Skip to content
Toby Crawley edited this page Sep 24, 2023 · 16 revisions

Pushing is the process of uploading a jar to the Clojars repository so that others can use it.

leiningen

lein deploy clojars

This will prompt you for your username and password. For your password, you will to use a Deploy Token. It is also possible to have them read from an encrypted file.

Clojure CLI

The Clojure CLI/tools.deps.alpha doesn't have a built-in deployment mechanism, but there some community projects that implement it. See Clojure-CLI-deps.edn for instructions.

Maven

Add clojars to the pom.xml:

<distributionManagement>
  <repository>
    <id>clojars</id>
    <name>Clojars repository</name>
    <url>https://clojars.org/repo</url>
  </repository>
</distributionManagement>

Add authentication info to settings.xml:

<settings>
  <servers>
    <server>
      <id>clojars</id>
      <username>username</username>
      <password>deploy-token</password>
    </server>
  </servers>
</settings>

Then you can deploy with

mvn deploy

It is possible to have encrypted credentials.

Boot 2.x

Boot has tasks defined in bootlaces for this purpose.

boot build-jar push-snapshot
boot build-jar push-release

This will prompt you for your username and password, but you can specify it as environment variables too.

Deploy Tokens

See Deploy Tokens.

Validations

When you deploy to clojars, the deployment must pass a set of validations before being finalized to the repository. If any validations fail, the deployment will be rejected with an appropriate error message and nothing will be written to the repository. The following things are validated:

  • a pom file was uploaded
  • the pom parses successfully (is readable)
  • the pom includes at least one license (see below)
  • the group, name, and version are of a valid format
  • the group, name, and version values in the pom match those in the url
  • the group and name don't already exist on Maven Central
  • this isn't a redeploy of a non-SNAPSHOT version
  • a jar was uploaded if the pom packaging is jar
  • the provided checksums match the artifacts
  • if any signature is uploaded, then every artifact has a signature

Licenses

Clojars requires new projects and projects that provided a license in the prior version to include a license in the pom file. Clojars is a repository for open source software, and including the license in the pom allows consumers of your project to audit licensing with existing tooling.

The license block takes the form of (see the official Maven documentation for more details):

licenses>
  <license>
    <name>Apache-2.0</name>
    <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
  </license>
</licenses>

Note that if you use lein or clj-new, a pom with an appropriate license block will be generated for you by default.

This requirement will be extended to all releases on or after 2024-01-01, not just new projects or projects that had a version with the previous release.

Clone this wiki locally