Maven Central is a great place to host maven packages but publishing often comes with some friction.
Vespene is a set of tools to help library maintainers upload existing packages to Maven Central and other Nexus repositories without having to build older versions or modify their Gradle files.
For now, the main focuses are:
- Avoiding split repositories during upload by creating a staging repository before upload and uploading all files to this staging repository.
- GPG Signing without having to deal with GPG using BouncyCastle instead.
- Helpers for md5/sha1 checksums.
- A Nexus 2.x (OSSRH is still on 2.x) API that gathers scattered documentation.
- Automating (almost) everything
More to come, contributions welcome!
Moving existing artifacts from JCenter to Maven Central
With JCenter shutting down, moving existing artifacts to Maven Central will make sure older versions will stay available in the long term. Bintray has a very handy sync checkbox that syncs artifacts to Maven Central. This works well with two limitations:
- That gives your sonatype credentials to Bintray.
- It doesn't work if your artifacts do not pass the mavenCentral requirements
That last point can happen relatively frequently given that JCenter is less strict than Maven Central and allows artifacts without sources/javadoc, pom files with missing information, etc..
Vespene comes with a kscript-based script to automate much of the process of re-computing checksums, signatures, etc..
To upload with the bundled upload.kts script:
# Use lftp to download your existing files
# Try not to download all of JCenter if possible 😅
brew install lftp
# Here enter the path stopping at the directory of your group id.
lftp https://jcenter.bintray.com/com/example/
> mirror . my-local-repo
# Download the script from this repo
curl -s "https://raw.githubusercontent.com/martinbonnin/vespene/main/upload.kts" > upload.kts
chmod +x upload.kts
# install kscript if you don't have it already
curl -s "https://get.sdkman.io" | bash
sdk install kscript
# Set env variables:
export SONATYPE_NEXUS_USERNAME=... #(this is from your Sonatype jira account)
export SONATYPE_NEXUS_PASSWORD=...
# Export your private key
export GPG_PRIVATE_KEY="$(gpg --armour --export-secret-keys KEY_ID)"
export GPG_PRIVATE_KEY_PASSWORD=...
# Read the script and **make sure you understand what it does**
# In a nutshell, it will patch .pom files, add missing .md5 and .asc files and upload everything
# If that doesn't fit your requirements, edit the script with `kscript --idea upload.kts`
# Prepare your files.
./upload.kts prepare --input my-local-repo/ --output tmp/ --group com.example [--pom-project-url https://...]
# Upload them.
# It will take time!
./upload.kts upload --input tmp/
# upload.kts does not release automatically (although it's easy to add it)
# To release, go to https://oss.sonatype.org/#stagingRepositories, check your contents and hit "Release" for repositories
# that look good.
# If there are errors, tweak the script until checks pass
# For other options about specifying versions, pom fields, etc, use --help
./upload.kts --help
Using the lib
The provided script makes some assumptions. It's going to reuse the existing JCenter signatures for an example to make as little changes as possible to the existing files but this might be inconvenient.
If you want to tweak the script, or want to do other Nexus operations, you can also use the API directly from the vespene-lib
artifact:
dependencies {
implementation("net.mbonnin.vespene:vespene-lib:$latest")
}
And use NexusStagingClient:
val client = NexusStagingClient(
username = sonatypeUsername,
password = sonatypePassword,
stagingProfileId = sonatypeProfileId
)
val repositoryId = client.upload(File("/path/to/your/files"))
client.close(repositoryId)
// release/drop/etc...
Contributions/questions are welcome.