This project aims to demonstrates building complete CI/CD workflow using GitHub Actions which includes following agenda:
- Automate unit/integration testing
- Validate code formatting
- Add code owners to review code
- Create release drafts and publish them
- Upload artifacts to Sonatype OSSRH and subsequently to Maven Central
- Upload code coverage reports on Codecov.io
- Notify release on Slack
With following issue, I was able to secure the namespace
com.shivamkapoorin Sonatype OSSRH (Open Source Software Repository Hosting).
Install GnuPG and verify the installation
$ gpg --version gpg (GnuPG/MacGPG2) 2.2.8 libgcrypt 1.8.3 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
Generate a key
A key pair allows you to sign artifacts with GPG and users can subsequently validate that artifacts have been signed by you. You can generate a key with:
$ gpg --gen-key
List the keys
Once key pair is generated, we can list them along with any other keys installed:
$ gpg --list-keys /home/foo/.gnupg/pubring.gpg ------------------------------ pub rsa4096 2018-08-22 [SC] 1234517530FB96F147C6A146A326F592D39AAAAA uid [ultimate] your name <email@example.com> sub rsa4096 2018-08-22 [E]
Distribute the key and verify
Since other people need your public key to verify your files, you have to distribute your public key to a key server:
$ gpg --keyserver keyserver.ubuntu.com --send-keys 1234517530FB96F147C6A146A326F592D39AAAAA $ gpg --keyserver keyserver.ubuntu.com --search-keys 'firstname.lastname@example.org'
Export secret keys for sbt
$ gpg -a --export-secret-keys > ~/.sbt/gpg/secring.asc
Create Sonatype credentials file under
.sbtand add following to that file:
$ cat sonatype_credentials realm=Sonatype Nexus Repository Manager host=s01.oss.sonatype.org user=<your username> password=<your password>
sonatype.sbtand add location to sonatype credentials
This lets sbt know what credentials to use to access sonatype OSSRH.
$ cat ~/.sbt/1.0/sonatype.sbt credentials += Credentials(Path.userHome / ".sbt" / "sonatype_credentials")
Publish artifacts to nexus repository
$ sbt publishSigned
Note: Versions that end with
-SNAPSHOT will end up in snapshot repository and won't be eligible for release. Other versions would be released to staging repository which are eligible for release to maven central.
In order to release artifacts against a version, go to staging repository, select the repository, close it and then release.
Note: After you successfully release, your component will be available to the public on Central https://repo1.maven.org/maven2/, typically within 30 minutes, though updates to https://search.maven.org can take up to four hours.
Alternatively, you could use
sbt-sonatype plugin to take care of steps above for you, like so:
$ sbt sonatypeRelease