Vespene

A set of tools to work with Sonatype Nexus repositories

License

License

Categories

Categories

Net
GroupId

GroupId

net.mbonnin.vespene
ArtifactId

ArtifactId

vespene-lib
Last Version

Last Version

0.5
Release Date

Release Date

Type

Type

pom.sha512
Description

Description

Vespene
A set of tools to work with Sonatype Nexus repositories
Project URL

Project URL

https://github.com/martinbonnin/vespene
Source Code Management

Source Code Management

https://github.com/martinbonnin/vespene

Download vespene-lib

Dependencies

compile (3)

Group / Artifact Type Version
org.jetbrains.kotlinx : kotlinx-coroutines-core-jvm jar 1.4.2
com.squareup.retrofit2 : retrofit jar 2.9.0
org.jetbrains.kotlin : kotlin-stdlib-jdk8 jar 1.4.30

runtime (5)

Group / Artifact Type Version
com.squareup.okhttp3 : okhttp jar 4.9.0
com.squareup.retrofit2 : converter-moshi jar 2.9.0
org.bouncycastle : bcprov-jdk15on jar 1.64
org.bouncycastle : bcpg-jdk15on jar 1.64
com.squareup.moshi : moshi jar 1.11.0

Project Modules

There are no modules declared in this project.

Maven Central

Vespene adds fuel to your Nexus repositories.

Maven Central is a great place to host maven packages but publishing often comes with some friction.

Vespene is a set of tools to help library maintainers upload existing packages to Maven Central and other Nexus repositories without having to build older versions or modify their Gradle files.

For now, the main focuses are:

  • Avoiding split repositories during upload by creating a staging repository before upload and uploading all files to this staging repository.
  • GPG Signing without having to deal with GPG using BouncyCastle instead.
  • Helpers for md5/sha1 checksums.
  • A Nexus 2.x (OSSRH is still on 2.x) API that gathers scattered documentation.
  • Automating (almost) everything

More to come, contributions welcome!

Moving existing artifacts from JCenter to Maven Central

With JCenter shutting down, moving existing artifacts to Maven Central will make sure older versions will stay available in the long term. Bintray has a very handy sync checkbox that syncs artifacts to Maven Central. This works well with two limitations:

  • That gives your sonatype credentials to Bintray.
  • It doesn't work if your artifacts do not pass the mavenCentral requirements

That last point can happen relatively frequently given that JCenter is less strict than Maven Central and allows artifacts without sources/javadoc, pom files with missing information, etc..

Vespene comes with a kscript-based script to automate much of the process of re-computing checksums, signatures, etc..

To upload with the bundled upload.kts script:

# Use lftp to download your existing files
# Try not to download all of JCenter if possible 😅
brew install lftp
# Here enter the path stopping at the directory of your group id.
lftp https://jcenter.bintray.com/com/example/
> mirror . my-local-repo
# Download the script from this repo
curl -s "https://raw.githubusercontent.com/martinbonnin/vespene/main/upload.kts" > upload.kts
chmod +x upload.kts
# install kscript if you don't have it already
curl -s "https://get.sdkman.io" | bash
sdk install kscript
# Set env variables: 
export SONATYPE_NEXUS_USERNAME=... #(this is from your Sonatype jira account)
export SONATYPE_NEXUS_PASSWORD=...
# Export your private key 
export GPG_PRIVATE_KEY="$(gpg --armour --export-secret-keys KEY_ID)"
export GPG_PRIVATE_KEY_PASSWORD=...

# Read the script and **make sure you understand what it does**
# In a nutshell, it will patch .pom files, add missing .md5 and .asc files and upload everything 
# If that doesn't fit your requirements, edit the script with `kscript --idea upload.kts`

# Prepare your files.
./upload.kts prepare --input my-local-repo/ --output tmp/ --group com.example [--pom-project-url https://...]

# Upload them. 
# It will take time!
./upload.kts upload --input tmp/
 
# upload.kts does not release automatically (although it's easy to add it)
# To release, go to https://oss.sonatype.org/#stagingRepositories, check your contents and hit "Release" for repositories 
# that look good. 
# If there are errors, tweak the script until checks pass

# For other options about specifying versions, pom fields, etc, use --help
./upload.kts --help 

Using the lib

The provided script makes some assumptions. It's going to reuse the existing JCenter signatures for an example to make as little changes as possible to the existing files but this might be inconvenient.

If you want to tweak the script, or want to do other Nexus operations, you can also use the API directly from the vespene-lib artifact:

dependencies {
    implementation("net.mbonnin.vespene:vespene-lib:$latest")
}

And use NexusStagingClient:

  val client = NexusStagingClient(
    username = sonatypeUsername,
    password = sonatypePassword,
    stagingProfileId = sonatypeProfileId
  )

  val repositoryId = client.upload(File("/path/to/your/files"))
  client.close(repositoryId)
  // release/drop/etc...

Contributions/questions are welcome.

Versions

Version
0.5
0.4
0.3
0.2
0.1