Upload to Sonatype

Steps to upload to Sonatype

Sonatype requires new users to register at https://issues.sonatype.org/secure/Dashboard.jspa. These credentials becomes your ossrhUsername and ossrhPassword.

Sonatype uploads also require the use of gpg and that you have existing GPG keys.

Gradle Setup

This project's build.gradle already contains the necessary gradle blocks described by Sonatype.

We still need to setup the credentials. There are two methods to setup the credentials.

The first method to setup the needed credentials is to have a gradle.properties file in your $HOME/.gradle/ folder with the below content:

signing.keyId=<gpg key ID here>
signing.password=<gpg password here>
signing.secretKeyRingFile=/path/to/your/secring.gpg
ossrhUsername=<sonatype account name here>
ossrhPassword=<sonatype account credential here>

The second method is to define the below environment variables:

export SONATYPE_USERNAME=<sonatype account name here>
export SONATYPE_PASSWORD=<sonatype account credential here>
export GPG_KEYRING_FILE=/path/to/your/secring.gpg
export GPG_KEY_ID=<gpg key ID here>
export GPG_KEY_PASSPHRASE=<gpg password here>

The second method only works because of the project's build.gradle reading these environment variable.

Extra Step to prepare secring.gpg

This step is due to historical reason and latest changes made in gpg which originally keep the public key pairs in two files:

• pubring.gpg
• secring.gpg

GPG realized that this separation in two files leds to inconsistencies so in GnuPG 2.1 version and above they merged the contents into one file pubring.kbx which is incompatible to the current sonatype signing plugin. Therefore, this extra step is required to prepare the older but compatible secring.gpg.

gpg -K                                                     # know your gpg keys and choose a <key id> to use
gpg --send-keys --keyserver keyserver.ubuntu.com <key id>  # upload your chosen <key id> to a key server
gpg --export-secret-keys -o /some/secure/path/secring.gpg  # this is for gpg compatibility

Upload to Sonatype in Gradle

From the project's root location, open a terminal and do: ./gradlew uploadArchives

The jar/aar file will be uploaded to Sonatype.

Make a release in Sonatype

This is the final step.

Login to https://oss.sonatype.org. Under Build Promotion, click Staging Repositories. In order for Sonatype to publish your component to Maven repositories, you need to do the close and release steps:

Do the Close

Do the Release

Your component will be published to Central, typically within 10 minutes, though updates to search.maven.org can take up to two hours.

References

• https://central.sonatype.org/pages/ossrh-guide.html
• https://central.sonatype.org/pages/gradle.html
• https://gnupg.org/faq/whats-new-in-2.1.html#nosecring