Andrew Dinn [http://community.jboss.org/people/adinn] modified the document: "Publishing javassist releases to Sonatype public repo/maven central" To view the document, visit: http://community.jboss.org/docs/DOC-15641 -------------------------------------------------------------- This page describes the process for deploying a javassist project release from relase 3.13.0.GA onwards to the Sonatype public repository and from there to maven central. Althoguh it focusses on explaining how to upload javassist releases it should provide enough information to guide anyone wanting to upload some other project's artifacts to Sonatype/maven central h1. Why publish to Sonatype? Previously javassist has published to the JBoss repo. The motive for moving deployment to the Sonatype repo is that it automatically synchronizes installed jars with maven central. Although javassist is a JBoss hosted project it is used by non-JBoss projects. So deploying to Sonatype/maven central gives two successive advantages: * Projects which have no dependency on JBoss can depend on javassist without needing to reference the JBoss repo. As a consequence their dependent projects no longer need to reference the JBoss repo and so on  i.e. this removes the need to introduce the JBoss repo into any upstream dependency chain. * As a direct consequence projects which depend on javassist can install their jars to the maven repo. maven central will only host artifacts whose dependencies are also located in the central repo i.e. it will not allow other repos to be introduced via the downstream dependency chain. h1. pom Conformance Requirements Sonatype and maven central are fussy about what they expect to find in their poms. The http://anonsvn.jboss.org/repos/javassist/tags/rel_3_13_0_ga/pom.xml javassist pom has been modified to meet these https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repositor... pom conformance requirements. h1. Locating Old and New javassist Releases As of release.3.13.0.GA the javassist project is now set up to publish releases to the https://oss.sonatype.org/index.html#view-repositories;public Sonatype public repo. Sonatype will ensure that these new releases are automatically synced with the http://repo2.maven.org/maven2/ maven central repo. The JBoss repo will automatically inherit these new releases form maven central making them available for use in JBoss projects. In order to conform to Sonatype and Maven Cetral guidelines all releases from 3.13.0.GA onwards are installed using groupid org.javassist. Older releases are currently located  in the JBoss public repo under the old groupid javassist. These oleder releases are in the process of being  migrated to the maven central repo +under the old groupid+. However, they are currently still available at the JBoss repo. Snapshot releases are still only deployed to the JBoss snapshots repo. At some point this may be changed so that they are deployed to  the sonatype public snapshots repo but this change should not be critical for most dependent projects. h1. Deploying a javassist tags Release Deployment of a release from the svn tags tree requires first checking out the tag n.b. ensure that the version tags defined in pom.xml and build.xml match those used to create the svn tags directory Anyone with appropriate upload permission can deploy directly to the JBoss repo. This will install a  class jar, a source jar and a javadoc jar in the https://repository.jboss.org/nexus/index.html#stagingRepositories JBoss staging repo. You can then follow the http://community.jboss.org/wiki/MavenDeployingaRelease usual process for closing, validating and then promoting the jars to the public repo. However, this step is unnecessary since upload to Sonatype/maven central will make the jars available via the JBoss releases repo. Uploading to the Sonatype repo requires some preliminary steps described below. Once these have been performed it is almost as simple as uplaoding to the JBoss repo: This should install a gpg-signed class jar, source jar and javadoc jar in the https://oss.sonatype.org/index.html#stagingRepositories Sonatype staging repo. You use the http://community.jboss.org/wiki/MavenDeployingaRelease same process for closing, validating and then promoting the jars to the public repo as applies with the JBoss staging repo. h1. Preliminaries Steps for Sonatype Upload There are several preliminary steps which must be performed before you can upload to the Sonatype repo. h2. Add a Developer Entry The pom shoud be updated to include your details as a javassist developer in the developers section. Ideally this should be done before a release has been tagged. h2. Acquire Sonatype JIRA Login You need to obtain a login for the Sonatype JIRA system. This allows you to raise a JIRA to negotiate access to the repo. It is also used as your login when uplaoding to the repo. * Go to the front page of the https://issues.sonatype.org/ Sonatype JIRA system and click where it says sign up for an account under the box asking for a user name * Raise a JIRA asking to be added to the list of org.javassist developers with upload capability (here is the https://issues.sonatype.org/browse/OSSRH-570 original JIRA which requested permission to uplaod the project) h2. Obtain and Export a gpg Public Key The Sonatype repo requires all jars to be signed so you need to obtain a signing key and export it to a public key server in order for the signed jars to be verified. If you already have a gpg key then you only need to perform the export step. * Create a gpg key Note that you are prompted  to insert a passphrase which you will also be required to enter when you use the key to sign the jars. The private and public keys are stored in dorectory ${HOME}/.gnupg. You can list your keys using command gpg2 --list-keys. * Make your public key available on key server hkp://pgp.mit.edu/ You can now use your saved key and the passphrase you supplied when you created  them to upload to Sonatype. However, you might also want to insatll the passphrase in your settings.xml file so you don't have to keep typing it in every time  a jar is encrypted. h2. Configure Your gpg Passphrase in settings.xml Release jars need to be signed in order to upload them to the Sonatype repo so you will be asked 3 times for your passphrase unless you configure the maven build with the necessary information. The sonatype profile (-P centralRelease) in the project pom adds the gpg plugin to the build. This plugin is configured so that you can pass it a gpg passphrase by setting the required  property in ${HOME}/.m2/settings.xml. Obviously you only need to do this when uploading to Sonatype so it makes sense to place the property in a profile entry labelled with id centralRelease -------------------------------------------------------------- Comment by going to Community [http://community.jboss.org/docs/DOC-15641] Create a new document in Javassist Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]