How to publish signatures to Maven Central?

relaygus · April 8, 2021, 11:51am

I’m using the signing and maven-publish plugins as follows to publish a JVM library to Maven Central:

signing {
    setRequired {
        gradle.taskGraph.allTasks.any { it is PublishToMavenRepository }
    }
    val signingKey: String? by project
    val signingPassword: String? by project
    useInMemoryPgpKeys(signingKey, signingPassword)
    sign(configurations.archives.get())
}
publishing {
    publications {
        create<MavenPublication>("default") {
            from(components["java"])

            pom {
                name.set(rootProject.name)
                description.set("Relaynet JVM library")
                url.set("https://github.com/relaycorp/awala-jvm")
                developers {
                    developer {
                        id.set("relaycorp")
                        name.set("Relaycorp, Inc.")
                        email.set("no-reply@relaycorp.tech")
                    }
                }
                licenses {
                    license {
                        name.set("Apache-2.0")
                    }
                }
                scm {
                    connection.set("scm:git:https://github.com/relaycorp/awala-jvm.git")
                    developerConnection.set("scm:git:https://github.com/relaycorp/awala-jvm.git")
                    url.set("https://github.com/relaycorp/awala-jvm")
                }
            }
        }
    }
    repositories {
        maven {
            url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
            credentials {
                username = System.getenv("MAVEN_USERNAME")
                password = System.getenv("MAVEN_PASSWORD")
            }
        }
    }
}

The publication is done by running ./gradlew publish from a GutHub action.

However, when I try to close the staging repository, it fails with Failed: Signature Validation:

Those failure messages look correct, considering that those *.asc files aren’t available:

According to the signing plugin, they should be automatically added to the publication,. However, having run ./gradlew publish --dry-run, I don’t think the signing plugin is actually used at all:

+ ./gradlew publish --dry-run
:compileKotlin SKIPPED
:compileJava SKIPPED
:processResources SKIPPED
:classes SKIPPED
:inspectClassesForKotlinIC SKIPPED
:jar SKIPPED
:javadoc SKIPPED
:javadocJar SKIPPED
:sourcesJar SKIPPED
:generateMetadataFileForDefaultPublication SKIPPED
:generatePomFileForDefaultPublication SKIPPED
:publishDefaultPublicationToMavenRepository SKIPPED
:publish SKIPPED

So, how can I get ./gradlew publish to run the signing plugin? Unfortunately, I’m using a third-party tool that runs ./gradlew publish and it won’t allow me to change the arguments passed to Gradle, so any change would have to be done in build.gradle.kts.

Thanks!

Vampire · April 8, 2021, 12:24pm

Read the section you linked to yourself again and try to understand it.
Then replace sign(configurations.archives.get()) by sign(publishing.publications) and it should work I think.

jackyjoy123 · February 13, 2022, 1:26pm

thanks for the awesome information.

iseki0 · June 24, 2023, 5:41pm

How to skip the sign step when publishToMavenLocal?

Vampire · June 25, 2023, 1:05pm

Please do not hijack foreign threads that are just loosely related.
You should instead open a new thread.
There please also specify why you want to skip it, that might influence the proper answer.

iseki0 · June 25, 2023, 4:50pm

Sorry, I will create a new thread for it