Prerequisites
- Minimum Gradle 1.0 milestone 5
- Gpg4zin, you can find the installer on this website: http://www.gpg4win.org/
Configuring your build.gradle file
First you'll need to configure your build script (build.gradle file). A full working build script of my GradleFx project can be found here:https://github.com/GradleFx/GradleFx/blob/develop/build.gradle
These are the steps:
Apply the maven and signing plugins. The signing plugin will sign your jar and pom files, which is required for deployment to the Sonatype OSS repository.
apply plugin: 'maven' apply plugin: 'signing'Specify the group and version of your project:
group = 'org.gradlefx' version = '0.3.1'Define tasks for source and javadoc jar generation. These jars are also required for Sonatype:
task javadocJar(type: Jar, dependsOn: javadoc) { classifier = 'javadoc' from 'build/docs/javadoc' } task sourcesJar(type: Jar) { from sourceSets.main.allSource classifier = 'sources' }
Specify your artifacts:
artifacts { archives jar
archives javadocJar archives sourcesJar }Configure the signing task by specifying which artifacts to sign, in this case all the artifacts in the archives configuration. This will not yet include the pom file, which will be signed later.
signing { sign configurations.archives }Then we need to configure the generated pom file, sign the pom file and configure the Sonatype OSS staging repository.
The 'beforeDeployment' line will sign the pom file right before the artifacts are deployed to the Sonatype OSS repository.
The 'repository' part configures the Sonatype OSS staging repository. Notice the sonatypeUsername and sonatypePassword variables, these are property variables to which I'll come back to later in this post.
The 'pom.project' section configures the generated pom files, you need to specify all this information because it's required for the Sonatype repository (and Maven Central).
uploadArchives { repositories { mavenDeployer { beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) } repository(url: "https://oss.sonatype.org/service/local/staging/deploy/maven2/") { authentication(userName: sonatypeUsername, password: sonatypePassword) } pom.project { name 'GradleFx' packaging 'jar' description 'GradleFx is a Gradle plugin for building Flex and Actionscript applications' url 'http://gradlefx.github.com/' scm { url 'scm:git@github.com:GradleFx/GradleFx.git' connection 'scm:git@github.com:GradleFx/GradleFx.git' developerConnection 'scm:git@github.com:GradleFx/GradleFx.git' } licenses { license { name 'The Apache Software License, Version 2.0' url 'http://www.apache.org/licenses/LICENSE-2.0.txt' distribution 'repo' } } developers { developer { id 'yennicktrevels' name 'Yennick Trevels' } developer { id 'stevendick' name 'Steven Dick' } } } } } }That's it for the configuration of your build script.
Initial setup
There are a couple of thing you need to do before you can run the build automatically, like:- Register your project at Sonatype
- Create a public key pair to sign your jar/pom files
- Create a gradle properties file
Register your project at Sonatype
First you'll need to register your project at sonatype. Follow the "2. Sign Up" and "3. Create a JIRA ticket" sections on this page: https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+GuideCreate a public key pair
A public key pair is needed to sign your jar/pom files. To generate this we need to dive into command line. Follow the "Generate a key pair" and "Distributing your public key" sections on this page: https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+MavenThis will generate a key that will be stored on your computer and on sks-keyservers.net. Remember the password because there is no way to reset or restore it when you forget it.
Create a gradle properties file
Now we'll have to create a gradle.properties file which will contain the public key and sonatype login information. Because this is sensitive information it's best to store this file in your ".gradle" directory (e.g. D:\Users\MyUsername\.gradle) and not under your project. This properties file is used by your gradle build script. The signing.* properties are used and defined by the signing task, the sonatypeUsername and sonatypePassword properties are the variables we defined earlier in our build script. So first create the "gradle.properties" file under D:\Users\MyUsername\.gradle Then add the following properties to the file and change their values:signing.keyId=A5DOA652 signing.password=YourPublicKeyPassword signing.secretKeyRingFile=D:/Users/MyUsername/AppData/Roaming/gnupg/secring.gpg sonatypeUsername=YourSonatypeJiraUsername sonatypePassword=YourSonatypeJiraPasswordthe signing.keyId property is the public key id, you can list your keys with the "gpg --list-keys" command. With this command you'll get an output like this:
pub 2048R/A5DOA652 2011-10-16 uid MyUid sub 2048R/F66623G0 2011-10-16
That's it for the initial setup.
Excellent article. The team at Sonatype found this great.
ReplyDeleteHey Yennick,
ReplyDeleteNote that the Gradle team have further simplified the 'signing' plugin in m5 such that you don't need to distinguish between published, archives, and signatures configurations. See http://wiki.gradle.org/display/GRADLE/Gradle+1.0-milestone-5+Release+Notes#Gradle1.0-milestone-5ReleaseNotes-Improvedsigningplugin
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteDo you really need to add the (packaging)jar(\packaging)? It's the default for a POM. It's not there because the Maven code that Gradle uses to generate the POM doesn't add it.
ReplyDeleteI had the same question so i looked into it a bit, when you use jar as your package type it is excluded from the generated pom because org.gradle.api.publication.maven.internal.DefaultMavenPom.writeNonEffectivePom calls org.apache.maven.project.MavenProject.writeModel which uses MavenXpp3Writer to generate the pom. On line 1011 you see why it does this
Deletehttp://grepcode.com/file/repo1.maven.org/maven2/org.apache.maven/maven-model/2.2.1/org/apache/maven/model/io/xpp3/MavenXpp3Writer.java
When no packaging is declared, Maven assumes the artifact is the default: jar so it's just being efficient. If sonatype requires this then they are being stricter then they need be
@Chris Awesome! I'll try to update my article with those changes
ReplyDelete@Peter I'm quite sure it is required for synchronization with Maven Central (thus required for deployment on Sonatype OSS Repo), and I had some problems deploying my artifacts when I didn't specify it. See section "6. Central Sync Requirement" on https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide
I've been using Gradle to publish Maven artifacts since m4 and I just add
ReplyDeletepackaging 'jar'
inside pom.project section and it works fine with Sonatype...
Just wanted to add that, to be able to close the staging repository Sonatype OSS (oss.sonatype.org), I needed to include javadoc and source jars as well as the regular jar, which I accomplished by adding the following tasks and dependencies and updating the artifacts closure.
ReplyDeletetask sourcesJar(type: Jar, dependsOn:classes) {
classifier = 'sources'
from sourceSets.main.allSource
}
// custom tasks for creating javadoc jar
task javadocJar(type: Jar, dependsOn:javadoc) {
classifier = 'javadoc'
from javadoc.destinationDir
}
uploadArchives.dependsOn javadocJar, sourcesJar, jar
// add the jars as artifacts
artifacts {
archives sourcesJar
archives javadocJar
archives jar
}
Awesome tutorial. Thanks!
Thanks for sharing Andrew! I'll update my article with this information.
ReplyDeleteIn my GradleFx project I've done it almost the same way, only I think you don't need the dependsOn statements on the sourcesJar and uploadArchives tasks. When I do a "gradle uploadArchives" on my project it automatically compiles it, so it's already part of the build livecycle.
Here's my build script: https://github.com/GradleFx/GradleFx/blob/master/build.gradle
This comment has been removed by the author.
ReplyDeleteI created a google doc with a summary of this workflow in it (with some additional information).
ReplyDeletehttps://docs.google.com/document/d/12z99X2GfjLJqNL4Hcp8Z91Xt6csTYVyZY5U1eObg5ts/edit
I've updated the blog post:
ReplyDelete- removed the pom packaging hack that was being used
- added the javadoc and sources jar code
So the hack isn't required, then?
DeleteNo, it isn't required anymore. I have removed it for quite a while now in my code and it's deploying fine.
DeleteThanks, Yennick.
ReplyDeleteFYI, this line:
beforeDeployment { MavenDeployment deployment -> signPom(deployment) }
should be changed to:
beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }
Apparently, calling signPom directly is deprecated and will be removed in Gradle 2.0...
Thanks Ken, I've updated the post.
DeleteVery helpful. I changed the version to append SNAPSHOT to the end and now the uploadArtifacts fails with this:
ReplyDelete> Error deploying artifact .... Error retrieving previous build number for artifact
I'm sure I'm just not understanding something about snapshots.
I'm also using SNAPSHOT versions for our CI build and I'm having no problem deploying it to sonatype. Two questions:
Delete1. Did you add "-SNAPSHOT" to the version (mind the dash)
2. Instead of deploying to sonatype, are you deploying to a webdav repo? If so, seems like other people have the same problem http://issues.gradle.org/browse/GRADLE-2129