Deploy Configuration settings for Maven Central

Some Gerrit artifacts (e.g. the Gerrit WAR file, the Gerrit Plugin API and the Gerrit Extension API) are published on Maven Central in the repository.

To be able to publish artifacts to Maven Central some preparations must be done:

  • Create an account on Sonatype’s Jira.

    Sonatype is the company that runs Maven Central and you need a Sonatype account to be able to upload artifacts to Maven Central.

  • Configure your Sonatype user and password in ~/.m2/settings.xml:

  • Request permissions to upload artifacts to the repository on Maven Central:

    Ask for this permission by adding a comment on the OSSRH-7392 Jira ticket at Sonatype.

    The request needs to be approved by someone who already has this permission by commenting on the same issue.

  • Generate and publish a PGP key

    A PGP key is needed to be able to sign the release artifacts before the upload to Maven Central, and to sign the release announcement email.

    Generate and publish a PGP key as described in Working with PGP Signatures.

    Please be aware that after publishing your public key it may take a while until it is visible to the Sonatype server.

    Add an entry for the public key in the key list on the homepage.

    The PGP passphrase can be put in ~/.m2/settings.xml:


    It can also be included in the key chain on OS X.

Deploy Configuration in Maven settings.xml

Gerrit Subproject Artifacts are stored on Google Cloud Storage. Via the Developers Console the Gerrit maintainers have access to the Gerrit Code Review project. This projects host several buckets for storing Gerrit artifacts:

  • gerrit-api:

    Bucket to store the Gerrit Extension API Jar and the Gerrit Plugin API Jar.

  • gerrit-maven:

    Bucket to store Gerrit Subproject Artifacts (e.g. Prolog Cafe).

To upload artifacts to a bucket the user must authenticate with a username and password. The username and password need to be retrieved from the Storage Setting in the Google Cloud Platform Console:

Select the Interoperability tab, and if no keys are listed under Interoperable storage access keys, select 'Create a new key'.

Using Access Key as username and Secret as the password, add the configuration in the ~/.m2/settings.xml file to make the credentials known to Maven:

  <settings xmlns=""

Gerrit Subprojects

  • You will need to have the following in the pom.xml to make it deployable to the gerrit-maven storage bucket:

      <name>Gerrit Maven Repository</name>
In case of JGit the pom.xml already contains a distributionManagement section. To deploy the artifacts to the gerrit-maven repository, replace the existing distributionManagement section with this snippet.
  • Add these two snippets to the pom.xml to enable the wagon provider: