Publish your artifact to the Maven Central Repository using GitHub Actions
Hi there fellow keyboard pusher! So, you’ve created something awesome and now want to share it with the world. Grab a cup of coffee or tea, and let’s dig into a step-by-step guide on how to get your artifact easily available for others to use.
1. Create a Sonatype Account: First step is to create a Maven Central Sonatype Account.
2. Your project’s pom.xml: Add a release profile to your project’s pom.xml
file. This profile defines the necessary configurations for publishing to Maven Central. Here's a sample snippet:
<profiles>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
<version>0.4.0</version>
<extensions>true</extensions>
<configuration>
<publishingServerId>central</publishingServerId>
<tokenAuth>true</tokenAuth>
<autoPublish>true</autoPublish>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.0</version>
<executions>
<execution>
<id>attach-sources</id>
<phase>verify</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.6.3</version>
<executions>
<execution>
<id>attach-javadoc</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<stylesheet>java</stylesheet>
<doclint>none</doclint>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
3. Set Up GitHub Action Workflow: Create a new GitHub Action workflow file named maven-publish.yml
or choose the workflow “Publish Java Package with Maven” in GitHub Actions. End result should be this file:
name: Publish package to the Maven Central Repository
on:
release:
types: [created]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
server-id: central
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Set version
run: mvn versions:set -DnewVersion=${{ github.event.release.tag_name }}
- name: Publish package
run: mvn -P release --batch-mode deploy -DskipTests
env:
MAVEN_USERNAME: ${{ secrets.CENTRAL_TOKEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.CENTRAL_TOKEN_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }}
4. Log into Central Sonatype Account: Access your Central Sonatype account here.
5. Register a Namespace: Within your Central Sonatype account, register a namespace to be allowed to publish your artifact.
6. Generating a key pair and sign your artifact with GPG: Follow this GPG guide to ensure your artifact is signed.
$ gpg --list-keys
/home/mylocaluser/.gnupg/pubring.kbx
---------------------------------
pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23]
CA925CD6C9E8D064FF05B4728190C4130ABA0F98
uid [ultimate] Central Repo Test <central@example.com>
sub rsa3072 2021-06-23 [E] [expires: 2023-06-23]
7. Generate a Central Token: This user token will be used in your settings.xml
and GitHub Action secrets for authentication.
8. Add GitHub Secrets: In your GitHub repository settings, navigate to Secrets and add the following secrets:
- CENTRAL_TOKEN_USERNAME: The username from the generated user token in step 7
- CENTRAL_TOKEN_PASSWORD: The password from the generated user token in step 7
- GPG_SIGNING_KEY: The exported private key generated in step 6
- GPG_SIGNING_KEY_PASSWORD: The password you set for your private key in step 6
9. Create a release: Now you can create a release from your GitHub repository
10. Published: After a while a new artifact should be created and published to Maven Central Repository
Well done, fellow keyboard pusher! You’ve now mastered the art of publishing your artifact. Remember, behind every great artifact is a great coder, and sharing is caring.