It’s a treacherous path. Bring food and a sword.
I tried to follow the official OSSRH guide but I had so many issues… I hope this “guide of the guide” saves you time and frustration.
First things first
- Create a JIRA account on Sonatype’s environment.
- Create a ticket for the creation of your repo.
- Wait 2 business days.
While you wait…
Make sure you have a
pom.xml that complies with Sonatype’s requirements, namely:
- Project coordinates (
- Name, Description and URL
- License info
- Developer info
- Source control (repo) info
It will only get worse from here. You have been warned.
😨 😨 😨 😨 😨 😨 😨 scroll down if you’re brave 😨 😨 😨 😨 😨 😨 😨
Setting up the deployment path
When you get the reply to your Jira Ticket:
Problem (path to config) 🤔
I got a
401 after doing
To solve this, run
mvn -X and search for
Reading user settings from. That’s the folder where you need your
settings.xml to be.
[DEBUG] Reading user settings from /Users/USERNAME/.m2/settings.xml
Problem (ups) 😅
Missing: no sources jar found in folder
Add plugins for source and javadoc, copy-paste from this section.
Problem (signing code) 😵
Missing Signature (...) *.jar.asc' does not exist for
Check if you have GPG installed with
gpg --version. In my case it wasn’t. To install it, using homebrew, just do…
brew install gnupg brew install gnupg2 PATH="/usr/local/opt/gnupg/libexec/gpgbin:$PATH"
- Follow these steps to generate a signature.
settings.xmlagain to include your GPG passphrase.
<settings> <servers> <server> <id>ossrh</id> <username>sonatype credentials</username> <password>sonatype credentials</password> </server> </servers> </settings>
- You must sign at least one file before being able to send the key to the server. You can use any file and delete it afterwards.
For some reason you have to use your passphrase at least once, to “unlock it” or some kind… make sure you are able to receive the key back from the server.
(Attempting to) Publish on Maven Central
mvn release:clean release:prepare
and press Enter to use the defaults
What is the release version for "GroupId:ArtifactId"? What is SCM release tag or label for "GroupId:ArtifactId"? What is the new development version for "GroupId:ArtifactId"?
TIP: more about preparing your code for maven releases here.
Problem (signing failed: Inappropriate ioctl for device) 😖
You need to add these two lines to your bash profile (
GPG_TTY=$(tty) export GPG_TTY
Then restart your terminal.
Problem (signing failed: No such file or directory)
Add this code snippet to your
pom.xml, inside the
<configuration> <!-- Prevent `gpg` from using pinentry programs --> <gpgArguments> <arg>--pinentry-mode</arg> <arg>loopback</arg> </gpgArguments> </configuration>
Problem (accessing git) 😩
You can't push to git...
I had to edit my
pom.xml, according to this precious SO answer to look like this:
<scm> <connection>scm:git:[email protected]/USER/REPO.git</connection> <developerConnection>scm:git:[email protected]:USER/REPO.git</developerConnection> <url>[email protected]/USER/REPO/tree/master</url> </scm>
Problem (git credentials) 😡
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli): Unable to commit files [ERROR] Provider message: [ERROR] The git-push command failed. [ERROR] Command output: [ERROR] Permission denied (publickey).
It was my problem since I could not reach github from my machine (see below)
$ ssh -T [email protected] Permission denied (publickey).
I had to add an SSH key to my account for my machine.
🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆 🏆
🎉 Done 🎉
Next time, you just need to
mvn release:clean release:prepare