From 8fc51251fbc99745fe559404c9b88c207dd7a6fc Mon Sep 17 00:00:00 2001 From: Frank Delporte Date: Mon, 29 Jul 2024 12:33:18 +0200 Subject: [PATCH 1/2] Explain different Maven upload flows --- docs/modules/examples/pages/maven/maven-central.adoc | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/modules/examples/pages/maven/maven-central.adoc b/docs/modules/examples/pages/maven/maven-central.adoc index c2fa04d56..4b5bb302d 100644 --- a/docs/modules/examples/pages/maven/maven-central.adoc +++ b/docs/modules/examples/pages/maven/maven-central.adoc @@ -27,7 +27,14 @@ You have the option to close and release the staged repository automatically rig repository open and perform close and release operations using the UI. You must login into Sonatype OSSRH using your Sonatype account to do so. -== Portal Publisher API +== Different Work-flows + +The Maven project has a long history and is going through some evolutions to create, upload, manage, and use Java libraries. As a result, there are two approaches to publish artifacts to the repository: + +- Traditional OSSRH way, also known as the Maven Central Nexus Repository. The UI can be accessed via https://oss.sonatype.org. +- New API approach via the Maven Central Repository, creating a login and managing your artifacts can be done via https://central.sonatype.com/ + +=== Portal Publisher API Publishing using the Portal Publisher API requires using the xref:reference:deploy/maven/maven-central.adoc[] deployer. @@ -150,7 +157,7 @@ jreleaser { -- ==== -== OSSRH +=== OSSRH Publishing to OSSRH requires using the xref:reference:deploy/maven/nexus2.adoc[] deployer. From 1a5f41d19feaca09fee8a26d0c9b8113b8a03a98 Mon Sep 17 00:00:00 2001 From: Frank Delporte Date: Mon, 29 Jul 2024 13:54:22 +0200 Subject: [PATCH 2/2] Add link to PGP post --- docs/modules/reference/pages/signing.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/reference/pages/signing.adoc b/docs/modules/reference/pages/signing.adoc index c0a6cd11f..0f76d035c 100644 --- a/docs/modules/reference/pages/signing.adoc +++ b/docs/modules/reference/pages/signing.adoc @@ -4,7 +4,7 @@ Signing ensures that the artifacts have been generated by yourself and your user generated signature with your public signing key. JReleaser can sign all files, including distribution archives and any extra files attached to the project. This section -must be configured if you intend to sign commits as well. You may sign using PGP or link:https://www.sigstore.dev/[Sigstore]'s cosign. +must be configured if you intend to sign commits as well. You may sign using PGP (as described in link:https://maciejwalkowiak.com/blog/publish-java-library-maven-central/#_3-create-gpg-keys[this post by Maciej Walkowiak]) or link:https://www.sigstore.dev/[Sigstore]'s cosign. Use the following options to customize how files may be signed: