Search code examples
scalamavensbtmaven-centralsbt-release

How to release a Scala library to Maven Central using sbt?

I have an open source Scala project using SBT and I would like to release my library to Maven. How do I do it?

Solution

  • I always forget how to do this. So here are my notes:

    Once in your life:

    1. Create Sonatype account

    For every new developer machine:

    1. Install gpg e.g. on OSX: brew install gpg

    2. Run gpg --gen-key to generate a new key. Remember the passphrase and email you used.

    3. Make sure you see it when you list your secret keys:

      > gpg --list-secret-keys
~/.gnupg/pubring.kbx
-----------------------------------
sec   rsa2048 2019-06-13 [SC] [expires: 2021-06-12]
      F5003E5C4718B1F466B244F766AA02EC8AA60DB9
uid   [ultimate] Pathikrit Bhowmick <[email protected]>
ssb   rsa2048 2019-06-13 [E] [expires: 2021-06-12]

    4. Publish your key:

      > gpg --keyserver hkp://pool.sks-keyservers.net --send-keys F5003E5C4718B1F466B244F766AA02EC8AA60DB9

gpg: sending key 66AA02EC8AA60DB9 to hkp://pool.sks-keyservers.net

    You can also publish your key manually by copy the key

      > gpg --armor --export F5003E5C4718B1F466B244F766AA02EC8AA60DB9

    And submitting it here http://keyserver.ubuntu.com:11371/

    1. Verify that key got published by searching gnupg.net or keyserver.net. This may take up to a day to show up

    2. Add default-key to your gpg.conf:

      > cat ~/.gnupg/gpg.conf
default-key F5003E5C4718B1F466B244F766AA02EC8AA60DB9

    3. Append following to this file (~/.sbt/${SBT_VERSION}/sonatype.sbt):

      credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", "<your username>", "<your password>")

    For each new project:

    1. Create new JIRA issue using your Sonatype account to request new repo

    2. Wait till above issue is resolved

    3. Add sbt-pgp, sbt-release and sbt-sonatype as a plugin to your project. Here is an example plugins.sbt:

      addSbtPlugin("com.github.gseitz"  %   "sbt-release"             % "1.0.0")
addSbtPlugin("com.jsuereth"       %   "sbt-pgp"                 % "1.0.0")
addSbtPlugin("org.xerial.sbt"     %   "sbt-sonatype"            % "0.5.1")

    4. Here is an example build.sbt that I use for multi-projects.

    For each new release:

    1. You may have to do export GPG_TTY=$(tty) to let gpg do password prompt in command line like below: enter image description here

    2. sbt +release (will prompt for passphrase that you created for gpg)

      1. Note: The +release cross releases across your specified crossScalaVersions. If you have pushChanges enabled in your build to push your commit to git remote, make sure you do pushChanges once only on the last crossVersion.

    3. View artifact on Sonatype (the snapshot versions are here). If you cannot see it there you can double check the Nexus Repository Manager

    4. Wait few hours for it to propagate to Maven Central

    Starting Over

    • Sometime release may fail midway and your repository might be stuck in staging. You then have to go to https://oss.sonatype.org > Login > Staging Repositories > Find your repo > Click Drop e.g. enter image description here