We will be using the Nexus Software Repository for pushing our aars to maven-central, there are different methods to do this, another simple way is to upload to bintray and then push to maven-central from there, which one to use can completely depend upon the developer.
Nexus is a tool used by Sonatype to manage repositories. To use nexus, create an account and remember the user and password, this will be required in the automation script to deploy the artifacts.
Back in 2013 (2013, seriously!) Chris Banes wrote a blog post about an automation script he had written for pushing aars to maven, he had written this script for ActionBar-PullToRefresh (Again, this is 2013 we're talking about), this script can now be found on github is valid even to this date.
We will be using this script to push our aars to maven.
We're making an assumption here that the following things are already set up:
-
You have a library project setup already, if not follow this
-
You have a Nexus account created, the account that you're looking for is a JIRA (issue) account on sonatype (makes no sense, but yeah).
-
You know how gradle works and your
aar
is successfully compiling.
To upload the aars to sonatype for the very first time, you will have to create a issue on the sonatype JIRA board (makes no sense, but you gotta do what you gotta do!), this is an issue on the OSSRH (Open Source Software Repository Hosting) board.
You will also need to setup GPG keys in order to sign your aar
s for pushing them as a release.
We'll go into each of these processes.
An OSSRH issue is only a first-time thing, to prepare configurations on the sonatype repositories.
A typical issue can look something like this which was for the RecyclerView-FastScroller
Note:
Library
groupId
should be reverse of a domain which you control. Like for the above mentioned library, since it's by Quiph, we used thegroupId
ascom.quiph
If you do not own any domains, you can simply usecom.github.<user_name/company_name>
. You can check this comment on the above mentioned issue.
GPG keys will be required to sign your artifacts.
- Check if you have any GPG keys which are not expired,
gpg --list-keys --keyid-format SHORT
-
If you have keys then copy the key value (this generally comes after a '/' on the
pub
line) and skip to step 4. -
Create a gpg key and copy the value after the '/' on the
pub
line.
gpg --gen-key
- GPG issues: most of the article found today are pretty much outdated. GPG has had a lot of changes since then.
One such change is the
secring.gpg
file generation. This SO Answer answers most of it. TL;DR
gpg --export-secret-keys -o secring.gpg
- Once the GPG keys are generated, you now need to publish these keys to an open key server, run the following command to do so:
$ gpg --keyserver hkp://keyserver.ubuntu.com --send-keys YYYYYYYY
$ gpg --keyserver hkp://pgp.mit.edu --send-keys YYYYYYYY
- Check these keys:
$ gpg --keyserver hkp://pgp.mit.edu --search-keys [email protected] # Use your email
- Once the keys are successfully published, copy them and build the
gradle.properties
file formaven_push.gradle
. This looks something like this:
signing.keyId=xxxxxxx
signing.password=YourPublicKeyPassword
signing.secretKeyRingFile=~/.gnupg/secring.gpg
nexusUsername=YourSonatypeJiraUsername
nexusPassword=YourSonatypeJiraPassword
Phew!
The script adds a task uploadArchives
. This task will upload the archives to the sonatype repo's 'staging' stage.
Please, ensure that ‘signing’ stage was not skipped. It is skipped if your library name is ending with “-SNAPSHOT", but for releases signing is mandatory.
If all went fine - go to the OSSRH web UI and look for the 'staging' library. It should be somewhere at the end of the list. Select it, and press Close button. Closing a library actually means that we’re ready to release it. Another option is Drop a library, which means removing it from the list. If closing went fine - we should see a Release button active. We release with a note to the JIRA issue for our reference.
After that we should get a response from Sonatype that our library will be available in ~10 minutes and it will be synced with the Maven Central in the next few hours.
And, later you can check it on maven.
- Most of this article is borrowed from this
- Really good post if you plan on using JCenter
- Using GPG for pushing aars. http://gmariotti.blogspot.com/2013/09/publish-aar-file-to-maven-central-with.html
- Sonatype's reference for managing staging repos: https://help.sonatype.com/repomanager2/staging-releases/managing-staging-repositories
- Really good gist if you're JCenter: https://gist.github.com/lopspower/6f62fe1492726d848d6d