Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(docs): update contributing.md #193

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(docs): update contributing.md #193

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 18 additions & 13 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,30 +56,35 @@ To release the plugin from your local machine, perform the following steps.
When releasing the first time, you need to import the GPG key and add Maven repository credentials to your local machine. If you have done this, you can skip to step 4.
1. Download GPG keys for Maven Central from the password manager.
2. Run `gpg --import maven-master.gpg` and `gpg --import maven-signing.gpg` for the downloaded keys.
3. Populate your `~/.m2/settings.xml` with the following content, replacing ID and password using "Sonatype JIRA" credentials from the password manager:
3. Log in to [Sonatype](https://oss.sonatype.org) with the `Sonatype JIRA` credentials from the password manager.
1. Select the Profile option in the yellow top right dropdown menu. This should open the Profile tab in the main window
2. In the Profile tab, select the User Token option in the select input field. This should navigate to the User Token view in the tab
3. Click the Access User Token button (you will need to reenter your credentials)
4. Copy the generated username and token in your publishing setup
4. Populate your `~/.m2/settings.xml` with the copied credentials:
```xml
<settings>
<servers>
<server>
<id>ossrh</id>
<username>your-jira-id</username>
<password>your-jira-pwd</password>
<username>copied-sonatype-username</username>
<password>copied-sonatype-token</password>
</server>
</servers>
</settings>
```
4. Run `mvn versions:set -DnewVersion=1.2.3` to set `pom.xml` to the desired version to be released.
5. Ensure the build and tests pass, then trigger release using `mvn clean deploy -P release`.
6. Upon successful completion of Step 5, navigate to [Sonatype](https://oss.sonatype.org)
5. Click on [Staging Repositories](https://oss.sonatype.org/#)
6. Select `iosnyk-xxxx`
7. Click on `Close`. If this not available, perform Step 10.
8. Wait for the Close activity to finish (takes about 10 min)
9. Select `iosnyk-xxxx` staging repository again
10. Click on `Release` (takes about 10 min)
5. Run `mvn versions:set -DnewVersion=1.2.3` to set `pom.xml` to the desired version to be released.
6. Ensure the build and tests pass, then trigger release using `mvn clean deploy -P release`.
7. Upon successful completion of Step 5, navigate to [Sonatype](https://oss.sonatype.org)
8. Click on [Staging Repositories](https://oss.sonatype.org/#)
9. Select `iosnyk-xxxx`
10. Click on `Close`. If this not available, perform Step 10.
11. Wait for the Close activity to finish (takes about 10 min)
12. Select `iosnyk-xxxx` staging repository again
13. Click on `Release` (takes about 10 min)

The released version should be available in the [Released repository](https://repo.maven.apache.org/maven2/io/snyk/snyk-maven-plugin/) now. It can take some time to update [Maven Central Repository](https://central.sonatype.dev/artifact/io.snyk/snyk-maven-plugin/2.2.0/versions).

11. Add new release in GitHub manually to create new tag and have better visibility.
14. Add new release in GitHub manually to create new tag and have better visibility.

If you have questions, consult [the official documentation](https://central.sonatype.org/publish/publish-maven) for publishing information.