Java and Kotlin (Maven Central)

The Java and Kotlin targets publish to Maven Central through the Sonatype Central Portal. Both build with Gradle and use the same coordinates: the group id comes from reverseDomain (for example com.acme) and the artifact id from the SDK name. See the Java configuration for options.

Maven Central does not support OIDC and requires every artifact to be GPG-signed, so publishing uses repository secrets: a Central Portal user token plus a GPG key.

Enable publishing

{
  "targets": {
    "java": {
      "reverseDomain": "com.acme",
      "publish": { "maven": true }
    }
  }
}

Kotlin is identical, under a "kotlin" target.

One-time setup

Register your namespace

On the Central Portal, register and verify the namespace that matches your reverseDomain (for example com.acme). This is a one-time ownership check per group id.

Generate a user token

In the Central Portal under Account → Generate User Token, create a token. It gives you a username and password pair used by the publish step.

Create a GPG signing key

Generate a key, then publish its public half to a keyserver so Central can verify signatures, and export the private half for the workflow:

gpg --gen-key
gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID
gpg --armor --export-secret-keys YOUR_KEY_ID
Add the four secrets to the repository

Add these as repository secrets (see Adding repository secrets):

Secret Value
MAVEN_CENTRAL_USERNAME Central Portal user token username
MAVEN_CENTRAL_PASSWORD Central Portal user token password
MAVEN_GPG_PRIVATE_KEY The ASCII-armored private key from the export above
MAVEN_GPG_PASSPHRASE The passphrase for that key

Notes

  • Maven Central coordinates are immutable. The release workflow checks whether the version's POM already exists and skips publishing if so, so re-merges never fail with a rejected deployment.
  • The workflow runs ./gradlew publishToMavenCentral, which uploads to the Central Portal and releases the deployment.