Due to Sonatype's strict validation rules, the publishing requirement must be satisfied by every artifact which wants to be published to Sonatype.
For Java and Android library projects, the publishing configurations are very similar, but the configurations of creating publication are quite different, this gradle plugin is used to simplify the engineering complexity of publishing artifacts to Sonatype, developers don't need to write boilerplate publishing DSL for each project to satisfy Sonatype validation rules.
This plugin not only support publishing artifacts to Sonatype, but also support publishing artifacts to private Nexus repository.
For more information, see References
plugins {
kotlin("jvm")
id("io.johnsonlee.sonatype-publish-plugin") version "1.6.1"
}
group = "<your-group-id>"
version = "1.0.0"
Then, execute publish tasks:
./gradlew publishToMavenLocal -x signMavenJavaPublication
To publish artifacts to remote maven repository, additional configurations are quired.
-
OSSRH_USERNAME
The account id of Sonatype, searching from project properties by default, otherwise searching from system env
-
OSSRH_PASSWORD
the account password of Sonatype, searching from project properties by default, otherwise searching from system env
-
OSSRH_PACKAGE_GROUP
The package group of Sonatype, e.g.
io.johnsonlee
, searching from project properties by default, otherwise searching from system env
-
NEXUS_URL
The endpoint of Nexus service, e.g. http://nexus.johnsonlee.io/, searching from project properties by default, otherwise searching from system env
-
NEXUS_USERNAME
The account id of Nexus, searching from project properties by default, otherwise searching from system env
-
NEXUS_PASSWORD
The account password of Nexus, searching from project properties by default, otherwise searching from system env
-
signing.keyId
The GPG key id (short format). In this example, the GPG key id is
71567BD2
$ gpg --list-secret-keys --keyid-format=short /Users/johnsonlee/.gnupg/secring.gpg ------------------------------------ sec 4096R/71567BD2 2021-03-10 [expires: 2031-03-10] uid Johnson ssb 4096R/4BA89E7A 2021-03-10
-
signing.password
The password of GPG key
-
signing.secretKeyRingFile
The secret key ring file, e.g. /Users/johnsonlee/.gnupg/secring.gpg
The best practice is putting the properties above into
~/.gradle/gradle.properties
OSSRH_USERNAME=johnsonlee OSSRH_PASSWORD=********* OSSRH_PACKAGE_GROUP=io.johnsonlee signing.keyId=71567BD2 signing.password=********* signing.secretKeyRingFile=/Users/johnsonlee/.gnupg/secring.gpg
The following git configurations are be used for generating maven POM file, please skip if already done.
-
user.name
git config user.name <username>
-
user.email
git config user.email <email-address>
-
remote.origin.url
(optional)The
remote.origin.url
is available by default unless the git repository is created locallygit remote add origin [email protected]:<username>/<repository>
-
project.group
The
groupId
of the publication, only the root project need to configured, subproejcts will inherit from the root project -
project.version
The
version
of the publication, only the root project need to configured, subproejcts will inherit from the root project
The artifactId
of the publication is the project.name
by default
Add a license file (LICENSE
, LICENSE.txt
, LICENSE.md
or LICENSE.rst
) into project, then the license type will be recognized automatically.
For more information on repository licenses, see "Supported Licenses"
./gradlew initializeSonatypeStagingRepository publishToSonatype
./gradlew closeAndReleaseRepository
./gradlew clean publish
For Android projects, using -x
to disable publication tasks for debug variants:
./gradlew clean publish -x publishDebugPublicationToMavenRepository
After release complete, the artifacts will be synced to Maven Central automatically