Import dependencies "privately" and bundle it when publishing?

Hey o/

Here’s the scenario I’m trying to accomplish:



I have two SDKs (Foo and Bar) that should remain for internal use only. Both are published in our private Maven repository. They live in different git repositories and are maintained by different teams. The Bar SDK depends on the Foo SDK.

We are building a third SDK that depends on both internal SDKs, however, this should be a public SDK.

My goal is to have the client apps import the Public SDK dependency, but be unable to access classes and resources from the internal SDKs. It’s okay for those internal classes to be bundled into the .jar, but I want them to not be easily imported in the IDE to prevent misuse.

The problem now is that by having all three SDKs in a Maven repository, the three of them are being imported by the client app and the client app can see all three dependencies.

Here’s how the Public SDK dependencies is setup:

dependencies {
    implementation 'internal.sdk.repo:foo:0.0.1'
    implementation 'internal.sdk.repo:bar:0.0.1'

This will include both SDKs in the POM file with the runtime scope, thus, the client will see those dependencies.

Am my scenario something possible to achieve?

Ps.: Sorry if this has been asked many times before. However, it seems I lack the vocabulary to properly search this issue as my Google-fu returned nothing :frowning: