Say I need to use some proprietary jars in my android library. I want my library to be conveniently available from Maven Central, but I can't just put dependencies there due to legal issues.
I figured it's possible to use Internal Repository to host dependencies so they would be resolved automatically.
I've used Github repo, just like this one, and declared it in library pom.xml
However Gradle doesn't seem to be resolving this dependencies. If I manually declare my repository in main build.gradle everything works fine. Am I doing something wrong here, or android gradle plugind just don't support internal repositories?
It's discouraged in the Maven community to have repository declarations in published POMs, and Gradle won't honor them. Instead, downstream builds will have to declare the internal repository in one way or another (which shouldn't be a big deal).
If you (only) publish POMs for proprietary dependencies to Maven Central (which is a common solution to this problem at least if you own the dependencies), downstream builds will need to declare the internal repository as follows:
repositories {
maven {
url "https://repo1.maven.org/maven2"
artifactUrls "https://some.internal.repo"
}
}
If you don't publish proprietary dependencies to Maven Central at all (not even POMs), downstream builds will have to declare the internal repository as another regular Maven repository:
repositories {
mavenCentral()
maven {
url "https://some.internal.repo"
}
}
Note however that last time I checked, one of the rules of publishing to Maven Central was that dependencies needed to be available from Maven Central as well.
PS: Whether you are publishing a Java or Android library shouldn't matter here.
Related
I've created an Android library called Library and I want to publish it to a private maven repository and then consume it in an app called App.
I am encountering an issue however which is making the usage of the library untenable for App. The issue is that one of the dependencies of Library is hosted in a "non standard" maven repository, and is forcing the consuming App to add this repository to it's repositories block.
To explain this further; Library has lots of dependencies, most of which are pulled from google and mavenCentral repositories (both of which the consuming App has in the repositories block because all Android apps will include these repositories). However, one of the dependencies, Quikkly, is hosted in a "non standard" maven repository (i.e. one with a non standard URL), which also requires a github personal access token to access. So in my Library repositories block, I have to add this maven repo in order to pull this specific dependency:
maven {
url 'https://maven.pkg.github.com/quikkly/quikkly-android-sdk'
credentials {
username = <github_username>
password = <github_access_token>
}
}
All well and good; I can build Library just fine, and the Quikkly dependency is pulled successfully from this repository.
The issue arises when I use Library in App. I published Library to mavenLocal (or my own private maven repository depending on when I'm ready to actually push a release). When I pull Library into App and then build, the build fails because Quikkly could not be resolved.
The errors show that the locations searched were just the repositories defined in App and not those defined in Library. I can make the build succeed if I add the Quikkly custom maven repo (and github access token) to App but I don't want to force App developers to need to add custom repos just to use my library - surely my library should be responsible for properly packaging it's own dependencies such that consumers just need to use my library via a one line gradle import.
I've done some research on this, and I think the solution involves adding the custom maven repository URL to a <server> element in my libraries .pom file, however the repository also requires a github username and personal access token in order to pull the library from it... my research shows that I need to add these details to "somewhere" (but not in the .pom file as this would be insecure and/or wouldn't even work).
I'm now getting pressured to release something working, but I'm pretty stuck with this. Can anyone help?
I have a library module where I used a dependency which is based on a private maven repository, I can use this dependency in my library and everything works well.
The problem occurs when I try to use the library module inside my application, the build is failing, for some reason is looking to get this dependency from a different maven repository (in this case, my personal one, which is available only in my app)
I've switched from implementation to api and viceversa, just so check if this might solve the issue, but it is not.
If I add the maven repository url also in my app, everything works well, but I don't what that. Is this the expected behaviour?
Thanks!
Yes, repositories declared in one subproject are not shared with other subprojects. Other than with Maven, repositories are also not taken from a dependency POM file or otherwise inherited from a dependency. On this topic, the Gradle docs state the following:
Strict limitation to declared repositories
Maven POM metadata can reference additional repositories. These will be ignored by Gradle, which will only use the repositories declared in the build itself.
However, you can probably centralize the repository declaration in your top-level settings.gradle(.kts) file:
dependencyResolutionManagement {
repositories {
// TODO Configure the shared repository here.
}
}
You can find more details on this centralization in the Gradle docs.
when I sync my Android project, I keep seeing the following messages:
Gradle: Download https://s3.amazonaws.com/moat-sdk-builds/com/google/android/gms/play-services-ads-base/maven-metadata.xml
Gradle: Download https://s3.amazonaws.com/moat-sdk-builds/com/google/android/gms/play-services-measurement-base/maven-metadata.xml
Gradle: Download https://s3.amazonaws.com/moat-sdk-builds/com/google/firebase/firebase-iid/maven-metadata.xml
These libraries should be found in google() repo, which is the first one in my settings:
allprojects {
repositories {
google()
jcenter()
// ...
maven { url "https://s3.amazonaws.com/moat-sdk-builds" }
}
}
However, it looks into maven { url "https://s3.amazonaws.com/moat-sdk-builds" } and wastes a lot of time. What's going on here? And is there any way to debug it? Thanks.
You can try to customize dependency resolution behaviour or declare repository filters.
Declaring a repository filter is as easy as this:
allprojects {
repositories {
google()
jcenter()
// ...
maven {
url "https://s3.amazonaws.com/moat-sdk-builds"
content {
// Does only include this group
includeGroup "moat.sdk"
}
}
}
}
There is also the option to exclude groups and enhance for example the build performance.
Take care that "Matching repositories to dependencies is an incubating feature." The API documentation provide more information about filter options.
You can find more information on the specific behaviour you experience below. When it comes to dependency resolution Gradle does inspect repositories in order.
How dependency resolution works
[...]
Given a required dependency, Gradle attempts to resolve the dependency by searching for the module the dependency points at. Each repository is inspected in order. Depending on the type of repository, Gradle looks for metadata files describing the module (.module, .pom or ivy.xml file) or directly for artifact files.
[...]
But as i understand it gradle 'visits' each repository irrespective of whether it has already found the 'correct' artifacts or not.
Once each repository has been inspected for the module, Gradle will choose the 'best' one to use. This is done using the following criteria:
For a dynamic version, a 'higher' concrete version is preferred over a 'lower' version.
Modules declared by a module metadata file (.module, .pom or ivy.xml file) are preferred over modules that have an artifact file only.
Modules from earlier repositories are preferred over modules in later repositories.
When the dependency is declared by a concrete version and a module metadata file is found in a repository, there is no need to continue searching later repositories and the remainder of the process is short-circuited.
[...]
Introduction to Dependency Management - How dependency resolution works
I have multiple Android projects that I need to manage in various Git repositories, all of which are being managed by repo. I have found a .gitignore file for Android managed by Git, but I don't see things like image files being ignored:
https://github.com/github/gitignore/blob/master/Android.gitignore
I have also read that creating an Android library which contains my resources would allow for a module that is not an .apk, rather a resource for apps to use.
https://developer.android.com/studio/projects/android-library.html
Is there a best practice for storing shared resources?
Creating an Android library project is trivial; distributing it to your other downstream apps is really the interesting part.
Ideally, it would be nice to do this in a way that mimcs how you use other dependencies on Android, namely adding an artifact to the dependencies block in your build.gradle file and having Gradle automatically fetch it. The trouble there is it's a private library that you wouldn't want to host on JCenter, Maven Central, or other public artifact hosting. Some companies have their own internal instances of artifact hosting servers specifically for this.
Fortunately, you can use the maven-publish Gradle plugin to use Maven locally (on your machine) and achieve the same effect. First, in the library project's build.gradle file, you need
apply plugin: 'maven-publish'
publishing {
publications {
mavenJava(MavenPublication) {
groupId 'your.package.namespace'
artifactId 'library.name'
version '0.1' // for example
artifacts = configurations.archives.artifacts
artifact sourceJar
}
}
}
Next, you need to publish this library to your local Maven cache by running
./gradlew publishToMavenLocal
Next in your downstream project, add mavenLocal as a repository and add your dependency using the group id, artifact id, and version you used earlier:
repositories {
mavenLocal()
/* more repositories here */
}
dependencies {
compile 'your.package.namespace:library.name:version'
/* more dependencies here */
}
This should achieve what you want.
The downside is every developer will have to pull down the library project at least once and run the command to publish to their Maven local, and if the library project changes at all, the version must be updated, and all devs need to pull down the changes and publish again locally. This can get a little unwieldy.
Many companies run their own artifact hosting server instances internally to avoid this, so you publish once to the internal hosting and downstream projects just update the version in their build.gradle and let it sync automatically. This requires some additional configuration for the publishing block (of the library) and the repositories block (of the downstream projects); I leave it to you to research that if you intend to go that direction.
In the following simple build.gradle file, i have some basic questions.
1.In repositories, when i specify mavenCentral(), is it the repository where all the libraries that i specify like compile 'com.android.support:support-v4:21.0.2'will be searched? Is there anything else for this apart from mavenCentral()? And what is the url required for after that(oss.sonatype..)?
2.What are the items that should be specified in classpath? Why cant the classpath items be specified like we specify the support libraries?
3.And for using a third party library, i had to specify an Amazon AWS URL at the bottom in allProjects() section. Why is this URL required?
buildscript {
repositories {
mavenCentral()
maven {
url "https://oss.sonatype.org/content/repositories/snapshots/"
}
}
dependencies {
classpath 'com.android.tools.build:gradle:1.0.0'
classpath 'com.jimdo.gradle:gradle-apt-plugin:0.2-SNAPSHOT'
}
}
allprojects {
repositories {
mavenCentral()
maven {
url "https://s3-ap-southeast-1.amazonaws.com/abc-release/abc/"
}
}
}
1.In repositories, when i specify mavenCentral(), is it the repository where all the libraries
No, you also have an implicit local Maven repository (usually at ~/.m2) which can also be searched for locally installed packages. The newer Android Studio builds use jcentral rather than Maven central, but the concept is the same: a central repository for packages.
2.What are the items that should be specified in classpath? Why cant the classpath items be specified like we specify the support libraries?
These are build tool (i.e. gradle) dependencies. Your app's dependencies are outlined in the app module's specific build.gradle file.
3.And for using a third party library, i had to specify an Amazon AWS URL at the bottom in allProjects() section. Why is this URL required?
Because their libraries are not in Maven central. So you're effectively pointing Maven to an outside repository you wish to use for your app and any of its libraries.
1.In repositories, when i specify mavenCentral(), is it the repository where all the libraries that i specify like compile 'com.android.support:support-v4:21.0.2'will be searched?
Yes, but only if it isn't in buildscript block.
Everything inside buildscript is used by build system – gradle and possibly some libraries for it.
allprojects.repositories is place where you declare repositories where libraries used by your application will be searched.