Gradle Plugin for publishing artifacts to Sonatype

Introduction

Due to Sonatype’s strict validation rules, the publishing requirement must be satisfied by every artifact which wants to be published to Sonatype.

For Java and Android library projects, the publishing configurations are very similar, but the configurations of creating publication are quite different, this gradle plugin is used to simplify the engineering complexity of publishing artifacts to Sonatype, developers don’t need to write boilerplate publishing DSL for each project to satisfy Sonatype validation rules.

Prerequisite

• Sonatype Account
• GPG key

For more information, see References

Getting Started

Apply plugin

Plugins DSL

plugins {
    id("io.johnsonlee.sonatype-publish-plugin") version "1.2.0"
}

Legacy DSL

buildscript {
    repositories {
        mavenCentral()
        google()
        gradlePluginPortal()
    }
    dependencies {
        classpath("io.johnsonlee:sonatype-publish-plugin:1.2.0")
    }
}

apply plugin: "io.johnsonlee.sonatype-publish-plugin"

Configure env and properties

• OSSRH_USERNAME

  The account id of Sonatype, searching from project properties by default, otherwise searching from system env

• OSSRH_PASSWORD

  the account password of Sonatype, searching from project properties by default, otherwise searching from system env

• OSSRH_PACKAGE_GROUP

  The package group of Sonatype, e.g. io.johnsonlee

• signing.keyId

  The GPG key id (short format). In this example, the GPG key id is 71567BD2

  $ gpg --list-secret-keys --keyid-format=short
  /Users/johnsonlee/.gnupg/secring.gpg
  ------------------------------------
  sec   4096R/71567BD2 2021-03-10 [expires: 2031-03-10]
  uid                  Johnson
  ssb   4096R/4BA89E7A 2021-03-10
  

• signing.password

  The password of GPG key

• signing.secretKeyRingFile

  The secret key ring file, e.g. /Users/johnsonlee/.gnupg/secring.gpg

  The best practice is putting the properties above into ~/.gradle/gradle.properties

  OSSRH_USERNAME=johnsonlee
  OSSRH_PASSWORD=*********
  OSSRH_PACKAGE_GROUP=io.johnsonlee
  signing.keyId=71567BD2
  signing.password=*********
  signing.secretKeyRingFile=/Users/johnsonlee/.gnupg/secring.gpg

Configure git repository

The following git configurations are be used for generating maven POM file

• user.name

  git config user.name <username>

• user.email

  git config user.email <email-address>

• remote.origin.url (optional)

  The remote.origin.url is available by default unless the git repository is created locally

  git remote add origin git@github.com:<username>/<repository>

Configure License (optional)

Add a license file (LICENSE, LICENSE.txt, LICENSE.md or LICENSE.rst) into project, then the license type will be recognized automatically.

For more information on repository licenses, see “Supported Licenses“

Publish Artifacts to Sonatype

./gradlew clean publishToSonatype

Release Artifacts

./gradlew closeAndReleaseRepository

After release complete, the artifacts will be synced to Maven Central automatically

References

• OSSRH Requirements
• OSSRH Guide
• Generating A New GPG Key

GitHub

https://github.com/johnsonlee/sonatype-publish-plugin