January 14, 2026
 |  No Comments

Credentials that are not displayed in GitLab but are used privately can be found at:

~/.gradle/gradle.properties

If the file does not exist, create it.

content:

In ~/.gradle/gradle.properties

ossrhUsername=XXUSERTOKENXX(in sonatype maven)
ossrhPassword=XXPASSTOKENXX(in sonatype maven)
org.gradle.java.home=/usr/local/opt/openjdk/libexec/openjdk.jdk/Contents/Home

you must create the token in sonatype once and save it (it is not a token that is refreshed every 5 minutes)

Configuration of GPG (in gradle.properties)

signing.keyId=XXID_KEYXX
signing.password=XXPASSPHRASEKEYXX
signing.secretKeyRingFile=/Users/XXXX/secring.gpg

the repository:

https://gitlab.com/com.leibnix/examplewithgradle/-/blob/main/build.gradle?ref_type=heads

gradlew works for Linux and macOS (you use gradle through this script)

the command is:

./gradlew commandTask

That executes a Gradle task (you can define a new one in build.gradle, there are existing ones)

Check if the GPG signature works:

./gradlew clean signMavenJavaPublication

It’s not done simply by adding the word “artifact”. It’s done by configuring the publishing block using the maven-publish plugin.

publishing {
    publications {
        mavenJava(MavenPublication) {
            groupId = 'com.xxxx'     // your Group ID registred in Sonatype
            artifactId = 'example'

Critical requirements (what Sonatype will ask you for):

  • Javadoc and Sources: These are required. You must create tasks in Gradle to generate these additional JARs and add them as artifacts
  • GPG signing: All files (.jar, .pom) must be signed. You will need to configure the signing { sign publishing.publications.mavenJava } block
  • Group ID: Must exactly match the one you validated in the Sonatype JIRA ticket (e.g., com.xxxxx)

publish artifact locally to test (.m2/repository/):

./gradlew publishToMavenLocal

publish in sonatype (for then in maven central):

./gradlew publishMavenJavaPublicationToOSSRHRepository

First, run:

./gradlew clean compileJava

You should see: build success

  • NMCP doesn’t perform a PUT request of individual files (which is what causes the 404 error)
  • The plugin internally creates the “Bundle” (ZIP file) that Sonatype requires
  • It uploads it to the central.sonatype.com API following the new 2024/2025 protocol

the command to publish is:

./gradlew publishAllPublicationsToCentralPortal

in maven central sonatype:

https://central.sonatype.com/artifact/com.leibnix/example-project

Post Views: 10
Tags: , , , , ,