Open in app

Sign in

Write

Sign in

Mastodon

Deploying Android Libraries to Maven Central Repository

Zafir Sk Heerah
6 min readMar 6, 2023

--

Maven is mostly for Java libraries. It has been developed by Apache. Even though there are more Java libraries on the platform, it also has support for C#, Ruby, Scala and other languages.

Maven is an architecture that allows integration with other plugins and libraries in your Java project. One other alternative to this architecture can be Gradle.

There are multiple repositories that support publishing Maven libraries that can be public or private. These repositories can be self-hosted with some more configuration. In this example, we will be looking into the Maven Central Search Repository hosted by Sonatype.

Logo by Wikimedia Commons

Pre-requisites

  • GPG tool
  • An account on Sonatype
  • An android library developed by you 😎

GPG tool

This tool will be used to generate keys for the android library. These keys will be used to generate a signed android library so that the platform can verify the identity of the user that is publishing the artifact for the android library.

The GPG tool can be accessed using the command-line interface. The different platforms that are supported can be found here.

On MacOS/Linux, it can be install using HomeBrew

brew install gnupg

To be able to access the command-line interface, the gpg command can be used. The command below shows how to generate a GPG key.

gpg --full-gen-key

After running the command there are multiple prompts that is going to be shown. Make sure to include the correct input for name and email. As for the key size, we will be using the 4096 formats and make sure that the key does not expire also. Once all these inputs are filled, a prompt to input the passphrase will be shown along with the confirmation.

Once the key is generated you find an output like this.

In the output, you will find the generated pubic key which contains around 40 characters(highlighted in red).

To export the key to a Base64 output, use the command listed below along with the last 8 characters of the generated public key.

gpg -export-secret-keys 0C5E037B | base64
gpg -export-secret-keys 0C5E037B > sharinpixwebview-android.gpg

To export the raw key into a file, use the command listed above.

Account on Sonatype

Navigate to Sonatype Jira platform. If you don't have an account, you can sign up for one, else if you have one, log in.

Request an access for Deployment on Sonatype

Once you have an account on Sonatype, log in and then click on Create.

A prompt will be shown.

For the project, choose Community Support — Open Source Project Repository Hosting (OSSRH)

As for the Summary, include a title for why you are creating this Issue. For example: Create library for io.github.<organisation>:<library-name>

The Description can be an explanation of the library or even the organisation.

As for the Group ID, it should be io.github.<organisation>. If you have a custom domain, you can include it but you need to configure the DNS record of the domain to make sure that you own the domain.

Once all these information is filled, you can create the Issue. After some minutes, you will received a comment on the Issue that should look something like this below.

As the comment is stating, you should create a temporary public repository with the stated name. For me, it’s OSSRH-85551. Once created, you should set the status of the Issue to Open. This step will confirm that you are a member of the organisation that you are hosting the repository from.

After a few minutes, you will received another comment confirming that you have created the public repository. And after some more minutes, another comment should should appear stating that your repository has prepared and you should be able to publish artifacts with the same Group Id on Maven Central.

Creating a Signed Artifact Manually

To be able to create a signed artifact, some plugins needs to be installed Include theses plugins in build.gradle of the plugin:

  • maven-publish
  • signing
plugins {
 id 'com.android.library'
 id 'maven-publish'
 id 'signing'
}

In gradle.properties of the project, include these configuration

signing.keyId=0C5E037B
signing.password=<key-passphrase>
signing.secretKeyRingFile=sharinpixwebview-android.gpg

The signing.keyId is the last 8 characters of the generated public key. The signing.password should be the passphrase that you have entered when generating the key.

The signing.secretKeyRingFile is the Base64 file of the generated key. Make sure that the file path is relative to the project path or you have included the absolute path of key in the configuration.

Save the configuration and run the command listed below.

./gradlew publishReleasePublicationToMavenLocal

Once the command has completed executtion. Go to the build/publications/release folder of the library and rename these files:

  • Rename pom-default.xml to pom.xml
  • Rename pom-default.xml.asc to pom.pom.asc

Publishing the Signed Artifact Manually

To start with publish step, you should login to the Nexus Repository Manager that has been stated in the comments of the Issue created on Sonatype. The log in credentials should be the same as to the Sonatype account that you have used to create the Issue.

Go to Staging Upload once you have been succesfully log in.

Select the Upload Mode to Artifact(s) with a POM

Select the POM file to Upload. This file should be first file that you have rename to pom.xml. It should be located in the build/publications/release folder of the library.

Select the Artifact(s) to Upload. This section consists of multiple files that needs to be uploaded.

The first one for this section is the last file that you rename to pom.pom.asc. It should be located in the build/publications/release folder of the library.

The other files is the actual output files for the artifacts. These files is located in the build/outputs/aar folder of the library. Choose both the outputs(along with encrypted file). In my case they are name as sharinpixwebview-android-release.aar and sharinpixwebview-android-release.aar.asc

As for the description, you can include the explanation of the library or the release notes/change logs of the version that you are uploading for the library.

Making sure that all the files has been selected and description has been entered. You can click on Upload Artifact(s).

Once the artifact is uploaded, go to Satging Repositories.

Select the uploaded artifact, should be first one sorted by the updated time. Click on the Release button.

Once the artifact has been released, the latest version of the library should appear on the Maven Central Search Repository after a couple of hours. Be patient✌️.

Maven Plugin
Maven Central
Maven
Android Libraries
Android

--

--

Zafir Sk Heerah
Zafir Sk Heerah

Written by Zafir Sk Heerah

24 Followers
18 Following

Software Engineer | Consultant | Android and iOS Development | www.zfir.dev | blog.zfir.dev

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams