Skip to content

Add Sonatype Maven Central publishing support #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gclaro-idme merged 6 commits into from
Apr 15, 2026
Merged

Add Sonatype Maven Central publishing support #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b448677
Address pre-release security audit findings (all Critical + High)
antspriggs Mar 27, 2026
fed48ec
Add GitHub Packages Maven publishing workflow
antspriggs Apr 7, 2026
97bddb0
Resolve merge with master: adopt release.yml publishing approach
antspriggs Apr 7, 2026
79b6c9f
Rename artifactId to android-auth-sample-code
antspriggs Apr 7, 2026
a9f123e
Add Sonatype Maven Central publishing support
antspriggs Apr 14, 2026
52bd1d5
Merge master into maven-central-sonatype-publishing, resolving conflicts
nat-ray Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,18 @@ jobs:
echo "Generated POM content:"
cat ~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION/android-auth-sample-code-$RELEASE_VERSION.pom

- name: Publish to Maven Central (Sonatype OSSRH)
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
run: |
./gradlew :sdk:publishReleasePublicationToSonatypeRepository \
closeAndReleaseSonatypeStagingRepository \
-PreleaseVersion=$RELEASE_VERSION

- name: Create Git tag
run: |
git config user.name "github-actions[bot]"
Expand Down Expand Up @@ -208,6 +220,10 @@ jobs:
echo "### Maven Coordinates" >> $GITHUB_STEP_SUMMARY
echo "\`me.id.auth:android-auth-sample-code:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Published To" >> $GITHUB_STEP_SUMMARY
echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY
echo "- Maven Central: https://central.sonatype.com/artifact/me.id.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Verification" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
echo "gh attestation verify android-auth-sample-code-$RELEASE_VERSION.aar --repo IDme/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY
Expand Down
18 changes: 18 additions & 0 deletions .github/workflows/secure-pipeline-ast.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Secure Pipeline | AST

on:
push:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
- converted_to_draft
schedule:
- cron: '0 8 * * *' # 3am EST (UTC-5)

jobs:
execute:
uses: IDme/workflow-library/.github/workflows/secure-pipeline-ast.yml@7a259bb101fd4f20d7cd0137c1f99e8d60af0859
Copy link
Copy Markdown
Contributor

@seftena seftena Apr 14, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@antspriggs Where is this ID coming from to replace @master

secrets: inherit
17 changes: 17 additions & 0 deletions build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import io.github.gradlenexus.publishplugin.NexusPublishExtension

buildscript {
repositories {
google()
Expand All @@ -8,5 +10,20 @@ buildscript {
classpath("com.android.tools.build:gradle:8.2.2")
classpath("org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.22")
classpath("org.jetbrains.kotlin:kotlin-serialization:1.9.22")
classpath("org.jetbrains.dokka:dokka-gradle-plugin:1.9.20")
classpath("io.github.gradle-nexus:publish-plugin:2.0.0")
}
}

apply(plugin = "io.github.gradle-nexus.publish-plugin")

configure<NexusPublishExtension> {
repositories {
sonatype {
nexusUrl.set(uri("https://s01.oss.sonatype.org/service/local/"))
snapshotRepositoryUrl.set(uri("https://s01.oss.sonatype.org/content/repositories/snapshots/"))
username.set(findProperty("sonatypeUsername")?.toString() ?: System.getenv("SONATYPE_USERNAME"))
password.set(findProperty("sonatypePassword")?.toString() ?: System.getenv("SONATYPE_PASSWORD"))
}
}
}
50 changes: 50 additions & 0 deletions sdk/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
import com.android.build.gradle.LibraryExtension
import org.gradle.api.publish.PublishingExtension
import org.gradle.api.publish.maven.MavenPublication
import org.gradle.plugins.signing.SigningExtension

apply(plugin = "com.android.library")
apply(plugin = "kotlin-android")
apply(plugin = "kotlinx-serialization")
apply(plugin = "maven-publish")
apply(plugin = "signing")
apply(plugin = "org.jetbrains.dokka")

version = findProperty("releaseVersion")?.toString() ?: "1.0.0"

Expand Down Expand Up @@ -48,6 +51,17 @@ tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile> {
}
}

val sourcesJar by tasks.registering(Jar::class) {
archiveClassifier.set("sources")
from("src/main/java", "src/main/kotlin")
}

val javadocJar by tasks.registering(Jar::class) {
archiveClassifier.set("javadoc")
dependsOn(tasks.named("dokkaJavadoc"))
from(tasks.named("dokkaJavadoc").map { it.outputs.files })
}

dependencies {
"implementation"("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3")
"implementation"("org.jetbrains.kotlinx:kotlinx-serialization-json:1.6.2")
Expand All @@ -68,11 +82,36 @@ afterEvaluate {
version = project.version.toString()

from(components["release"])
artifact(sourcesJar)
artifact(javadocJar)

pom {
name.set("ID.me Auth Sample Code")
description.set("ID.me Android Auth Sample Code SDK")
url.set("https://github.com/IDme/android-auth-sample-code")
packaging = "aar"

licenses {
license {
name.set("MIT License")
url.set("https://opensource.org/licenses/MIT")
distribution.set("repo")
}
}

developers {
developer {
id.set("idme")
name.set("ID.me")
email.set("engineering@id.me")
}
}

scm {
connection.set("scm:git:git://github.com/IDme/android-auth-sample-code.git")
developerConnection.set("scm:git:ssh://github.com/IDme/android-auth-sample-code.git")
url.set("https://github.com/IDme/android-auth-sample-code")
}
}
}
}
Expand All @@ -81,4 +120,15 @@ afterEvaluate {
mavenLocal()
}
}

configure<SigningExtension> {
val signingKeyId = findProperty("signingKeyId")?.toString() ?: System.getenv("SIGNING_KEY_ID")
val signingKey = findProperty("signingKey")?.toString() ?: System.getenv("SIGNING_KEY")
val signingPassword = findProperty("signingPassword")?.toString() ?: System.getenv("SIGNING_PASSWORD")

if (!signingKey.isNullOrBlank() && !signingPassword.isNullOrBlank()) {
useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
sign(extensions.getByType<PublishingExtension>().publications["release"])
}
}
}
Loading