How to Publish Your Android Library on Central Repository with Central Panel and Full Automation within GitHub Actions

Hi everyone!

Today I wanted to share my little story about publishing an Android library for Jetpack Compose. I spent a couple of hours for 2 days reading different documentation, testing different plugins, and figuring out the weird issues caused by Gradle, I decided to write a full guide that can help you publish your Android library with the new Central Panel.

As you know, there is this documentation from Sonatype, which is very long, and it is confusing as it mentions Sonatype OSSRH (OSS Repository Hosting) and deprecated stuff, but hey, let’s forget about those for now, and cut to the chase!

Live Repository: Reusable Components library for Compose

Quick Start

Here you’ll see a list of all the things you need to do to get started:

1. Create an account in Sonatype’s Central Panel — You’ll need to generate a username and password later on to be used in `gradle.properties` and secrets on GitHub.
2. GroupId -> For GitHub, normally it is like this: `io.github.your_username` — Please read here. After signing up on Sonatype, go to the namespace, add your namespace, and make sure it is verified.
3. A GPG key - to sign artifacts -> Please go through this documentation, create a passphrase, write down your public key and passphrase, and then publish it. You’ll receive emails for verifications, and for me in Europe, this keyserver network worked only: keys.openpgp.org

Note: To receive the emails, you’ll need to go through this documentation.

Please remember, and double-check to see if you can see a key like this after following this step:

lQdGBF4jUfwBEACblZV4uBViHcYLOb2280tEpr64iB9b6YRkWil3EODiiLd9JS3V...9pip+B1QLwEdLCEJA+3IIiw4qM5hnMw=

It shouldn’t start with — -BEGIN .. and ends with — -END … otherwise, you need to create a new pair as mentioned above, and try again.

4. gradle.properties config: I like this approach as it is more convenient and easy to use:

GROUP=io.github.linx64
VERSION_NAME=1.0

# Library configuration
SONATYPE_HOST=CENTRAL_PORTAL
RELEASE_SIGNING_ENABLED=true

POM_INCEPTION_YEAR=2024
POM_URL=https://github.com/LinX64/Reusable

POM_LICENSE_NAME=Apache License, Version 2.0
POM_LICENSE_URL=https://raw.githubusercontent.com/LinX64/Reusable/master/LICENSE
POM_LICENSE_DIST=repo

POM_SCM_URL=https://github.com/LinX64/Reusable/
POM_SCM_CONNECTION=scm:git:git://github.com/LinX64/Reusable.git
POM_SCM_DEV_CONNECTION=scm:git:ssh://git@github.com/LinX64/Reusable.git

POM_DEVELOPER_ID=LinX64
POM_DEVELOPER_NAME=Mohsen
POM_DEVELOPER_URL=https://github.com/LinX64/

Please replace the values with your repository on GitHub, and all other info as you like.

5. Proper plugin for Android projects — I’ve tried all the plugins mentioned in the documentation here and finally, the best one was:

mavenPublish = { id = "com.vanniktech.maven.publish", version.ref = "mavenPublish" }

So, after adding the above dependency in the version catalogs, the config in your library gradle file would be:

plugins {
    ...
    ...
    id(libs.plugins.mavenPublish.get().pluginId)
}

publishing {
    publications {
        register<MavenPublication>("release") {
            groupId = "io.github.linx64"
            artifactId = "reusablecomponents"
            version = System.getenv("RELEASE_VERSION")
            artifact("build/outputs/aar/${artifactId}-release.aar")
        }

        repositories {
            maven {
                name = "Reusable"
                url = uri("https://maven.pkg.github.com/LinX64/Reusable")

                credentials {
                    username = System.getenv("GITHUB_ACTOR")
                    password = System.getenv("GITHUB_TOKEN")
                }
            }
        }
    }
}

mavenPublishing {
    configure(
        AndroidSingleVariantLibrary(
            variant = "release",
            sourcesJar = true,
            publishJavadocJar = true,
        )
    )
}

tasks.named("signReleasePublication") {
    dependsOn(":reusablecomponents:bundleReleaseAar")
}

Please don’t forget to replace the values like groupId, artificatId, and others with your own.

Note: the last lines of code were necessary to fix an error within the Gradle, so all of those lines are mandatory.

Finally, the GitHub Action script:

As you can see, 4 different secrets are being loaded into the script. Here is the explanation for all of them:

1. GPG_KEY: The final key which was generated in step 3 — shouldn’t start with — BEGIN. The final output should be something like this:

lQdGBF4jUfwBEACblZV4uBViHcYLOb2280tEpr64iB9b6YRkWil3EODiiLd9JS3V...9pip+B1QLwEdLCEJA+3IIiw4qM5hnMw=

2. GPG_PASSWORD: This is the passphrase which we created in step 3. It’s something local, and you just need to install gpg.

As an important note, this command will be also necessary if you’re running the task for publishing the library locally:

gpg - keyring secring.gpg - export-secret-keys > ~/.gnupg/secring.gpg

This is an issue with the new gpg, so now we have to run this command, otherwise, you’ll face a file not found error.

3. The username & Password will be the one we generated in the Sonatype’s Central Panel. You just need to generate and copy-paste them into your GitHub secrets.

That’s pretty much it. This is the most up-to-date guide I’ve ever found, and I hope it's gonna help others publish their Android library without hassle.

Let me know if you have any questions and good luck!