Maven Central Publish Skill
This skill provides a standardized workflow for publishing Java/Kotlin libraries to the Maven Central Repository using the modern Central Portal (via central-publishing-maven-plugin).
📋 Prerequisites
- 1. Central Portal Account: Sign up at central.sonatype.com.
- Namespace Verified: You must have verified your
groupId (e.g., io.github.username or com.yourdomain) in the portal. - User Token: Generated from the Central Portal (My Account -> Generate User Token).
🛠️ Environment Setup
1. Install Tools
Ensure
maven,
gnupg, and
openjdk-17+ are installed.
CODEBLOCK0
2. GPG Configuration (Critical)
Maven requires GPG signing. For automated/headless environments,
Loopback Pinentry is required.
CODEBLOCK1
3. Maven Settings (~/.m2/settings.xml)
Configure your Central Portal credentials.
CODEBLOCK2
📦 Project Configuration (pom.xml)
Your project MUST meet the Quality Requirements:
- 1. Coordinates:
groupId, artifactId, version. - Metadata:
name, description, url, licenses, developers, scm. - Plugins: Javadoc, Source, GPG, and Central Publishing.
Recommended Plugin Configuration
Add this to your <build><plugins> section:
CODEBLOCK3
🚀 Deployment
Run the deploy command with the release profile active:
CODEBLOCK4
Success Indicators:
- - �INLINECODE20
- INLINECODE21
If autoPublish is false (recommended for first time), log in to central.sonatype.com, review the deployment, and click Publish.
❓ Troubleshooting
| Error | Cause | Fix |
|---|
| INLINECODE23 | Invalid User Token in �INLINECODE24 | Generate new token in Central Portal. Ensure server ID matches. |
| INLINECODE25 |
No pinentry / wrong passphrase | Use
pinentry-mode loopback config; Check
gpg-agent. |
|
Javadoc generation failed | Strict HTML checks | Add
<doclint>none</doclint> to javadoc plugin config. |
|
Invalid coordinates | GroupId mismatch | Ensure
pom.xml groupId matches verified namespace in Portal. |
Maven Central 发布技能
该技能提供了一套标准化工作流程,用于通过现代中央门户(使用 central-publishing-maven-plugin)将 Java/Kotlin 库发布到 Maven Central 仓库。
📋 前置条件
- 1. 中央门户账户:在 central.sonatype.com 注册。
- 命名空间已验证:您必须在门户中验证您的 groupId(例如 io.github.username 或 com.yourdomain)。
- 用户令牌:从中央门户生成(我的账户 -> 生成用户令牌)。
🛠️ 环境设置
1. 安装工具
确保已安装 maven、gnupg 和 openjdk-17+。
bash
Ubuntu/Debian
apt-get install -y maven gnupg openjdk-17-jdk
2. GPG 配置(关键)
Maven 需要 GPG 签名。对于自动化/无头环境,需要
回环 Pinentry。
bash
1. 生成密钥(如果不存在)
gpg --gen-key
2. 配置回环(防止 UI 提示)
mkdir -p ~/.gnupg
echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf
echo pinentry-mode loopback >> ~/.gnupg/gpg.conf
gpg-connect-agent reloadagent /bye
3. 发布密钥
gpg --list-keys # 获取您的密钥 ID(最后 8 个字符或完整十六进制)
gpg --keyserver keyserver.ubuntu.com --send-keys
3. Maven 设置(~/.m2/settings.xml)
配置您的中央门户凭据。
xml
central
USERTOKENUSERNAME
USERTOKENPASSWORD
release
false
gpg
YOURGPGPASSPHRASE
📦 项目配置(pom.xml)
您的项目必须满足质量要求:
- 1. 坐标:groupId、artifactId、version。
- 元数据:name、description、url、licenses、developers、scm。
- 插件:Javadoc、Source、GPG 和 Central Publishing。
推荐的插件配置
将此添加到您的 部分:
xml
org.apache.maven.plugins
maven-source-plugin
3.3.0
attach-sources
jar-no-fork
org.apache.maven.plugins
maven-javadoc-plugin
3.6.3
none
false
attach-javadocs
jar
org.apache.maven.plugins
maven-gpg-plugin
3.1.0
--pinentry-mode
loopback
sign-artifacts
verify
sign
org.sonatype.central
central-publishing-maven-plugin
0.7.0
true
central
false
🚀 部署
使用激活的 release profile 运行部署命令:
bash
mvn clean deploy -P release
成功标志:
- - [INFO] Uploaded bundle successfully...
- [INFO] Deployment ... has been validated.
如果 autoPublish 为 false(首次推荐),请登录 central.sonatype.com,审查部署并点击发布。
❓ 故障排除
| 错误 | 原因 | 修复 |
|---|
| 401 Unauthorized | settings.xml 中的用户令牌无效 | 在中央门户生成新令牌。确保服务器 ID 匹配。 |
| GPG signing failed |
无 pinentry / 密码错误 | 使用 pinentry-mode loopback 配置;检查 gpg-agent。 |
| Javadoc generation failed | 严格的 HTML 检查 | 在 javadoc 插件配置中添加 none。 |
| Invalid coordinates | GroupId 不匹配 | 确保 pom.xml 中的 groupId 与门户中已验证的命名空间匹配。 |
