On Sun, Jan 5, 2014 at 2:15 PM, Tommy Svensson <to...@natusoft.se> wrote:
> I was asked to submit one of my opensource tools at github to maven > central. This turned out to be a rather complex procedure. > > Sonatype puts the following requirements on anyone wanting to submit to > maven central: > > - You are forced to set a Sonatype pom as parent of your project and thus > inherit things you have no control over. > Wrong. That POM only helps you having things setup properly, by configuring everything for you to fulfill the requirements without even thinking about it. > - You are forced to have a SNAPSHOT version even if you have no use for > such. > Wrong (see notes below about the maven-release-plugin and "the Maven Way™"). > - You are forced at submission time to select a new version for your > software even if you have no idea if it will be a minor, bugfix or new > functionality at this point in time. > If by "submission time" you mean "mvn release:prepare release:perform", then, well, you're releasing stuff so you'd better know how you want to call it "at that point in time". > - Your public repository (github, etc) which you are forced to point out > in your pom are no longer yours to decide over. It will be updated during > the submission process. > Wrong. This is a result of the maven-release-plugin and "the Maven Way™", but you're not forced to use it to release your artifacts. Some people just put non-SNAPSHOT version in their POM and then use "mvn deploy" to deploy to a Maven repo (such as Sonatype OSS); see https://github.com/resteasy/Resteasy/tree/master/jaxrs, they don't use snapshots. > - After running 3 different mvn commands you also need to login to > Sonatypes nexus server and ”release” the artifacts before the become > available. > Yes, that's how it goes. The idea I think is that the artifacts are temporarily published in a special repository (this is called "staging") so you can update your POMs and test those artifacts before actually releasing them / pushing them to Central. Some people use that to make "release candidates": their stage artifacts, announce it on their project's mailing list and have people test the new thing, and after a few days, if nobody reported a blocking issue, they can just push the "release" button. I believe the Apache Foundation works that way (where people vote +1/0/-1 on the staged artifacts during a couple days to a week) I believe many other people just push the release button right away. Note that you can use the nexus-staging-maven-plugin in your POM to automatically close the staging repository (make it read-only) and even automatically release it afterwards: http://books.sonatype.com/nexus-book/reference/staging-sect-deployment.html#staging-sect-deployment-nexus-staging-maven-plugin > The idea of the maven repository that has grown larger than maven itself > is a completely brilliant idea. It takes open source to a new level where > anyone can just depend on other open source code and automatically download > it on build. This is really good for the open source world (well, at least > the Java/JVM part of it) . The fact that the release process to this > central repository is far too complex, I see as a really great problem, > inhibiting the easy sharing of open source work. Before going further, have you ever deployed artifacts to a repository? More than half of what you're ranting about is about releasing artifacts with Maven and deploying them to a repository, and more specifically about the maven-release-plugin (and many people hate it); only a couple points are about Sonatype OSS and Central. -- Thomas Broyer /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
