It's been hours and I'm stuck trying to publish/release signed artifacts on Maven Central.
After finally publishing, I'm failing the test "Signature Validation". After some research, I found out that my publications are not signed even if my archives are.
So after adding this line: sign publishing.publications.release
to sign the publications I got this error when I perform the following task: publishReleasePublicationToMavenCentralRepository:
Cannot perform signing task ':xxx:signReleasePublication' because it has no configured signatory
Gradle wrapper: 7.1.1.
build.gradle (lib level):
apply plugin: 'com.android.library'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'signing'
apply plugin: 'maven-publish'
repositories {
mavenCentral()
google()
jcenter()
maven { url "https://jitpack.io" }
}
android {
compileSdkVersion 30
buildToolsVersion "29.0.3"
defaultConfig {
minSdkVersion 21
targetSdkVersion 30
versionCode 9
versionName "1.1.4"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
consumerProguardFiles 'consumer-rules.pro'
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = "1.8"
}
}
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.
afterEvaluate {
publishing {
publications {
release(MavenPublication) {
groupId = 'xxxx'
artifactId = 'xxx'
version = '1.1.4'
from components.release
signing {
useInMemoryPgpKeys(
properties.getProperty('signing.keyId'),
properties.getProperty('signing.secretKeyRingFile'),
properties.getProperty('signing.password')
)
sign publishing.publications.release //It's after adding this specific line that I got the error of no configured signatory
sign configurations.archives
}
pom {
//I also tried to put the signing block here but nothing changes
name = 'xxx'
description = 'xxx'
url = 'xxx
licenses {
license {
name = 'MIT License'
url = 'https://opensource.org/licenses/MIT'
}
}
developers {
developer {
id = 'xxx'
name = 'xxx'
email = 'xxx'
}
}
scm {
connection = 'scm:git:git://github.com/xxx'
developerConnection = 'scm:git:ssh://github.com/xxx'
url = 'https://github.com/xxx'
}
}
}
}
repositories {
maven {
// change URLs to point to your repos, e.g. http://my.org/repo
//def releasesRepoUrl = layout.buildDirectory.dir('repos/releases')
//def snapshotsRepoUrl = layout.buildDirectory.dir('repos/snapshots')
url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = properties.getProperty('ossrhUsername')
password = properties.getProperty('ossrhPassword')
}
}
}
}
}
I saw a question that hasn't been answered here and I got the exact same error: Gradle build configured signatory
EDIT: Here is my gradle.properties located under ~/.gradle/ :
mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=xxx
ossrhUsername=xxx
ossrhPassword=xxx
EDIT: To make it clear: I added this line because when I try to close to release the publication after having published it without this line I get a Signature failure on the Nexus Repository
I finally was able to publish and release my repository with my signed artifacts!
What was wrong:
I was using useInMemoryPgpKeys (I shouldn't)
I never distributed my gpg key to any server
so for that I just did the following:
gpg --keyserver keys.openpgp.org --send-keys yourKey
There are 3 servers supported by Central servers:
keyserver.ubuntu.com
keys.openpgp.org
pgp.mit.edu
But I advise to upload on openpgp because ubuntu didn't work (when I closed the repo on Nexus I got an error message saying it didn't find the key on any server).
to know your key just run:
gpg --list-keys
and your key should look like that: CA925CD6C9E8D064FF05B4728190C4130ABA0F98
So there is my final build.gradle:
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.
afterEvaluate {
publishing {
publications {
release(MavenPublication) {
groupId = 'xxx'
artifactId = 'xxx'
version = mVersionName
pom {
signing {
sign publishing.publications.release
sign configurations.archives
}
name = 'xxx'
description = 'xxx'
url = 'xxx'
licenses {
license {
name = 'MIT License'
url = 'https://opensource.org/licenses/MIT'
}
}
developers {
developer {
id = 'xxx'
name = 'xxx'
email = 'xxx'
}
}
scm {
connection = 'scm:git:git://github.com/xxx.git'
developerConnection = 'scm:git:ssh://github.com/xxx'
url = 'https://github.com/xxx'
}
}
}
}
repositories {
maven {
url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = properties.getProperty('mavenCentralUsername')
password = properties.getProperty('mavenCentralPassword')
}
}
}
}
}
and my final ~/.gradle/gradle.properties:
mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=/xxx/secring.gpg