Gradle + GitHub actions automatically publish project to Maven warehouse



The core of this paper is to use gradle to integrate GitHub actions to automatically publish Java projects to Maven repository. Within the article is to publish the project to the repository provided by sonatype. If you need to automate publishing, or if you need to synchronize projects to Maven central repository, please read it carefully.

preparation in advance

  1. The tickets of Maven central warehouse can be synchronizedIssues SonatypeApply for the application;
  2. OpenPGP certificate needs to be synchronized to the public server;
  3. A java project;
  4. GitHub

For the part of synchronized tickets, please refer to thelinkThis paper mainly describes the content of the certificate.

OpenPGP certificate

Because of the windows operating system I use hereGpg4winTool generates synchronization certificate. If you use a Mac or Linux operating system, you can use other GPG tools such asGnuPG

Installing gpg4win

Download addressGpg4win

Generate certificate

$ gpg --full-generate-key

Run the above command and follow the instructions to generate the RSA certificate.

C:\Users\admin>gpg --full-generate-key
gpg (GnuPG) 2.2.23; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

... omit part

public and secret key created and signed.

pub   rsa3072 2020-11-10 [SC] [expires: 2021-11-10]
uid                      kk70-blog (blog) <[email protected]>
sub   rsa3072 2020-11-10 [E] [expires: 2021-11-10]

Browse certificate

have access togpg --list-secret-keys --keyid-format SHORTCommand to query the list of certificates.

C:\Users\admin>gpg --list-secret-keys --keyid-format SHORT
sec   rsa3072/2B89E19F 2020-11-10 [SC] [expires: 2021-11-10]
uid         [ultimate] kk70-blog (blog) <[email protected]>
ssb   rsa3072/6B7BF2DA 2020-11-10 [E] [expires: 2021-11-10]

Issue certificate

gpg --keyserver --send-keys 2B89E19F

usegpgCommand to publish the certificate to a public server2B89E19FReplace with the keyID of your own certificate. Available at search for their own published certificates.

Gradle project configuration

Configure the gradle plug-in

plugins {
  id "maven-publish"
  id "signing"

To use gradle to publish dependencies to the Maven repository, you need to at leastmaven-publishplug-in unit. If you need to publish dependencies to Maven central repository, you also need to usesigningThe plug-in verifies the signature of the dependent file.

Gradle publish configuration

ext {
  isReleasedVersion = !project.version.endsWith("-SNAPSHOT")

publishing {
  publications {
    mavenJava(MavenPublication) {
      artifact sourcesJar
      artifact javadocJar

      pom {
        description = "Yein Chaos Core"
        scm {
          connection = "scm:git:[email protected]:kevin70/chaos.git"
          developerConnection = "scm:git:ssh://"
          url = ""

  repositories {
    maven {
      credentials {
        username findProperty("ossrhUsername") ?: System.getenv("OSSRH_USERNAME")
        password findProperty("ossrhPassword") ?: System.getenv("OSSRH_PASSWORD")

      if (!isReleasedVersion) {
        url ""
      } else {
        url ""
  • isReleasedVersionSubmit the snapshot version and the official version separately to different Maven warehouses;
  • publishing.publications.mavenJavaDependent resources that need to be synchronized;

    • artifact sourcesJarThe source code jar package to be released;
    • artifact javadocJarThe Javadoc jar package to be published;
    • pomcustompom.xmlThe content of the document.
  • publishing.repositoriesReleased warehouse configuration;

    • maven.credentialsAuthentication information of Maven warehouse;
    • maven.urlThe URL of the Maven repository.

Gradle singing configuration

signing {
  sign publishing.publications.mavenJava

Will need to publish content signature

It is used by default hereSignatory credentialsSignature authentication method.

GitHub actions configuration

First, in theGitHub Project > Settings > SecretsConfigure some necessary parameters in.

Gradle + GitHub actions automatically publish project to Maven warehouse

All of the above parameters will be used later in GitHub workflow.

  • OSSRH_USERNAMEIs the login user name of sonatype;
  • OSSRH_PASSWORDIs the login password of sonatype;
  • SIGNING_KEY_IDIs the ID of the GPG certificate;
  • SIGNING_SECRET_KEY_RING_FILEIt is the secret key of GPG certificate, which is encoded by Base64.

Get signing_ KEY_ ID

usegpg --list-secret-keys --keyid-format SHORTCommand acquisitionSIGNING_KEY_ID

$ gpg --list-secret-keys --keyid-format SHORT

C:\Users\admin>gpg --list-secret-keys --keyid-format SHORT
sec   rsa3072/2B89E19F 2020-11-10 [SC] [expires: 2021-11-10]
uid         [ultimate] kk70-blog (blog) <[email protected]>
ssb   rsa3072/6B7BF2DA 2020-11-10 [E] [expires: 2021-11-10]


Get signing_ SECRET_ KEY_ RING_ FILE

Export secret key to filesecring.gpg

$ gpg --export-secret-keys 2B89E19F > secring.gpg

To make the secret key file binary, we need to encode the content as Base64. Because I use windows, the following command is in theGit BashIf you are using MAC or Linux, you can also run the following commands directly.

$ base64 secring.gpg > secring.gpg.b64

The encoded document will besecring.gpg.b64The content in is set in secrets.

⚠️ Because the certificate I generated does not have a password set, it is missing herepassphraseConfiguration, if your certificate has set password, it needs to be addedpassphraseConfiguration.

After setting GitHub secrets, write GitHub action workflow.

GitHub Action Workflow

name: Chaos CI with Gradle

    branches: [ main ]
    branches: [ main ]

    runs-on: ubuntu-latest
      - uses: actions/[email protected]
      #Run JDK configuration
      - name: Set up JDK 11
        uses: actions/[email protected]
          java-version: 11

      #Gradle cache configuration
      - name: Cache Gradle packages
        uses: actions/[email protected]
          path: ~/.gradle/caches
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
          restore-keys: ${{ runner.os }}-gradle
      #Authorizing gradlew files
      - name: Grant execute permission for gradlew
        run: chmod +x gradlew
      #Build project
      - name: Build with Gradle
        run: ./gradlew build

      #After decoding the secret key, place the file in ~ /. Gradle/ secring.gpg
      - name: Decode
        run: |
          echo "${{secrets.SIGNING_SECRET_KEY_RING_FILE}}" > ~/.gradle/secring.gpg.b64
          base64 -d ~/.gradle/secring.gpg.b64 > ~/.gradle/secring.gpg
      #Publish project
      - name: Publish
        run: ./gradlew publish -Psigning.keyId=${{secrets.SIGNING_KEY_ID}} -Psigning.password= -Psigning.secretKeyRingFile=$(echo ~/.gradle/secring.gpg)
          OSSRH_USERNAME: ${{secrets.OSSRH_USERNAME}}
          OSSRH_PASSWORD: ${{secrets.OSSRH_PASSWORD}}

After the task runs, confirm whether the task has been successfully published in Maven warehouse.

Project links

Kk70 personal blog

Recommended Today

Interviewer: young man, what do you think of the principle of distributed system

1 Concept 1.1 model 1.2 copies 1.3 indicators for measuring distributed systems 2. Principle of distributed system 2.1 data distribution 2.2 basic copy agreement 2.3 lease mechanism 2.4 quorum mechanism 2.5 log technology 2.6 two phase submission protocol 2.7 MVCC 2.8 Paxos protocol 2.9 CAP 1 Concept 1.1 model node In a specific project, a […]