In the modern western world, a watered down version of Haṭha yoga is becoming more and more populair. Many describe the focus on physical posture and breathing techniques to be both pleasant and calming. In everyday’s world of stress and deadlines, a moment to relax and release can come for some not often enough. If you ask your common developer about ‘release’ though, chances are high they do not talk of relaxation but of stress and hard work. I was thinking about this when I wanted to release a Gradle based Java FP library I am writing for my specialization.

The future is just energy and intention

When I finished the basics of the library, I decided to publish it at a popular open source repository. As Gradle lists the Maven Central as its first repository option, it seemed like a good idea to me to release the library there. In good spirits I started reading the documentation. I was quite sure at the end of the day my library could be used.

It doesn’t matter if things aren’t perfect

But then I was overwhelmed by all the things I needed to do. As the documentation piled up, I started to search the internet to understand it all. Where most of the time you find yourself for lack of information, now I was struck by the abundance of it. As my path of releasing this library was long and winding, I’ll give you a short overview how to do it, so yours can be light and gracefully.

It’s not about touching your toes …​

The Maven Central does have several rules if you want to release a library. One of them is that you have to claim a space. To do this, you need to create a Sonatype JIRA account.

After you acquired an account, you have to create a New Project ticket. In this ticket you describe the project you want to start. As the groupId will identify your project, you may only pick a name that is either the company you work for or your very own name. To prove the name is yours, the Maven Central checks the TXT record on a domain you own or grants validation if a public code hosting service like GitHub is used. Read the exact specification here.

…​ it’s about what you learn on the way down

When the groundwork is done, there is another thing you need to know. Once the actual jars will be sent to Maven Central, they need to be signed with the GNU Privacy Guard (GPG) software before. First install GPG on you computer, then execute following commands:

  1. Create a key gpg --full-generate-key and do remember the password.

  2. Export an ASCII version of the key gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg.

  3. List all the keys gpg --list-secret-keys and pick the id of your justed created key.

  4. Send the public key to the server gpg --keyserver keyserver.ubuntu.com --send-keys <id>.

These commands create a private and a public key. Where the private key gives you the option to sign your jars, the uploaded public key can be used by externals like Maven Central to check if the data has not been tampered with.

Thousands of candles can be lighted from a single candle

Now everything is in place, we can start to upload the library to Maven Central. Let’s first create a gradle.properties file in the root of your project, where we can store all the password data[1]. Here is an example:

signing.keyId=102A2B06
signing.password=lQ7vO6bB0wJ5pK9aQ0tQ9tF8a
signing.secretKeyRingFile=/Users/itsme/.gnupg/secring.gpg

ossrhUsername=itsme
ossrhPassword=wO6lX0cI0xC6mQ9kF1fV8lZ4b

You created in the step above the signing id, password and keyring. The ossr account data is the account you created at https://issues.sonatype.org.

With this file we can create a basic build.gradle where we bundle the JavaDocs and sources, sign them and upload it to Maven Central. To make it super easy to use, just copy the following file and change everything that’s wrapped {inside} brackets.

plugins {
    id 'java'
    id 'maven'
    id 'signing'
}

group '{io.github.itsme}'
archivesBaseName = '{project-x}'
version '{0.1}'

repositories {}
dependencies {}
test {}

task javadocJar(type: Jar) {
    archiveClassifier.set 'javadoc'
    from javadoc
}

task sourcesJar(type: Jar) {
    archiveClassifier.set 'sources'
    from sourceSets.main.allSource
}

artifacts { archives javadocJar, sourcesJar }

signing { sign configurations.archives }

uploadArchives {
    repositories {
        mavenDeployer {
            beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }

            repository(url: "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/") {
                authentication(userName: ossrhUsername, password: ossrhPassword)
            }

            snapshotRepository(url: "https://s01.oss.sonatype.org/content/repositories/snapshots/") {
                authentication(userName: ossrhUsername, password: ossrhPassword)
            }

            pom.project {
                name '{project-x}'
                packaging 'jar'
                description '{This project is rocking!}'
                url '{https://itsme.github.io/project-x/}'

                scm {
                    connection 'scm:git:{https://github.com/itsme/project-x/}'
                    developerConnection 'scm:git:{https://github.com/itsme/project-x/}'
                    url '{https://github.com/itsme/project-x/}'
                }

                licenses {
                    license {
                        name 'The Apache License, Version 2.0'
                        url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
                    }
                }

                developers {
                    developer {
                        id '{itsme}'
                        name '{It is me}'
                        email '{itsme@gmail.com}'
                    }
                }
            }
        }
    }
}

After you changed the build.gradle to your liking, you can just execute the 'uploadArchives' task to upload your library to the Maven Central. Be warned when you do this, as there is one nasty catch. Maven Central has four different repositories: snapshots, staging, releases and public. If you upload a jar in development, which has the -SNAPSHOT version suffix, it cannot be elevated to a release candidate automatically. Although it resides in the snapshots, staging and public repositories, you cannot make it appear in the releases repository. So use a real release number when your library is ready.

There was a pleasure in becoming something new

Once your library with a proper version number is uploaded, you can release it. Go to https://oss.sonatype.org/, log in and go to the Staging Repositories. You should see your library listed there[2]. It sounds counterintuitive, but click on 'Close' to start releasing your library. After confirmation, Maven Central does several other checks. When all those checks are succeeded, you can finally release your library. Click on 'Release', wait a little longer and your library will be uploaded to the 'release' repository!

Inhale the future, exhale the past

Though this is a quick overview, I hope this guide helps to make releasing to the Maven Central a relaxed task. If you are still stuck, stay calm, inhale, exhale and start reading more detailed pages. The Publishing your first Android library to MavenCentral and How to Publish Your Artifacts to Maven Central blogs and the Getting Started page are a good way to start. Then there’s nothing left for me to wish a great journey and serene arrival. Namasté!

1. Exclude this file from source control, you don’t want passwords in your repository. But if you want to do it proper, there are better ways to do this.
2. If you did make a mistake, you can also remove it.
shadow-left