Android publishing process - maitrungduc1410/AVLoadingIndicatorView GitHub Wiki
- Central portal set up
- Setup library build.gradle
- Set up key signing
- Setup global gradle.properties
- Publishing
First you need to have a verified namespace on https://central.sonatype.com/
Next you need to generate username/password used for publishing artifacts
To make the release process easier, we'll use com.vanniktech.maven.publish which simplifies all the tedious parts when releasing.
Below we have a working build.gradle for our library:
plugins {
id 'com.android.library'
id "com.vanniktech.maven.publish" version "0.32.0" apply true
}
import com.vanniktech.maven.publish.SonatypeHost
android {
namespace 'com.wang.avi'
compileSdk 33
defaultConfig {
minSdk 16
targetSdk 33
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
consumerProguardFiles "consumer-rules.pro"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
}
mavenPublishing {
publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL)
signAllPublications()
coordinates("io.github.maitrungduc1410", "AVLoadingIndicatorView", "2.1.5")
pom {
name = "AVLoadingIndicatorView"
description = "Loading indicators for Android"
inceptionYear = "2023"
url = "https://github.com/maitrungduc1410/AVLoadingIndicatorView"
licenses {
license {
name = "The Apache License, Version 2.0"
url = "http://www.apache.org/licenses/LICENSE-2.0.txt"
distribution = "http://www.apache.org/licenses/LICENSE-2.0.txt"
}
}
developers {
developer {
id = 'maitrungduc1410'
name = 'Mai Trung Duc'
url = "https://github.com/maitrungduc1410/"
}
}
scm {
connection = 'scm:git:git://[email protected]:maitrungduc1410/AVLoadingIndicatorView.git'
developerConnection = 'scm:git:ssh://[email protected]:maitrungduc1410/AVLoadingIndicatorView.git'
url = 'https://github.com/maitrungduc1410/AVLoadingIndicatorView'
}
}
}First generate GPG key pair:
gpg --full-generate-key
Select RSA + length=4096. Then enter all details including Pass Phrase
After that list keys:
gpg --list-secret-keys --keyid-format=long
It should show something like:
sec rsa4096/88C3F57858FE3FC4 2025-05-23 [SC]
08DEE697B0F830632DEADA2488C3F57858FE3FC4
uid [ultimate] Duc Trung Mai <[email protected]>
ssb rsa4096/74DCE4D57D195B47 2025-05-23 [E]
above 08DEE697B0F830632DEADA2488C3F57858FE3FC4 is Key ID. You should have your own KeyID, use it for later steps
Next, we need to publish this public key so that later Maven Central can use it to verify our uploaded artifacts:
gpg --keyserver keyserver.ubuntu.com --send-keys 08DEE697B0F830632DEADA2488C3F57858FE3FC4
If successful, you should be able to search for the public key on https://keyserver.ubuntu.com:
Lastly we need to export secret key:
gpg --export-secret-keys --output ~/.gnupg/android_secret.gpg <key_id>
Because our publish info (username/password, signing keys...) are secret, we should not commit it to source control, hence to make it safe we should store it in user local file, in this case we'll store it in global gradle.properties
nano ~/.gradle/gradle.properties
use nano or any text editor you like
Then add the following content:
# Last 8 chars of your GPG key ID
signing.keyId=58FE3FC4
signing.password=MyPassPhrase
signing.secretKeyRingFile=absolute_path_to_android_secret.gpg
mavenCentralUsername=username
mavenCentralPassword=password
Once everything is ready, you can now start publishing your lib, run this command at root folder project:
./gradlew publishAllPublicationsToMavenCentralRepository
After publishing go to Central portal to view your Deployments: https://central.sonatype.com/publishing/deployments
If your artifacts pass Validation you can press Publish. And if everything goes well, it will finally show Published like below
Tip
Status can be: Validated -> Publishing -> Published
Important
If you fail to validate, you'll need to fix you issue then run ./gradlew publishAllPublicationsToMavenCentralRepository again