!!!Maven repository and deployment how-to

makumba has a maven repository at Sonatype: [http://nexus.sonatype.org/oss-repository-hosting.html]

{{{Configuration has been prepared, now you can:
* Deploy snapshot artifacts into repository http://oss.sonatype.org/content/repositories/snapshots
* Deploy release artifacts into the staging repository http://oss.sonatype.org/service/local/staging/deploy/maven2
* Promote staged artifacts into repository 'Releases'
* Download snapshot and release artifacts from group http://oss.sonatype.org/content/groups/public
* Download snapshot, release and staged artifacts from staging group http://oss.sonatype.org/content/groups/staging
}}}

If you want to access it, you need to create a login at [http://oss.sonatype.org/] and ask to be added to the project (send a mail to makumba-devel for instance).

Some comments about the repository and the deployment:
* in order to be synchronized with the public maven repository, the JAR files (and any other artefacts we want to provide) need to be signed. This is why there's now a makumba PGP key ([http://pgp.mit.edu:11371/pks/lookup?search=Makumba&op=index]).
* the Sonatype repository uses Nexus, which has a "staging" concept. Basically we don't release directly to the internal repository at Sonatype (which gets itself synched with the public one), but we deploy to a staging area, and once the artefacts deployed in that area have been validated, they go public. This is a good practice to double-check if everything is okay before going live.

The deployment can be achieved thanks to the ANT task mavenDeploy:

[{Code

ant mavenDeploy -Dtag=makumba-0_8_2_6 -Dkeyphrase=secret -Dusername=manu -Dpassword=myPassword
}]

* __tag__ is the tag of the release to deploy. make sure that you have built the JAR before, e.g. by issuing a %%code ant release%%
* __keyphrase__ is the keyphrase of the PGP key (it's not 'secret', of course)
* __username__ is your Sonatype login
* __password__ is your Sonatype password

Make sure that you read the comments in the %%code doMavenDeploy%% task regarding the signing. These are currently:

{{{ANT support for signature is not mature yet, but it works.
- you need to have the public and private key files for this (makumba-secring.gpg, makumba-pubring.gpg)
- additionally, you need to set up the BouncyCastle provider in your JVM:
  (from http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html)
- Find java.security in /path_to_your_jvm/jre/lib/security
- Add security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider (or .10, or .11, ...)
- Add the bcprov-jdk16-145.jar and bcpg-jdk16-145.jar to /path_to_your_jvm/jre/lib/ext (they're in lib/building/)
}}}

Once you ran the task, log-in on sonatype, go to the staging area, double-check everything, and close the open deployment.
