You don't have to go through steps 7.a.1. through 7.a.3. if your artifacts have already been released or if you've generated your artifacts using something other than Maven. The steps below allow you to skip using the maven-release-plugin entirely. You can either use the maven-gpg-plugin to sign and deploy your artifacts or upload a staging bundle.
For example, if you want to sign and deploy these artifacts, you will first need to sign them:
You can run mvn javadoc:jar and mvn source:jar respectively to generate -javadoc.jar and -sources.jar.
by Martijn Verburg
Per section 6 above, all project artifacts must be signed using GPG, and your public key must be distributed to hkp://pool.sks-keyservers.net/. For more information, please refer to How To Generate PGP Signatures With Maven. To sign your artifacts using the maven-gpg-plugin, run commands like this:
Because you are specifying -DrepositoryId, make sure you configure a matching server element in settings.xml like this:
The other way to stage existing artifacts is to create a bundle and upload it. For example, if you have the following artifacts:
First create a bundle with a command like this:
Then go to https://oss.sonatype.org, click Staging Upload in the left column. In the Staging Upload panel, select Artifact Bundle as Upload Mode and select the bundle you just created, like this:
Now click the Upload Bundle button, a staging repository will be created for the bundle and the bundle will be validated to ensure that it meets the requirements laid out in section 6 above. If successful, you will get an e-mail telling you if your artifacts are successfully staged and verified.