Skip to content

Commit

Permalink
Updating instructions for publishing to maven. (#542)
Browse files Browse the repository at this point in the history 
* Updating instructions for publishing to maven.

Making clearer the substeps, reorganizing steps, and fixed some incorrect parts.

* Fixed indentation issue.

* Fixed user-id unclear documentation.
  • Loading branch information
@blee1234
blee1234 authored Aug 2, 2022
1 parent b3832b8 commit b263585
Showing 1 changed file with 77 additions and 63 deletions.
140 changes: 77 additions & 63 deletions docs/dev_guide/publish_to_maven.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,82 +7,96 @@ parent: Developer Guides
# Developer Guide for publishing to maven

## Manual Publishing
---

1. Get account details to login to https://oss.sonatype.org/
2. Install GPG, setup keys, and export to a key server

```bash
$ gpg --gen-key
...
Real name: Central Repo Test
Email address: central@example.com
You selected this USER-ID:
"Central Repo Test <central@example.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
...
$ gpg --list-keys
/home/mylocaluser/.gnupg/pubring.kbx
---------------------------------
pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23]
CA925CD6C9E8D064FF05B4728190C4130ABA0F98
uid [ultimate] Central Repo Test <central@example.com>
sub rsa3072 2021-06-23 [E] [expires: 2023-06-23]
$ gpg --keyserver keyserver.ubuntu.com --recv-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98
```

if failing to programmatically export to key server, you can export it manually and upload to http://keyserver.ubuntu.com/ via `submit key`

run the following command to generated the ASCII-armored public key needed by the key server

```
gpg --armor --export user-id > pubkey.asc
```

https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair

3. Setup your credentials locally at `$HOME/.sbt/0.13/sonatype.sbt`

```
credentials += Credentials("Sonatype Nexus Repository Manager",
"oss.sonatype.org",
"(Sonatype user name)",
"(Sonatype password)")
```

(ref, https://github.com/xerial/sbt-sonatype)

4. Publish to maven via sbt
In your feathr directory, clear your cache to prevent stale errors

```
rm -rf target/sonatype-staging/
```

Start sbt console by running
1. Set up GPG for signing artifacts.
* Generate the key, use the name and email you would like to use to identify who uploaded the artifacts. An example email address would be your github email, and name could be `Feathr Developer`, `Feathr Contributor`, your real name, etc.
* ```
$ gpg --gen-key
...
Real name: Central Repo Test
Email address: central@example.com
You selected this USER-ID:
"Central Repo Test <central@example.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
```
* Verify your gpg metadata, and not the uid. In this example it is `CA925CD6C9E8D064FF05B4728190C4130ABA0F98`
* ```
$ gpg --list-keys
/home/mylocaluser/.gnupg/pubring.kbx
...
pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23]
CA925CD6C9E8D064FF05B4728190C4130ABA0F98
uid [ultimate] Central Repo Test <central@example.com>
sub rsa3072 2021-06-23 [E] [expires: 2023-06-23]
```
* Upload gpg keys to a key server
* [Recommended] Upload manually
* Run the following command to generated the ASCII-armored public key needed by the key server. Replaced the {uid} with the uid noted from the earlier step.
* ```
gpg --armor --export {uid} > pubkey.asc
```
* upload to http://keyserver.ubuntu.com/ via `submit key`
* Upload via command line. Currently this hasn't succeeded, if succeeded, please alter the steps here with your fix.
* ```
$ gpg --keyserver keyserver.ubuntu.com --recv-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98
```
---
```
sbt -java-home /Library/Java/JavaVirtualMachines/jdk1.8.0_282-msft.jdk/Contents/Home
```
2. Set up `Sonatype` credentials
* Get account details to login to https://oss.sonatype.org/. Reachout to feathr team, such as @jaymo001 or @hangfei
* Setup the credentials locally
* Create sonatype configuration file
* ```
vim $HOME/.sbt/1.0/sonatype.sbt
```
* Paste the following with the sonatype credentials
* ```
credentials += Credentials("Sonatype Nexus Repository Manager",
"oss.sonatype.org",
"(Sonatype user name)",
"(Sonatype password)")
```
---
Execute command in sbt console to publish to maven
3. Publish to sonatype/maven via sbt
* In your feathr directory, clear your cache to prevent stale errors
* ```
rm -rf target/sonatype-staging/
```
* Start sbt console by running
* ```
sbt
```
* if experiencing java issues try setting the java version like so:
* ```
sbt -java-home /Library/Java/JavaVirtualMachines/jdk1.8.0_282-msft.jdk/Contents/Home
```
* Execute command in sbt console to publish to maven
* ```
reload
; publishSigned; sonatypeBundleRelease
```
---
```
reload
; publishSigned; sonatypeBundleRelease
```
4. "Upon release, your component will be published to Central: this typically occurs within 30 minutes, though updates to search can take up to four hours."
https://central.sonatype.org/publish/publish-guide/#releasing-to-central
5. "Upon release, your component will be published to Central: this typically occurs within 30 minutes, though updates to search can take up to four hours."
https://central.sonatype.org/publish/publish-guide/#releasing-to-central
---
6. After new version is released via Maven, use the released version to run a test to ensure it actually works. You can do this by running a codebase that imports Feathr scala code.
5. After new version is released via Maven, use the released version to run a test to ensure it actually works. You can do this by running a codebase that imports Feathr scala code.
## CI Automatic Publishing
(TBD)
### References
https://github.com/xerial/sbt-sonatype
https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair
https://central.sonatype.org/publish/publish-guide/#deployment
https://www.scala-sbt.org/1.x/docs/Using-Sonatype.html

0 comments on commit b263585

Please sign in to comment.