Skip to content
Alex Miller edited this page Jan 16, 2024 · 16 revisions

Pushing is the process of uploading a jar to the Clojars repository so that others can use it.

leiningen

lein deploy clojars

This will prompt you for your username and password. For your password, you will to use a Deploy Token. It is also possible to have them read from an encrypted file.

Clojure CLI

The Clojure CLI/tools.deps.alpha doesn't have a built-in deployment mechanism, but there some community projects that implement it. See Clojure-CLI-deps.edn for instructions.

Maven

Add clojars to the pom.xml:

<distributionManagement>
  <repository>
    <id>clojars</id>
    <name>Clojars repository</name>
    <url>https://clojars.org/repo</url>
  </repository>
</distributionManagement>

Add authentication info to settings.xml:

<settings>
  <servers>
    <server>
      <id>clojars</id>
      <username>username</username>
      <password>deploy-token</password>
    </server>
  </servers>
</settings>

Then you can deploy with

mvn deploy

It is possible to have encrypted credentials.

Boot 2.x

Boot has tasks defined in bootlaces for this purpose.

boot build-jar push-snapshot
boot build-jar push-release

This will prompt you for your username and password, but you can specify it as environment variables too.

Deploy Tokens

See Deploy Tokens.

Validations

When you deploy to clojars, the deployment must pass a set of validations before being finalized to the repository. If any validations fail, the deployment will be rejected with an appropriate error message and nothing will be written to the repository. The following things are validated:

  • a pom file was uploaded
  • the pom parses successfully (is readable)
  • the pom includes at least one license (see below)
  • the group, name, and version are of a valid format
  • the group, name, and version values in the pom match those in the url
  • the group and name don't already exist on Maven Central
  • this isn't a redeploy of a non-SNAPSHOT version
  • a jar was uploaded if the pom packaging is jar
  • the provided checksums match the artifacts
  • if any signature is uploaded, then every artifact has a signature

Licenses

Clojars requires projects to include a license in the pom file. Clojars is a repository for open source software, and including the license in the pom allows consumers of your project to audit licensing with existing tooling.

The license block takes the form of (see the official Maven documentation for more details):

<licenses>
  <license>
    <name>Apache-2.0</name>
    <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
  </license>
</licenses>

Note that if you use lein or deps-new, a pom with an appropriate license block will be generated for you by default.

If you are using clojure/tools.build, the write-pom function can also generate a pom for you. See the Clojure Guide for tools.build or this example from next-jdbc.