Besides deploying on your own maven mirror repository, one usually also likes to deploy on Maven Central for stability and acceptance http://search.maven.org .
Jogamp lacked this feature since version 2.4.0, so I had to dive back into this matter – especially since Sonatype changed their procedures due to End-of-Life Sunset Date for OSSRH coinciding with Sonatype Nexus Repository 2 Sunsetting Information – both occurred on 2025-06-30. Since then, the Nexus Repository 3 and its (web) API is utilized under the hood.
Today, we have to follow Sonatype’s Central Publisher Portal Guide and the new Portal OSSRH Staging API, to allow still utilizing the regular Maven plugin deployment via e.g. gpg:sign-and-deploy-file deployment method.
- Create an account on https://central.sonatype.com/account.
- Secure your namespace
- Create an API token -> API token username + password to be used with the Portal OSSRH Staging API
- Change your Maven central staging upload URL to https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/
- Drop any package on staging, see Portal OSSRH Staging API script function sonatype_drop_staging below.
- Upload your artifacts for one package, covered by your pom.xml, to staging, via e.g. gpg:sign-and-deploy-file
- Upload your package from staging to the central repository, see Portal OSSRH Staging API script function sonatype_upload_staging below. This must be done for each package after uploading its artifacts to staging.
To use the Portal OSSRH Staging API, we are supported by OSSRH Staging API (swagger) to formulate our curl commands below.
The whole staging API is covered by our JogAmp maven scripting shell functions inside sonatype_api.sh We will discuss the scripts here
The script uses the variables api_user, api_password, repository_key. api_user and api_password are the secrets earlier produced with the API token on Sonatype’s central.
The repository_key must be retrieved by sonatype_search_repos below and it is a unique triple of api_user + upload-IP + namespace and gladly does not change.
Let’s start with sonatype_search_repos to see if any package exist in your own namespace on staging and to retrieve your namespace and API token
sonatype_search_repos() {
res=`curl ${CURL_OPTS} -u ${api_user}:${api_password} --anyauth --request GET \
--header "accept: application/json" \
"https://ossrh-staging-api.central.sonatype.com/manual/search/repositories?ip=any"`
handle_result $? "${res}"
return $?
}If the resulting query contains package information, it contains the required repository_key for our next steps.
The first mutable act is to drop any package if existing in your own namespace on staging via sonatype_drop_staging. This involves using sonatype_search_repos to query the repository_key of an existing package as described above.
sonatype_drop_staging() {
repository_key=$1
if [ -z "${repository_key}" ] ; then
echo "repository_key is empty"
exit 1
fi
res=`curl ${CURL_OPTS} -u ${api_user}:${api_password} --anyauth --request DELETE \
--header 'accept: */*' \
"https://ossrh-staging-api.central.sonatype.com/manual/drop/repository/${repository_key}"`
handle_result $? "${res}"
return $?
}The final mutable act is to upload your package in your namespace on staging via sonatype_upload_staging. This involves using sonatype_search_repos to query the repository_key of an existing package as described above.
sonatype_upload_staging() {
repository_key=$1
if [ -z "${repository_key}" ] ; then
echo "repository_key is empty"
exit 1
fi
res=`curl ${CURL_OPTS} -u ${api_user}:${api_password} --anyauth --request POST \
--header 'accept: */*' \
-d '' \
"https://ossrh-staging-api.central.sonatype.com/manual/upload/repository/${repository_key}?publishing_type=automatic"`
handle_result $? "${res}"
return $?
}This procedure shall release to central namespace and also bring the validated packages into publishing state. The latter may take time, but eventually move into state published.
To manage the Sonatype repository, e.g. see the publishing, published or failed packages we shall log-in to https://central.sonatype.com/account.
Click ‘Publish’ in the top navigation bar, now you should see the successfully
For details, please read JogAmp maven scripting.
***
One issue I have observed is that uploaded artifacts to staging above around 22MB via gpg:sign-and-deploy-file often caused the file to be truncated and hence the web API command sonatype_upload_staging fails due to a mismatch of gpg signature and all checksums. This is observed on a GNU/Linux workstation w/ OpenJDK 17, Maven 3.8 and 3.9. Workaround for the JogAmp project was to compress mentioned files, as gladly their size was due to being an uncompressed jar file. If I receive a solution or learn the culprit, I will post it here.
