Providing an open-source community a free universal cloud platform for distributing and publishing binaries - Bintray was a reliable automated software distribution source. Since Jfrog announced the shutdown of the Bintray hosting service on May 1st, 2021, it will impact all Bintray users.
However, as Jcenter Bintray sunsetting news is unsettling and alarming for many organizations, all we can do now is focus on migrating from Bintray. Those who do not migrate within 6 months will likely see their deployment failing - As Bintray will start to clear out the data soon. We know the task is tough and challenging for most organizations. But we suggest marking migrating off of Bintray as an important and urgent task.
Since every organization uses different types of packages, your migration options will depend on which packages you use. But in this post, to help make your migration easier, we’ve aimed to provide you with a comprehensive guide, and we added steps to migrate from Bintray to the Central Repository. We will discuss the migration to The Central Repository in the simplest steps possible.
We would also like to introduce an alternative package manager tool, packagecloud, which allows you to have a better experience with your packages. You should sign up for the packagecloud free trial and stop worrying about your packages today.
Let’s get started with how to migrate to the Central Repository guide!
How to Migrate To Central Repository With OSSRH
To move packages to the Central Repository, the main walkway is Sonatype OSSRH (OSS Repository Hosting) - OSSRH. To provide the repository hosting service for open source project binaries, it uses Sonatype Nexus Repository Manager. OSSRH using the maven central repository format allows users to:
- Deploy development version binaries (Snapshots)
- Stage release binaries
- Promote released binaries and sync them all to the Central Repository
The initial composition of the central repository will need some manual approvals. The reason behind doing the manual review is the security of the projects published to it. Since the Central Repository is the key infrastructure, it’s also a key target of the Software Supply Chain attacks. Thus, to keep probability high, initial manual reviews are done.
Once you have passed all the validation requirements, your entire process can be automated afterward.
So, let’s begin with the initial setup.
- The Initial Setup -
For the initial set-up, you need to generate a ticket with Sonatype. But, as Sonatype uses JIRA to manage the rockets, you need to create an account in JIRA and then create a new ticket. When you are done creating a ticket, claim a namespace on the Central repository for your project. This kickstart will trigger the creation of your repository and will give you access to the OSSRH.
NOTE: The validation might take two business days. Since they want to maintain an upgraded channel for the community, they go through each small detail.
- Requirements - Your Deployment Components Must Meet -
In order to meet the quality requirements of the components available at Central Repository, there are a set of conditions we want our users to meet. It will allow users to have access to all the details about the components in the Central Repository from the metadata provided in it. Here is a brief list of the requirements:
- Supply Javadoc and Sources
- Sign Files with GPG/PGP
- Sufficient Metadata
- Correct Coordinates
- Project Name, Description, and URL
- License Information
- Developer Information
- SCM Information
To add components to the central repository, the above-mentioned requirements have to be met. In case they are not met, the approval of the components seems discouraged too.
- The Deployment -
To publish your stuff to OSSRH, you can use one of many ways from numerous options in your native tools. There are different approaches and tools you can use.
Below mentioned are a few tools and approaches:
- Apache Maven
- Apache Ant
- Manual Staging Bundle Creation and Deployment
The rough limit of every file uploaded to the OSSRH is 1024 MB. However, if your file reaches this limit, your upload will fail with the broken pipe exception. To upload larger files than the defined limit, you can contact their support directly for help.
NOTE: At this moment, your projects are uploaded only to the private repository, which is accessible only to the project members.
- The Release to Central -
When you want to release packages from a private temporary repository, you can do that using a command line. Or, if you use Nexus Staging Maven Plugin, Ant Tasks, or other, you will need to login to the OSSRH available at https://s01.oss.sonatype.org/. In order to work, examine, and release your repository, log in on the OSSRH, take the respective measures it takes you through, and then you can release those components to central.
- OSSRH Note For Users:
When you have published or released your components, you can automate all the steps given above using Gradle, Maven Staging, Starship, or other means. Alongside, the publisher will always have access to the components in the OSSRH directly.
If you follow the above-given steps correctly, you can successfully migrate from Bintray to the Central Repository.
Now, we would like to introduce you to the replacement of Bintray, which is not just the same as Bintray, but better.
Switch To PackageCloud For a Better Experience
After you have read about the guide on how to move the components from Bintray to the Central Repository, it is advisable to use a package manager where you can get a better experience and where each user’s local repository can be connected and accessed.
With a central repository - version changes can’t be saved, remote commit gets slower, and unsolicited data might ruin the development. And since the central repository is always prone to attacks, your software might not stay as safe as you want it to be. Going further, as there are many other limitations attached with the Central Repository, we suggest you switch to PackageCloud, which is just like Bintray and even better.
PackageCloud’s Maven central repository is the premium alternative to Bintray which supports key functions of automated software distribution seamlessly and safely. With the Artifactory enhanced capabilities, PackageCloud helps to distribute, manage, and control your software packages all in one place.
When PackageCloud says, we are a premium alternative and just like Bintray but better, we really mean it. Why do we say so? You can read all the offering features of PackageCloud below and see why we call ourselves a better and the best replacement to Bintray.
- Manage all Your Packages From One Interface
To deploy all your data from Bintray to Packagecoud, you can use any of your favorite build tools, including - Maven, SBT, Gradle, or Leiningen because PackageCloud supports it all.
- Every Package Is Shipped & Deployed Securely
You can opt to Deploy from your own CI system. For deployment based on the CI system, we provide customized instructions for all including - CircleCI, Jenkins, and Travis CI.
- Supports SNAPSHOT
PackageCloud has seamless support for SNAPSHOT. It allows you to download or upload SNAPSHOT versions from any build tool without workarounds or a special configuration.
- CDN Backed & IPv6
When you switch to the PackageCloud Maven central account, you can access all API endpoints and repositories with IPv6 which are backed with the Fastly content delivery network.
You can go for reliable and fast downloads for RPM, Java, RubyGem, Python, Debian, and NPM packages.
- One API To Manage All Packages
With a single CLI and powerful API, you can manage all your package types and deploy them to any environment.
- Tokens Enhance Flexibility
With Master Token, Read Token, and API Token, you can manage and control access for groups and cases of private repositories. With this, you can limit the access and share repositories more securely.
- Add Unlimited Collaborators on Public & Private Repositories
With your repositories on PackageCloud, you can add up an unlimited number of users and collaborators to manage repositories. It means, if you work on-premises or remotely, your entire team can be on the same page with seamless speed and security.
- We Always Choose SSL
We make our sites work on HTTPS. So, misconfiguration or accidentally exposing repositories over plaintext HTTP is not a possibility, even by chance.
- Download & Installation Statistics - In Detail
From our stats API, you get detailed installation and download information. You understand your users and who is consuming your packages. You can view the stats of specific packages or the entire repositories.
- Package Promotion
You can promote packages between feeds from staging to production using the Promote API of PackageCloud. Use CI/CD integration or web UI to keep any potential unacceptable licenses and vulnerabilities away from production.
- CLI Helps in Quick & Easy Management Of Packages
When you have Command-line client tools installed, you can create repositories and push packages easily and effortlessly.
- Packages, PackageCloud Supports
So, if you are looking forward to which packages does PackageCloud Supports, here is the list:
- APT/Debian Packages
- NPM Registry
- Yum/RPM Packages
- RubyGem Packages
- Python Packages
When you want an alternative to Bintray, you indeed need one that's better and more efficient than the one you used in the past. PackageCloud, having all the qualities of Bintray and more, distributes software with safety, speed, and consistency without even owning an infrastructure.
PackageCloud is capable of holding all your packages in one place, allowing you to have control over all and particular package(s) you are using.
To know if PackageCloud is similar and better than Bintray or not, get the packagecloud free trial, and see how easy it is to store and access all packages.