Operations 11 min read

Automate Maven Central Deployment with GitHub Actions: A Step‑by‑Step Guide

This article explains how to use GitHub Actions to automatically publish a Spring Boot payment library to Maven Central, covering required OSSRH and GPG credentials, Maven POM configuration, secret management, and a complete workflow YAML that triggers on a GitHub release.

Programmer DD

Apr 3, 2021

GitHub Action

GitHub Action is a CI/CD service created by GitHub to simplify automation of software development workflows, allowing you to build, test, and deploy code directly from a repository.

Goal of the tutorial

Demonstrate how to publish the Payment Spring Boot project to Maven Central using a GitHub Action that runs automatically when a GitHub Release is created.

Prerequisites

OSSRH account

GPG key pair (public and private keys)

GitHub Action Secrets

Store sensitive data such as OSSRH username/password and GPG private key/passphrase in GitHub Action Secrets to keep them out of the repository.

GPG details

The GPG_PASSWORD is the passphrase for your GPG private key. Export the secret key with:

gpg --list-secret-keys

gpg -a --export-secret-keys KEY_ID

Replace KEY_ID with the identifier shown by the previous command (e.g., 8AC0AB). The exported block is the value for the GPG_SECRET secret.

Modify the project POM

Adjust pom.xml to include the required distributionManagement, plugin configurations, and signing settings. The template below shows the essential sections (comments indicate parts that must not be changed):

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <groupId>cn.felord</groupId>
    <artifactId>payment-spring-boot</artifactId>
    <version>1.0.9.RELEASE</version>
    <packaging>pom</packaging>
    <name>payment-spring-boot</name>
    <description>wechat-pay and alipay sdk</description>
    ...
    <!-- Deployment profile (required) -->
    <profiles>
        <profile>
            <id>deploy</id>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-gpg-plugin</artifactId>
                        <version>1.6</version>
                        <executions>
                            <execution>
                                <id>sign-artifacts</id>
                                <phase>verify</phase>
                                <goals><goal>sign</goal></goals>
                                <configuration>
                                    <gpgArguments>
                                        <arg>--pinentry-mode</arg>
                                        <arg>loopback</arg>
                                    </gpgArguments>
                                </configuration>
                            </execution>
                        </executions>
                    </plugin>
                    <!-- other plugins omitted for brevity -->
                </plugins>
            </build>
        </profile>
    </profiles>
    <distributionManagement>
        <repository>
            <id>ossrh</id>
            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
        </repository>
        <snapshotRepository>
            <id>sonatype-nexus-snapshots</id>
            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
        </snapshotRepository>
    </distributionManagement>
</project>

Write the GitHub Action workflow

Create a YAML file under .github/workflows (e.g., maven-central.yml) with the following content:

# Workflow name
name: Maven Central Repo Deployment

# Trigger on released GitHub releases
on:
  release:
    types: [released]

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Git Repo
        uses: actions/checkout@v2
      - name: Set up Maven Central Repo
        uses: actions/setup-java@v1
        with:
          java-version: 1.8
          server-id: sonatype-nexus-staging
          server-username: ${{ secrets.OSSRH_USER }}
          server-password: ${{ secrets.OSSRH_PASSWORD }}
          gpg-passphrase: ${{ secrets.GPG_PASSWORD }}
      - name: Publish to Maven Central Repo
        uses: samuelmeuli/action-maven-publish@v1
        with:
          gpg_private_key: ${{ secrets.GPG_SECRET }}
          gpg_passphrase: ${{ secrets.GPG_PASSWORD }}
          nexus_username: ${{ secrets.OSSRH_USER }}
          nexus_password: ${{ secrets.OSSRH_PASSWORD }}

Trigger the Action

Commit the workflow file to the repository. When you create a new GitHub release , the Action runs automatically and publishes the artifact to Maven Central.

Conclusion

The guide shows how a simple GitHub Action can automate the CI/CD process of publishing a Java library to Maven Central, eliminating manual mvn deploy steps and ensuring secure handling of credentials. This workflow is reusable for any Maven‑based project.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.

Java ci/cd Spring Boot GitHub Actions GPG Maven Central OSSRH

Written by

Programmer DD

A tinkering programmer and author of "Spring Cloud Microservices in Action"

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.