Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sonatype requires user token now #340

Merged
merged 2 commits into from
Dec 20, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 8 additions & 17 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,9 @@ Hi, I would like to publish under the groupId: io.github.sbt.
It's my GitHub account https://github.com/sbt/
```

### Optional: create user tokens

If you prefer not to save your actual username and password in GitHub Actions
settings below, generate your user tokens:
Sonatype no longer allows using your actual username and password to
authenticate during publishing. Instead, you must use the name and password
from your "user token".

- login to https://s01.oss.sonatype.org/ (or https://oss.sonatype.org/ if your
Sonatype account was created before February 2021),
Expand Down Expand Up @@ -246,14 +245,10 @@ gpg --armor --export-secret-keys %LONG_ID% | openssl base64
*If you try to display the base64 encoded string in the terminal, some shells (like zsh or fish)
may include an additional % character at the end, to mark the end of content which was not terminated by a newline character. This does not indicate a problem.
Note for Windows - delete any linebreaks or spaces when copying the encoded string from terminal.*
- `SONATYPE_PASSWORD`: The password you use to log into
https://s01.oss.sonatype.org/ (or https://oss.sonatype.org/ if your Sonatype
account was created before February 2021). Alternatively, the password part of
the user token if you generated one above.
- `SONATYPE_USERNAME`: The username you use to log into
https://s01.oss.sonatype.org/ (or https://oss.sonatype.org/ if your Sonatype
account was created before 2021). Alternatively, the name part of the user
token if you generated one above.
- `SONATYPE_PASSWORD`: The password part of your Sonatype
[OSSRH token](https://central.sonatype.org/publish/generate-token/), generated on your Nexus server https://s01.oss.sonatype.org/ or https://oss.sonatype.org/ (not the account password!).
- `SONATYPE_USERNAME`: The username part of your Sonatype
user token (not the account username!).
- (optional) `CI_RELEASE`: the command to publish all artifacts for stable
releases. Defaults to `+publishSigned` if not provided.
- (optional) `CI_SNAPSHOT_RELEASE`: the command to publish all artifacts for a
Expand Down Expand Up @@ -410,16 +405,12 @@ If you prefer to keep most of the information in a git branch instead, you can j

As of February 2024, Sonatype has released a new portal, called Sonatype Central. Users can configure their libraries to be published via this portal by adding the following to `build.sbt`:

```sbt
```sbt
import xerial.sbt.Sonatype.sonatypeCentralHost

ThisBuild / sonatypeCredentialHost := sonatypeCentralHost
```

Users can generate a two-part token, containing username and password values, in their [account](https://central.sonatype.com/account) and then set these to the _SONATYPE_USERNAME_ and _SONATYPE_PASSWORD_ environment variables. All other steps should then work as documented.



### How do I disable publishing in certain projects?

Add the following to the project settings (works only in sbt 1)
Expand Down
Loading