Skip to content

Instantly share code, notes, and snippets.

@shahsurajk

shahsurajk/pushing_aars_to_maven.md

Created July 15, 2019 12:14
Show Gist options
  • Save shahsurajk/471a10b63207e44bbbaa4badd9706770 to your computer and use it in GitHub Desktop.
Save shahsurajk/471a10b63207e44bbbaa4badd9706770 to your computer and use it in GitHub Desktop.
Download ZIP
Pushing AARs to maven-central
Raw
pushing_aars_to_maven.md

Publishing AAR to maven-central:

We will be using the Nexus Software Repository for pushing our aars to maven-central, there are different methods to do this, another simple way is to upload to bintray and then push to maven-central from there, which one to use can completely depend upon the developer.

The Nexus Software Repository:

Nexus is a tool used by Sonatype to manage repositories. To use nexus, create an account and remember the user and password, this will be required in the automation script to deploy the artifacts.

The automation script:

Back in 2013 (2013, seriously!) Chris Banes wrote a blog post about an automation script he had written for pushing aars to maven, he had written this script for ActionBar-PullToRefresh (Again, this is 2013 we're talking about), this script can now be found on github is valid even to this date.

We will be using this script to push our aars to maven.

Prerequisites:

We're making an assumption here that the following things are already set up:

  1. You have a library project setup already, if not follow this

  2. You have a Nexus account created, the account that you're looking for is a JIRA (issue) account on sonatype (makes no sense, but yeah).

  3. You know how gradle works and your aar is successfully compiling.

The upload process:

To upload the aars to sonatype for the very first time, you will have to create a issue on the sonatype JIRA board (makes no sense, but you gotta do what you gotta do!), this is an issue on the OSSRH (Open Source Software Repository Hosting) board.

You will also need to setup GPG keys in order to sign your aars for pushing them as a release.

We'll go into each of these processes.

OSSRH Issue:

An OSSRH issue is only a first-time thing, to prepare configurations on the sonatype repositories.

A typical issue can look something like this which was for the RecyclerView-FastScroller

Note:

Library groupId should be reverse of a domain which you control. Like for the above mentioned library, since it's by Quiph, we used the groupId as com.quiph If you do not own any domains, you can simply use com.github.<user_name/company_name>. You can check this comment on the above mentioned issue.

GPG Keys and signing:

GPG keys will be required to sign your artifacts.

  1. Check if you have any GPG keys which are not expired,
gpg --list-keys --keyid-format SHORT

  1. If you have keys then copy the key value (this generally comes after a '/' on the pub line) and skip to step 4.

  2. Create a gpg key and copy the value after the '/' on the pub line.

gpg --gen-key
  1. GPG issues: most of the article found today are pretty much outdated. GPG has had a lot of changes since then. One such change is the secring.gpg file generation. This SO Answer answers most of it. TL;DR
gpg --export-secret-keys -o secring.gpg
  1. Once the GPG keys are generated, you now need to publish these keys to an open key server, run the following command to do so:
$ gpg --keyserver hkp://keyserver.ubuntu.com --send-keys YYYYYYYY
$ gpg --keyserver hkp://pgp.mit.edu --send-keys YYYYYYYY
  1. Check these keys:
$ gpg --keyserver hkp://pgp.mit.edu --search-keys johndoe@example.com # Use your email
  1. Once the keys are successfully published, copy them and build the gradle.properties file for maven_push.gradle. This looks something like this:
signing.keyId=xxxxxxx
signing.password=YourPublicKeyPassword
signing.secretKeyRingFile=~/.gnupg/secring.gpg
 
nexusUsername=YourSonatypeJiraUsername
nexusPassword=YourSonatypeJiraPassword

Phew!

Uploading the archives:

The script adds a task uploadArchives. This task will upload the archives to the sonatype repo's 'staging' stage.

Please, ensure that ‘signing’ stage was not skipped. It is skipped if your library name is ending with “-SNAPSHOT", but for releases signing is mandatory.

If all went fine - go to the OSSRH web UI and look for the 'staging' library. It should be somewhere at the end of the list. Select it, and press Close button. Closing a library actually means that we’re ready to release it. Another option is Drop a library, which means removing it from the list. If closing went fine - we should see a Release button active. We release with a note to the JIRA issue for our reference.

After that we should get a response from Sonatype that our library will be available in ~10 minutes and it will be synced with the Maven Central in the next few hours.

And, later you can check it on maven.

References:

  1. Most of this article is borrowed from this
  2. Really good post if you plan on using JCenter
  3. Using GPG for pushing aars. http://gmariotti.blogspot.com/2013/09/publish-aar-file-to-maven-central-with.html
  4. Sonatype's reference for managing staging repos: https://help.sonatype.com/repomanager2/staging-releases/managing-staging-repositories
  5. Really good gist if you're JCenter: https://gist.github.com/lopspower/6f62fe1492726d848d6d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment