androidgradlesigningmaven-central

Gradle signing Android Library publications: Cannot perform signing task because it has no configured signatory


It's been hours and I'm stuck trying to publish/release signed artifacts on Maven Central.

After finally publishing, I'm failing the test "Signature Validation". After some research, I found out that my publications are not signed even if my archives are.

So after adding this line: sign publishing.publications.release to sign the publications I got this error when I perform the following task: publishReleasePublicationToMavenCentralRepository:

Cannot perform signing task ':xxx:signReleasePublication' because it has no configured signatory

Gradle wrapper: 7.1.1.
build.gradle (lib level):

apply plugin: 'com.android.library'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'signing'
apply plugin: 'maven-publish'

repositories {
    mavenCentral()
    google()
    jcenter()
    maven { url "https://jitpack.io" }
}

android {
    compileSdkVersion 30
    buildToolsVersion "29.0.3"


    defaultConfig {
        minSdkVersion 21
        targetSdkVersion 30
        versionCode 9
        versionName "1.1.4"

        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
        consumerProguardFiles 'consumer-rules.pro'
    }

    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
    kotlinOptions {
        jvmTarget = "1.8"
    }
}

Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.

afterEvaluate {
    publishing {
        publications {
            release(MavenPublication) {
                groupId = 'xxxx'
                artifactId = 'xxx'
                version = '1.1.4'
                from components.release
                signing {
                    useInMemoryPgpKeys(
                            properties.getProperty('signing.keyId'),
                            properties.getProperty('signing.secretKeyRingFile'),
                            properties.getProperty('signing.password')
                    )
                    sign publishing.publications.release //It's after adding this specific line that I got the error of no configured signatory 
                    sign configurations.archives
                }
                pom {
                    //I also tried to put the signing block here but nothing changes
                    name = 'xxx'
                    description = 'xxx'
                    url = 'xxx
                    licenses {
                        license {
                            name = 'MIT License'
                            url = 'https://opensource.org/licenses/MIT'
                        }
                    }
                    developers {
                        developer {
                            id = 'xxx'
                            name = 'xxx'
                            email = 'xxx'
                        }
                    }
                    scm {
                        connection = 'scm:git:git://github.com/xxx'
                        developerConnection = 'scm:git:ssh://github.com/xxx'
                        url = 'https://github.com/xxx'
                    }
                }
            }
        }
        repositories {
            maven {
                // change URLs to point to your repos, e.g. http://my.org/repo
                //def releasesRepoUrl = layout.buildDirectory.dir('repos/releases')
                //def snapshotsRepoUrl = layout.buildDirectory.dir('repos/snapshots')
                url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
                credentials {
                    username = properties.getProperty('ossrhUsername')
                    password = properties.getProperty('ossrhPassword')
                }
            }
        }
    }
}

I saw a question that hasn't been answered here and I got the exact same error: Gradle build configured signatory

EDIT: Here is my gradle.properties located under ~/.gradle/ :

mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=xxx
ossrhUsername=xxx
ossrhPassword=xxx

EDIT: To make it clear: I added this line because when I try to close to release the publication after having published it without this line I get a Signature failure on the Nexus Repository


Solution

  • I finally was able to publish and release my repository with my signed artifacts!

    What was wrong:
    I was using useInMemoryPgpKeys (I shouldn't)
    I never distributed my gpg key to any server

    so for that I just did the following:

    gpg --keyserver keys.openpgp.org --send-keys yourKey
    

    There are 3 servers supported by Central servers:

    keyserver.ubuntu.com
    keys.openpgp.org
    pgp.mit.edu
    

    But I advise to upload on openpgp because ubuntu didn't work (when I closed the repo on Nexus I got an error message saying it didn't find the key on any server).

    to know your key just run:

    gpg --list-keys
    

    and your key should look like that: CA925CD6C9E8D064FF05B4728190C4130ABA0F98

    So there is my final build.gradle:

    Properties properties = new Properties()
    properties.load(project.rootProject.file('local.properties').newDataInputStream())
    // Because the components are created only during the afterEvaluate phase, you must
    // configure your publications using the afterEvaluate() lifecycle method.
    
    afterEvaluate {
        publishing {
            publications {
                release(MavenPublication) {
                    groupId = 'xxx'
                    artifactId = 'xxx'
                    version = mVersionName
                    pom {
                        signing {
                            sign publishing.publications.release
                            sign configurations.archives
                        }
                        name = 'xxx'
                        description = 'xxx'
                        url = 'xxx'
                        licenses {
                            license {
                                name = 'MIT License'
                                url = 'https://opensource.org/licenses/MIT'
                            }
                        }
                        developers {
                            developer {
                                id = 'xxx'
                                name = 'xxx'
                                email = 'xxx'
                            }
                        }
                        scm {
                            connection = 'scm:git:git://github.com/xxx.git'
                            developerConnection = 'scm:git:ssh://github.com/xxx'
                            url = 'https://github.com/xxx'
                        }
                    }
                }
            }
            repositories {
                maven {
                    url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
                    credentials {
                        username = properties.getProperty('mavenCentralUsername')
                        password = properties.getProperty('mavenCentralPassword')
                    }
                }
            }
        }
    }
    

    and my final ~/.gradle/gradle.properties:

    mavenCentralUsername=xxx
    mavenCentralPassword=xxx
    signing.keyId=xxx
    signing.password=xxx
    signing.secretKeyRingFile=/xxx/secring.gpg