In the world of Android development, sharing your creations is fundamental. One of the most effective ways to promote and distribute your libraries is through Maven Central, the central repository for Android artifacts. It’s already integrated into most Android projects, making library adoption seamless for developers.

However, publishing to Maven Central can sometimes feel like a hurdle. Signing your library files is a crucial step, and the process can be a bit intricate.

This article is born out of the experience of publishing my latest library, BottomSheetNavigator3. Despite numerous existing online guides and documentations, I found myself spending a significant amount of time navigating the process, time that could have been better spent on development. The issue lies in the process complexity and its tendency to evolve with updates, macking older guides obsolete.

This frustration inspired me to create a streamlined and up-to-date guide that will (hopefully!) save you valuable time.

Great! Assuming your library’s ready for release, let’s dive into the publishing process.

Get Registered on Sonatype

The first step is to create an account on https://central.sonatype.com/. To streamline the process, consider using your GitHub account. This is because a crucial element for publishing is the namespace. Using your GitHub account automatically grants you the verified namespace “io.github.your_GitHub_user”, saving you valuable time and effort.

For those who prefer not to link their GitHub account or require a different namespace, you can follow the manual verification guide provided by Sonatype: https://central.sonatype.org/publish/publish-guide/

Now that you are registered you can generate your user token. Click on your username in the top right corner and select “View Account” from the dropdown menu. On the account settings page, you’ll find the option to “Generate User Token”. We will use these cretentials later in the project configuration.

Generate GPG Keys

Before diving into key generation, make sure you have GnuPG installed on your system. You can find the installation for your system on the site.
Once GnuPG is installed, we can generate your key pair using the following command:

gpg --gen-key

When prompted during the key generation process, you’ll be asked to provide the following information:

• Your full name
• Your email address
• A passphrase (crucial!)

Choose a strong passphrase that is unique and difficult to guess. This passphrase will be used to protect your private key, so ensure it’s something you can remember but not easily discoverable.

You’ll be presented with a key fingerprint that looks something like this:

74524542545300A39ABC3AB5242798823ABDEC12

The last 8 characters of this fingerprint (3ABDEC12 in this example) represent your key ID.

It’s crucial to note down the key ID and your passphrase. You’ll need them later to configure your project for publishing on Maven Central.

To make your key a valid one, you need to publish your GPG key to a public key server. This allows others to easily verify your identity and the authenticity of your signed artifacts. Here’s the command you can use to publish your key:

gpg --keyserver keyserver.ubuntu.com --send-keys 74524542545300A39ABC3AB5242798823ABDEC12

Ok, now as last step we need to export your secret key to a file for easier access later on. The exported file contains sensitive information. Never share it or its contents with anyone!

Just run this command:

gpg - export-secret-keys -o ~/.gnupg/secring.kbx

This step is not mandatory but will help us in the configuration of the project. It’s also useful in case you need to work on the same project across different machines.

Remember the path of the file as it will be necessary to configure the project in the next section.

Configure Your Project for Maven Central Publishing

Now that you have your GPG keys set up, we can move on to configuring your project for publishing to Maven Central. This involves adding the necessary plugin and configurations to your Gradle files.

We can start adding the plugin to your project’s and to your module’s build.gradle.kts file (located at the root of your project directory and in your module directory).

plugins {
...
id("com.vanniktech.maven.publish") version "0.29.0"
}

Before diving into configuring gradle.properties, let’s address an important security consideration. This file will stores sensitive information like signing keys and credentials. Excluding it from version control using the .gitignore file ensures you don’t accidentally share this information publicly.

Just add to your .gitignore:

gradle.properties

The gradle.properties file will store some key-value pairs essential for publishing your library to Maven Central. Starting with the configuration of the plugin.

SONATYPE_HOST=CENTRAL_PORTAL
RELEASE_SIGNING_ENABLED=true

Let’s add the fundamental properties for identifying your library and ensuring proper dependency management. Make sure to replace the placeholders with your specific information.

GROUP=io.github.your_github_account 
POM_ARTIFACT_ID=library_name
VERSION_NAME=X.X.X

Now that we’ve set up the core properties, let’s personalize your library’s metadata using additional key-value pairs in gradle.properties. This information will be gets incorporated into your library’s POM (Project Object Model) file, which provides details about your library to consumers.

While I’ve included an example configuration, remember to replace these placeholders with your own information:

POM_NAME=library_name
POM_DESCRIPTION=This library provides ....
POM_URL=Your github repo url

POM_LICENSE_NAME=The Apache Software License, Version 2.0
POM_LICENSE_URL=https://www.apache.org/licenses/LICENSE-2.0.txt
POM_LICENSE_DIST=repo

POM_SCM_URL=Your github repo url
POM_SCM_CONNECTION=scm:git:git://github.com/YOUR_GIT_USER/REPO_NAME.git
POM_SCM_DEV_CONNECTION=scm:git:ssh://git@github.com/YOUR_GIT_USER/REPO_NAME.git

POM_DEVELOPER_ID=YOUR_GIT_USER
POM_DEVELOPER_NAME=Your Name
POM_DEVELOPER_URL=https://github.com/YOUR_GIT_USER/
POM_DEVELOPER_EMAIL=your email

Finally we can add the credentials that are essential for signing your library artifacts before publishing, ensuring their authenticity and integrity. Again, never share these values publicly!

• Your Maven Central token and password:

mavenCentralUsername=YOUR_MAVEN_CENTRAL_USERNAME
mavenCentralPassword=YOUR_MAVEN_CENTRAL_PASSWORD

• The GPG key id, the last 8 characters of your key fingerprint:

signing.keyId=YOUR_SIGNING_KEY_ID

• The secure passphrase you created when generating your keys:

signing.password=YOUR_SIGNING_PASSWORD

• The path of the file where you exported your secret key in a previous section:

signing.secretKeyRingFile=PATH/TO/YOUR/SECRET_KEY_RING_FILE

Ready to Publish!

With everything configured, you’re now prepared to publish your library to Maven Central. It’s highly recommended to run a local build and assembly task on your library module first. This verifies that your library can be successfully built and packaged into a distributable artifact.

./gradlew :your_library_module:assemble

Once you’re confident with your configuration and the local build succeeds, you can proceed. Here’s the command to publish:

./gradlew publishAllPublicationsToMavenCentralRepository

Everything should be passed, visit now on the sonartype site in the section Publish to see your library’s validation status.

• If validation is successful, you’ll find your library listed.
• If there are any issues, Sonatype will provide details about the problems encountered. Address these issues, fix your library accordingly, and then re-run the publish command.

Once your library is successfully validated by Sonatype, you can finally publish it by click the publish button in the right corner.

That’s it! You can now simply import you library by adding it to your libs.versions.toml or in your build.gradle.kts.

Conclusions

Publishing an Android library to Maven Central can seem daunting, but with the right steps and guidance, it becomes a manageable and rewarding process. By following this guide, you can streamline your distribution efforts, ensuring your library is readily available to the developer community.

By carefully executing each step, you save valuable development time. This guide reflects my experiences and lessons learned, aimed at helping you avoid common pitfalls and simplify the process.

If you want to have a look at the library I published, you can find it here.

Happy publishing! With your library now on Maven Central, you can focus more on developing and improving your code, confident that your work is easily accessible to the global Android development community.

If you are interested in learning how to automate this process with GitHub Actions, stay tuned for my next article. Follow me to stay updated!

This article is previously published on proandroiddev.com