Gradle
Deploying to OSSRH with Gradle - Introduction⚓︎
Just like Gradle can be easily configured to consume components from the Central Repository, it can be configured to publish to OSSRH.
Metadata and Signing⚓︎
In order to deploy your components to OSSRH with Gradle, you have to meet the
requirements for your metadata in
the pom.xml
as well as supply the required, signed components.
The maven
plugin for Gradle
can take care of the metadata, generate the required pom.xml
file as
well as take care of the deployment of the build output to the repository.
The signing
plugin
allows you to get the components, created by standard Gradle tasks, signed:
apply plugin: 'maven'
apply plugin: 'signing'
Jar Files⚓︎
For a typical Java project you can add a javadocJar
as well as a
sourcesJar
task
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allSource
}
and hook them up into the artifacts collection together with the project jar itself:
artifacts {
archives javadocJar, sourcesJar
}
Signing Artifacts⚓︎
The defined artifacts can be signed with
signing {
sign configurations.archives
}
Metadata Definition and Upload⚓︎
To prepare for the actual upload, you have to define all the metadata with the help of the maven plugin. Group and version are set within the top level project, while the artifactId is configured for the archiveTask.
group = "com.example.applications"
archivesBaseName = "example-application"
version = "1.4.7"
The generated pom file has to be signed and all signed artifacts then have
to be uploaded. All this can be configured as part of the
uploadArchives
configuration.
Note: As of February 2021, all new projects began being provisioned on https://s01.oss.sonatype.org/. If your project is not provisioned on https://s01.oss.sonatype.org/, you will want to reference the legacy host https://oss.sonatype.org/.
uploadArchives {
repositories {
mavenDeployer {
beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }
repository(url: "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/") {
authentication(userName: ossrhUsername, password: ossrhPassword)
}
snapshotRepository(url: "https://s01.oss.sonatype.org/content/repositories/snapshots/") {
authentication(userName: ossrhUsername, password: ossrhPassword)
}
pom.project {
name 'Example Application'
packaging 'jar'
// optionally artifactId can be defined here
description 'A application used as an example on how to set up
pushing its components to the Central Repository.'
url 'http://www.example.com/example-application'
scm {
connection 'scm:svn:http://foo.googlecode.com/svn/trunk/'
developerConnection 'scm:svn:https://foo.googlecode.com/svn/trunk/'
url 'http://foo.googlecode.com/svn/trunk/'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id 'manfred'
name 'Manfred Moser'
email 'manfred@sonatype.com'
}
}
}
}
}
}
The dependencies from your Grade project will be inserted into the generated pom file.
Credentials⚓︎
The credentials for signing and upload can be stored in your gradle.properties
file in your users home directory. The content would look like this
signing.keyId=YourKeyId
signing.password=YourPublicKeyPassword
signing.secretKeyRingFile=PathToYourKeyRingFile
ossrhUsername=token-username
ossrhPassword=token-password
Do not use your login username and password in settings.xml
Please do not use your UI login username and password in settings.xml. Use the token that was previously generated.
The official Gradle documentation for the Signing Plugin, excerpted below, provides guidance for the values of the first 3 fields:
- The public key ID (The last 8 symbols of the keyId. You can use
gpg -K --keyid-format short
to get it).- The passphrase used to protect your private key.
- The absolute path to the secret key ring file containing your private key. (Since gpg 2.1, you need to export the keys with command
gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg
).These items must be supplied as the values of the
signing.keyId
,signing.secretKeyRingFile
, andsigning.password
properties, respectively.
Deployment⚓︎
With this configuration in place a deployment can be started with
gradle uploadArchives
Releasing the Deployment to the Central Repository⚓︎
Once the deployment is completed, you can proceed to manually release your components.
Alternatively you can use a setup using the Nexus Staging Ant tasks wrapped in Gradle to automate the interactions with the staging repository. An example can be found in the Nexus Repository Manager documentation examples project. Using the Gradle Nexus Staging Plugin can achieve the same automation.
Both approaches allow a fully automated release of components via OSSRH to the Central Repository.
Links⚓︎
- Gradle web site
- Gradle Publishing documentation
- Using Gradle with the Nexus Staging Suite in Repository Management with Nexus
- Gradle example in the Nexus Repository Manager documentation examples project
- Blog post about deploying to OSSRH
- Gradle Nexus Staging Plugin
- Blog post about using Gradle Nexus Staging Plugin on TheNexus
- Publishing Android Archives (AAR) with gradle-mvn-push