[GitHub Migration] Release Proces : Move to OSS Sonatype for deployment

[tobyweston]

Currently we publish to Codehaus (via Wagon, using WebDAV). Yuk.

Let's move to OSS Sonatype, it'll mean setting up a deployment PGP key for a more seamless experience. Not sure how to manage that (sharing the secret key between us).

Here's some tips (taken from another project, so take with a pinch of salt).

Links

• Sonatype Maven Repository User Guide
• Setting up PGP

  Publishing to Sonatype Summary

As an abbreviated reminder, follow these steps.

1. Having added the Sonatype parent to your POM.

    <parent>
        <groupId>org.sonatype.oss</groupId>
        <artifactId>oss-parent</artifactId>
    </parent>

1. Having previously generated your PGP key, you may need to install it on the box you intend to deploy from. You will have to export it from the original keyring (where you first created the key pair) and install it along with the public key into the keyring on the machine you want to publish from.

   If you followed the steps in [Setting up PGP](https://docs.sonatype.org/displa y/Repository/How+To+Generate+PGP+Signatures+With+Maven) above, you will have published your public key to, lets say, hkp://pool.sks-keyservers.net.

2. You should just be able to publish via Maven

   mvn clean deploy

If you add the Maven PGP plugin to the pom.xml, it'll automatically sign the artifacts before publishing. You'll just need to enter your pass phrase as part of the build or install the keys into SSH.

Releasing

1. Having prepared a release (tagging etc) with the mvn release plugin.

   mvn release:clean mvn release:prepare

2. you firstly, have to stage the artifacts with Sonatype.

   mvn release:perform

3. This will upload to Sonatype's staging area where you can promote it through to a release via their GUI at https://oss.sonatype.org. Pick up the instructions for the GUI from the [User Guide](https://docs.sonaty pe.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide#SonatypeOSSMavenRepositoryUsageGuide-8.ReleaseIt).

[tobyweston]

Created an issue with OSS Sonatype to start the ball rolling

https://issues.sonatype.org/browse/OSSRH-4894

[tobyweston]

Sonatype have actioned their ticket so we're all ready to go.

[sf105]

Great. Now for distributing the key... Where are you based?

[tobyweston]

The Wharf, we could exchange the "package" at XTC after crimbo perhaps?

[sf105]

sounds good.

[sf105]

one more thing. Where do we keep our pom stuff?

At the moment there's a jmock-packaging repo, and a packaging branch here.

I'm beginning to think that we should just have a packaging/maven/ directory in the master branch.

[tobyweston]

I'd prefer separate projects (as it is now). Mainly because I think it'll could be confusing to have both Ant/shell scripts and poms in a single project (with difference semantics).

Also, in keeping the "maven" artifact release stuff separate means you can give permission to that project without giving SCM permission. I, for example, could push to maven central without having rights to change source code in the main project (or you could accept my pull request ;))

[mattbishop]

How is this going? Maven central still has 2.6.0-RC2 as the latest, not 2.6.0 final. If you finished off this task, the updates to maven central would be automatic...

[tobyweston]

I should be able to push something this week. I'll close this issue when done.

[sf105]

I've given Toby rights to the group

[tobyweston]

I've staged the 2.6.0 release on OSS Sonatype (https://oss.sonatype.org/content/repositories/orgjmock-300/org/jmock/).

I'll do some testing, but if anyone's interested they can log in with their OSS Sonatype username/password, download the artifacts and let me know the results. I'd prefer to get a few +ve votes before releasing proper.

Assuming that's all OK, the next step is 'release it' within Sonatype and prompt the sync to central. I'll do that in a couple of days if I don't get any feedback.