This page will guide the development team with setting up their environment to perform a release.
- Install/Configure GPG - The artifacts that are deployed to the central maven repositories need to be signed. To do this you will need to have a public and private keypair. There is a very good guide that will walk you though this.
- Install Maven 2.2.1 or higher. 2.2.0 has a bug that will produce invalid checksums;
- We strongly encourage our developers to install Maven 3.0.1.
As of Maven 2.1.0 you can now encrypt your servers passwords. We highly recommend that you follow this guide to set your master password and use it to encrypt your Sonatype password in the next section.
Using the instructions from the previous step encrypt your Sonatype password and add the following servers to your ~/.m2/settings.xml file. You may already have other servers in this file. If not just create the file.
<?xml version="1.0" encoding="UTF-8"?>
<settings>
<servers>
<server>
<id>sonatype-nexus-snapshots</id>
<username>simone.tripodi</username>
<password>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</password>
</server>
<server>
<id>sonatype-nexus-staging</id>
<username>simone.tripodi</username>
<password>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</password>
</server>
</servers>
</settings>If you're stared a new project, please use the already configured _parent pom_ (actually version 1) to avoid replicate the same meta inf in every project:
<parent> <groupId>org.99soft</groupId> <artifactId>oss-parent</artifactId> <version>1</version> </parent>
Even if follows below a guide that illustrates how to simplify the development, please take a look at the source code to see what has been already declared and don't invest time on something already done.
The release plugin for maven is already configured in the parent pom file so all you need to do is execute the following two steps to complete the release. The first step will create the release tag and update the pom with the correct release and snapshot versions. The second step will sign and deploy the artifacts to the Sonatype open source repository. This repository is synced every hour to the central Maven repositories. If you don't supply the optional gpg.passphrase then you will be prompted for it.
- Prepare the release mvn release:prepare
- Perform mvn release:perform -Dgpg.passphrase=thephrase
or just
mvn release:perform -Pparent-release
and type the gpg passphrase when prompted
Now you can checkout the new release ( or just use the one left over from the release in target/checkout) and issue the following to build the artifacts for the site.
mvn package
The parent pom is configured to work with Sonatype's Nexus to simplify the Staging Repository close and promote operation, without logging in on Nexus using the browser. First of all, add in the ~/.m2/settings.xml the following snippet:
<pluginGroups> <pluginGroup>org.sonatype.plugins</pluginGroup> </pluginGroups>
then in the project dir you can use the nexus goals described on the plugin page
The file located on
https://github.com/99soft/infra/blob/master/KEYS
contains the Sourcesense's developers' GPG keys. Users can import the keys to verify the artifact signatures.
Checkout the file by running
git clone git://github.com/99soft/infra.git
and run
gpg --import KEYS
Checkout the file by running
git clone git@github.com:99soft/infra.git
and run
(gpg --list-sigs <your name> && gpg --armor --export <your name>) >> KEYS
then recommit
git ci -m "added simone's gpg key" && git push
Clone the 99soft site
git clone git@github.com:99soft/99soft.github.com.git
then, from infra, run
mvn site -DoutputDirectory=/location/to/99soft.github.com
then, back to 99soft.github.com dir and run
git ci -m "XXX" && git push