Skip to content
This repository has been archived by the owner on Dec 19, 2023. It is now read-only.

Gradle configuration for publishing to Maven Central

Jump to bottom
Michiel Oliemans edited this page Apr 29, 2021 · 1 revision

The Gradle projects in this organization are configured to publish to Maven Central by using the core plugins maven-publish and signing, as well as one open source plugin io.codearte.nexus-staging.

  • signing is responsible for signing the artifacts to be able to publish them to Maven Central. This is only required for final versions, and is not required for Snapshots.
  • maven-publish is responsible for uploading the artifacts to the correct Sonatype repository (snapshots or Maven Central staging)
  • io.codearte.nexus-staging is responsible for closing and releasing the Sonatype staging repository to actual synchronize it to Maven Central.

The configuration used by our projects is based on several online tutorials, and not on just one article.

Signing

Correctly configuring signing turned out to be most complicated to get right. The approach used by our projects is described in this article: https://getstream.io/blog/publishing-libraries-to-mavencentral-2021/#continuous-integration.

The signing plugin requires a couple of properties to be able to sign the artifacts. We've defined them as Organization secrets. One of the requirements is the secret key ring file. The Secret GPG_KEY_CONTENTS contains this file in base64 encoded format. The Github release action has a Prepare environment step that writes the content of that file to a location defined by another secret, making it available in the pipeline for the next step.

The build.gradle file has a section to configure the signing plugin only when it's not a SNAPSHOT version that's being built:

    if (!version.toString().endsWith('-SNAPSHOT')) {
        ext["signing.keyId"] = System.env.SIGNING_KEY_ID
        ext["signing.password"] = System.env.SIGNING_PASSWORD
        ext["signing.secretKeyRingFile"] = System.env.SIGNING_SECRET_KEY_RING_FILE

        signing {
            sign publishing.publications
        }
    }

It assigns the signing properties by getting them from the environment variables.

Publishing

The publishing part is pretty straightforward and easy to configure. The repository to publish too is selected by checking if the version number ends with SNAPSHOT or not. The credentials to be able to push to Sonatype repository are made available to the pipeline through Organization secrets as well.

Synchronize to Maven Central

The nexus-staging plugin closes and releases the Staging repository in Sonatype to Maven Central by running the closeAndReleaseRepository task which is the last task being executed in the release action.

Clone this wiki locally