I’m working on publishing artifacts for my Gradle PIT plugin to Maven Central. I was able to configure publishing artifacts using maven-publish and separately signing artifacts with signing plugin, but I have problem how to combine it together.
How can I tell maven-publish plugin to upload also artifacts signatures available in build/lib directory as .asc files?
It’s not yet possible to upload artifact signatures via the new maven-publish plugin. The problem is that there’s no way to tell Gradle that the ‘.asc’ file is not a regular artifact but is in fact auxiliary to the main artifact.
This is on the development roadmap for publishing support, but is not currently on our priority list.
Thanks for your reply. Is it currently supported by the “old” Maven plugin or I need to deploy my .asc files manually to a Maven Repository anyway?
The old publishing can handle it.
Thanks for info, I was able to do it after revert my build config to the old publishing plugin.
Btw, there could be a warning in the documentation that the new plugin cannot be used to publish to Maven Central Repository yet.
Is there any update on this? There is a workaround available here: http://mike-neck.github.io/blog/2013/06/21/how-to-publish-artifacts-with-gradle-maven-publish-plugin-version-1-dot-6/
…but it requires a weird hack of publishing twice. I see there’s now a task called “generatePomFileForJavaPublication”, which I guess takes care of the hack part.
I’m using the nebula-publishing-plugin (https://github.com/nebula-plugins/nebula-publishing-plugin) to publish to a Maven repo (bintray) with signatures. It incorporates the ideas in the blog you pointed to. It’s used by all nebula-plugins.
It’s kind of crazy that this has not been incorporated into the ‘maven-publish’ plugin yet. It’s literally basic functionality required to publish to Maven Central. Your comment is over a year old, has there been any progress on this?
If not, I suggest you make it significantly clearer in the documentation for the “new” plugin that it does not work with Maven Central deployments.
We publish .asc files as part the nebula-publishing-plugin, it can be done.
Hey Justin, I’ve seen the nebula-publishing-plugin and I’ll probably switch over and use it.
I just find it strange that the documentation for the “maven-publish” plugin does not make it clearer that it doesn’t work with the “signing” plugin to upload to Maven Central.
Essentially everyone coming to Gradle finds the new “maven-publish” plugin and attempts to use it with Maven Central only to find that ‘.asc’ signatures are not uploaded and therefore the uploaded artifacts do not pass all the validation rules, this is followed by searching around online for a while and finding a year old post about how it’s “on the roadmap”.
This is exactly the process I’ve been through. =(
I completely agree, it’s sorta ridiculous that projects can’t publish to maven central in a few lines.
Any update on when we can expect maven-publish plugin to properly support code signing? I think the priority of this needs to be bumped up.
Just to clear things up. When Googling I ended up in this thread and at first thought
publishing with .asc files was impossible. It is however, possible and very easy.
With gradle 2.6 publishing to Maven Central with .asc files works out of the box.
Both plugins ‘maven’ and ‘signing’ are needed properly configured.
All the information was on the following documentation pages.
https://docs.gradle.org/current/userguide/signing_plugin.html
https://docs.gradle.org/current/userguide/maven_plugin.html
@Pelam Please read my original post carefully. The question is about publishing artifacts signatures using the (then) new maven-publish plugin (which still - after a few years - has a few major limitations). I haven’t seen any release notes regarding that case in maven-publish plugin, so I assume the situation hasn’t changed. Nevertheless your links point to the old maven plugin which is known to work properly with asc files (and which I have been using for years), but unfortunately also has some limitations.
That’s the legacy “maven” plugin. The “maven-publish” plugin has been incubating forever and signing is painful with it.
~ Scott
Is there any update to this? I’ve got a reasonably complex setup based on the ‘maven-publish’ plugin that I want to publish to Maven central. I just need to satisfy the signing requirement. Am I really going to have to port all my configuration to the old ‘maven’ plugin just to sign my artifacts?
I somehow made maven-publish and signing plugin work together to generate .asc files when publishing JARs to oss.sonatype.org:
To list a few places to look:
ext.pomFile and ext.isReleaseVersion
sourceJar and javadocJar tasks and the artifacts section that refers to thempublishing section that does all the hackerymodel section that ensures the artifacts are signed before getting publishedI was able to publish my artifact to Maven central via oss.sonatype.org without any problem. i.e. no need to publish twice, etc.
However, please note that I’m very new to Gradle. Please feel free to let me know if I’m not doing something right.
Indeed very frustrating. After non-trivial investment, I have decided to revert to the old way of Maven publishing.
I’d have to agree that it’s very frustrating that you can’t sign artifacts with the Maven publish plugin. The functionality still hasn’t been implemented in the meantime. Unfortunately, the work never made it to the top of the priority list. I recently created the following issue to track the functionality: https://github.com/gradle/gradle/issues/1165. I’d love to see a pull request for the feature and would be happy to help getting it over the finish line. Please also vote for the issue on GitHub so we can prioritize it higher internally.