How To Publish to Maven Central Easily with Mill :: The Mill Build Tool


Next, we need to set up GPG key signing: Maven Central
requires
all uploaded artifacts to be signed with GPG keys. If you don’t have GPG keys already
set up, the Mill command mill.javalib.SonatypeCentralPublishModule/initGpgKeys
walks you through the process to generate a set of keys you can use:

> ./mill mill.javalib.SonatypeCentralPublishModule/initGpgKeys
=== PGP Key Setup for Sonatype Central Publishing ===

Step 1: Generating PGP key pair...

Enter your name: Li Haoyi
Enter your email: user@host.com
Enter passphrase (leave empty for no passphrase):

PGP key generated successfully!

Generated key ID: FF314A017B55A282

Step 2: Uploading public key to keyserver.ubuntu.com...
Public key uploaded successfully!

Step 3: Verifying key upload...
Key verified on keyserver!

Saved secret key to: .../initGpgKeys.dest/pgp-private-key.asc
To store it in your home directory for manual use, you can import it into GnuPG:
  gpg --import ...

=== Setup Complete! ===

To publish to Maven Central from your shell, export the following credentials.
MILL_SONATYPE_PASSWORD and MILL_SONATYPE_USERNAME can be generated at https://central.sonatype.com/usertoken

------------------------------------------------------------------------
export MILL_PGP_SECRET_BASE64=...
export MILL_PGP_PASSPHRASE=...
export MILL_SONATYPE_PASSWORD=...
export MILL_SONATYPE_USERNAME=...
------------------------------------------------------------------------

To publish from GitHub Actions, add the credentials above as repository secrets at

- https://github.com///settings/secrets/actions/new

and then include them in your .github/workflows/publish-artifacts.yml as:

------------------------------------------------------------------------
env:
  MILL_PGP_SECRET_BASE64: ${{ secrets.MILL_PGP_SECRET_BASE64 }}
  MILL_PGP_PASSPHRASE: ${{ secrets.MILL_PGP_PASSPHRASE }}
  MILL_SONATYPE_USERNAME: ${{ secrets.MILL_SONATYPE_USERNAME }}
  MILL_SONATYPE_PASSWORD: ${{ secrets.MILL_SONATYPE_PASSWORD }}
------------------------------------------------------------------------

initGpgKeys takes the necessary inputs (name, email, passphrase) at the command line,
publishes the PGP key to keyserver.ubuntu.com, and verifies that the key is ready to use.
Finally it prints the generated PGP secret for you as BASE64 formatted strings
that are easy to include as environment variables or Github Actions secrets.

Notably, Mill does not require the gpg command-line tool to be installed to work, as
it uses the BouncyCastle Java Library which provides
the same functionality.

Maven Central requires that all artifacts be signed by some GPG key, but it isn’t strict
about which GPG key is used. So if you lose a key for whatever reason (expired, on an old
laptop that got discarded, accidentally rm -rfed your home folder…​) feel free to
just generate a new one.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *