Hey all, I'm considering using sonatype.org to host small OSS offerings (please please stop me right here if there's a better hosted solution in your opinion).
Accepting sonatype.org as the way to go: To use them they require that I publish source and javadoc artifacts which I'm confident will be easy enough. The one item I'm uncertain of is the GPG signing. I don't see mention of it in the Gradle docs (fair enough, it's a corner case). Is anyone doing this in a Gradle-integrated way already? If not I can always use maven like so: $ mvn gpg:sign-and-deploy-file > -DpomFile=target/myapp-1.0.pom > -Dfile=target/myapp-1.0.jar > -Durl=https://oss.sonatype.org/service/local/staging/deploy/maven2/ > -DrepositoryId=sonatype-nexus-staging Cheers, Merlyn --- https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven +Repository+Usage +Guide#SonatypeOSSMavenRepositoryUsageGuide-6.CentralSyncRequirement Project POM has the following elements. * <modelVersion> * <groupId> * <artifactId> * <version> * <packaging> * <name> * <description> * <url> * <licenses> * <scm><url> * <scm><connection> * <developers> * If the project packaging is jar, and the jar file contains java classes, there must be a -javadoc.jar for main artifact. * If the project packaging is jar, and the jar file contains java classes, there must be a -sources.jar for main artifact. * All project artifacts are signed using GPG, and the public key is distributed to hkp://pgp.mit.edu/. For more information, please refer to How To Generate PGP Signatures With Maven.
