Guide to deploy SNAPSHOT binaries on OSS sonatype repository with Travis CI.
Maven configuration
Maven must be setup to use your personal account to access sonatype repository.
Create a etc/deploy-settings.xml file and use variables to set username and password:
<settings>
<servers>
<server>
<id>ossrh</id>
<username>${env.OSSRH_USER}</username>
<password>${env.OSSRH_PASS}</password>
</server>
</servers>
</settings>This file will be passed to mvn with the option --settings.
Identification
We have two solutions to store ours username and password for Travis CI.
Repository settings
In Travis CI repository settings https://travis-ci.org/user/repository/settings, we can define environment variables OSSRH_USER and OSSRH_PASS. They will be hidden in logs by default.
Encrypt username and password
Obviously we don’t want to store our sensible data in clear text, Travis CI allow us to encrypt data.
gem install travis
And here comes Ruby… if you’re not a ruby developper, things can go wrong from here (at least with OS X).
In my case I faced the error:
> gem install travis
Fetching: multipart-post-2.0.0.gem (100%)
ERROR: While executing gem ... (Gem::FilePermissionError)
You don't have write permissions for the /Library/Ruby/Gems/2.0.0 directory.
The problem comes from the bundled version installed by Apple, Ruby users are certainly using rvm, rbenv or some other tool. But for others who don’t want to waste time trying to figure out the Ruby ecosystem, just:
brew install ruby
Relaunch a shell and travis gem installation should succeed…
We can finally ask travis to encrypt our username and password:
travis encrypt --add -r jcgay/send-notification "OSSRH_USER='toto'"
travis encrypt --add -r jcgay/send-notification "OSSRH_PASS='s3cret&'"
If commands are executed from the project folder, option -r is not necessary and you can use --add to automatically write encrypted keys in .travis.yml.
jcgay/send-notification is the project you want to encrypt keys for.
Configuration de Travis CI
We don’t want to deploy SNAPSHOT when Travis is building a pull-request. We can read ${TRAVIS_PULL_REQUEST} variable to skip deployment when its value equals false.
Same goes when Travis is building a release, as they are made outside Travis in my case, I don’t want a deployment when ${TRAVIS_TAG} variable is not empty.
So our .travis.yml contains:
env:
global:
- secure: GT8Hi5kgx2cLAGzh2ggZNTgiLm8J5fd64SYG3bkhgwZGbV/HRD8r8a1SYv1iQ72JqrDhlHQ7q8h17nDBFLjy99h/XKN4MacBu9CZhnPO7lXpuRefD3W/db6zWSk17a5DAKAt+1UOeyfohEkzx+JHcTfbvMg6hy+3DEPaVMUtV04=
- secure: fQ4bSOcHWEURfsDQVhWA152GCiezQfh9YC45a2zae8oOk+6bIrHmrkJSyVYpUCLGdqO3Df+JTy6bfoqyJEsX7PkzGPZ10odSHw5qDqfTIolt7UympKtUvUNi6h5G6virGhBWjjs5REGjrgWdTlqKjNT2Ax/VlzNRskqaVAhEhl0=
and one more step as after_success:
after_success:
- "[[ ${TRAVIS_PULL_REQUEST} == 'false' ]] && [[ ${TRAVIS_TAG} == '' ]] && mvn deploy -DskipTests --settings etc/deploy-settings.xml"
Enjoy fresh deployed SNAPSHOT !