wiki:DevDocs/MavenSupport

Publishing for Maven

Prerequisites

  • Make sure you are using Maven version 2.2.1 . The version 2.2.0 has a bug in the calculation of checksums when publishing artifacts.
  • Publishing artifacts is done on the command line.
  • Make sure you have the correct GnuPG key installed for signing the builds and know its passphrase.
  • Your Maven settings.xml (in $HOME/.m2/) should contain your Sonatype user name and password - see below for details.

Publish a Vaadin release version

Currently, Vaadin builds are published by hand rather than with a Maven project. Nightly builds are published automatically by Teamcity. The steps to publish a build are:

  • Prepare the Vaadin Jar (build using TeamCity)
  • copy the pom.xml file from build/maven or edit it in place
  • edit the pom.xml version number field to correspond to the Vaadin version
  • execute the Maven command below
    • see below under Signing if you have multiple GnuPG keys installed
    • replace snapshots with releases to publish a release build (and make sure the version number in pom.xml matches the type)
    • give the passphrase when asked for it
mvn gpg:sign-and-deploy-file -Dfile=vaadin-6.0.1.jar -DrepositoryId=vaadin-releases -DpomFile=pom.xml -Durl=http://oss.sonatype.org/content/repositories/vaadin-releases/

Everything published to the release repository must be identical to what is published on  http://vaadin.com. Once a release is loaded into the local repository of a user, it will not be updated from the repository ever again.

Publishing the Vaadin Archetype

Currently, there is one Vaadin archetype for Maven. This archetype can be used as a template when creating a new Vaadin project, and contains the Color Picker demo application. It is also configured to automatically find and compile GWT modules (widgetsets), refers to the Jetty plugin and has support for hosted mode.

The archetype project is a Maven project that contains the template Maven project. Thus, publishing it can be done in the top-level Maven project like publishing any other Maven project:

  • check out the archetype project from http://dev.vaadin.com/svn/incubator/maven/archetypes/MavenArchetype/
  • go to the project directory
  • edit the top-level pom.xml version number field, including the -SNAPSHOT if appropriate
  • execute the command below
    • see below under Signing if you have multiple GnuPG keys installed
    • replace snapshots with releases to publish a release of the archetype (and make sure the version number in pom.xml matches the type)
    • give the passphrase when asked for it
mvn deploy -DrepositoryId=vaadin-snapshots -DrepositoryUrl=http://oss.sonatype.org/content/repositories/vaadin-snapshots/

The Vaadin archetype depends on specific versions of Vaadin and GWT, which need to be available in the repositories.

More archetypes should be made:

  • an empty Vaadin project (or server-side Hello world application only)
  • a portlet archetype

Background

We are using the  Sonatype OSS repository hosting service, which replicates its contents to the central Maven repositories. This makes publishing artifacts easier than directly replicating them to the central repositories or hosting our own repository.

Vaadin builds and archetypes (and any other Maven artifacts) can be published in two ways:

  • as a snapshot
  • as a release build

A snapshot is a version whose version number in Maven ends in -SNAPSHOT, e.g. 6.0-SNAPSHOT . A dependency to a snapshot version causes Maven to always fetch the latest such snapshot, unlike release builds which are cached just once.

The Sonatype OSS hosting server provides us separate Maven repositories for publishing snapshots and releases. These will be synchronized to the central Maven repositories.

See also #1862.

Signing

Maven artifacts to be published must be signed with our GnuPG key. The above given commands to publish the builds and the Maven plugins defined in the projects take care of the signing.

The public key must be available in a public key repository. See the end of the document  Sonatype OSSRH for instructions.

To use another GnuPG key than your default key, add the parameter -Dkeyname=... to the Maven command lines for publishing builds. The keyname is passed to GPG as the --local-user parameter.

Sonatype Accounts

Each user who wants to be able to publish builds to our Sonatype repositories should have his own user account for them. These are requested from the Sonatype OSSRH administrator (Juven Xu) when needed.

Here is a sample section of $HOME/.m2/settings.xml where to put these:

	<servers>
		<server>
			<id>vaadin-releases</id>
			<username>...</username>
			<password>...</password>
		</server>
		<server>
			<id>vaadin-snapshots</id>
			<username>...</username>
			<password>...</password>
		</server>
	</servers>