have this already, google for some GPG tutorials. More about this in a moment.

Finally in the pom.xml we have the nexus-staging-maven-plugin plugin configuration. This plugin overrides the standard deploy plugin to interact with the Nexus Repository Manager.

Both the oss.sonatype.org and the GPG key have authentication credentials which need to be managed as part of the build process. To begin, you need to create a maven master password if you have not already done so. If you are not sure, look for the ~/.m2/settings-security.xml file to see if it has a master element. All the passwords for maven configuration can be encrypted. To generate an encrypted master password, issue the command mvn --encrypt-master-password and then place the result in your ~/.m2/settings-security.xml:

Then you need to encrypt your passwords using mvn --encrypt-password and put them in your ~/.m2/settings.xml:

Note that the first server id corresponds with the id in the distributionManagement section of the pom.xml. The second server id is used by the maven-gpg-plugin by default. Of course that can be changed by configuration, see the documentation of that plugin for details.

When configuring the nexus-staging-maven-plugin in your set the autoReleaseAfterClose property to false. This will allow you to examine the artifacts on the Sonatype OSSRH server before pushing to the Central Repository. After issuing mvn clean deploy verify the artifacts and then use mvn nexus-staging:release to move forward or mvn nexus-staging:drop to start over.

Again, you can see this in action at the java-xirr on GitHub. Also, there is a pretty cool implementation of the xirr function in there as well if you are into that kind of thing. Not to mention a concise implementation of Newton-Raphson using Java 8 features.

Additional Resources: