Hi guys. I have an android sdk project that I upload to Github packages using maven plugin for Android Studio. Is there any way to not publish the sources.jar? I want my source code to remain hidden for the SDK consumers… This is my gradle part

publishing {
    repositories {
       
        maven {
            name = "GithubPackages"
            url = uri("<https://maven.pkg.github.com/>...")
            credentials {
                username = "..."
                password = "..."
            }
        }
    }
}

The global properties file should be located in your home directory: • On Windows: C:\Users\<you>\.gradle\gradle.properties • On Mac/Linux: /Users/<you>/.gradle/gradle.properties

Thanks, but I cant find that file…. 😞

Create a new file

@Vitaliy Zarubin how will it help us to prevent users from downloading jars itself? Anyway they download source code while using dependency, so it could be decompiled or broken in any other way. Am I wrong?

This is an assembly, there will be no passwords in the jar, they are needed only for assembly

Yeah. This is still unclear to me. I still don’t understand how to ‘tell’ maven not to create sources.jar and upload it. I’m currently trying to disable the Sources.jar tasks. I’ll update if this works… thanks guys for your help

I still don’t understand how to ‘tell’ maven not to create sources.jar and upload it

I’m not sure it is possible. Dependency can’t work without source code, because it’s compiling in build time.

I tried to do that but it didn’t seem to work (I’m not sure but it seems like the obfuscation only happens after the sources are generated)

I’m not sure but it seems like the obfuscation only happens after the sources are generated

Don’t really know about it.

Сredentials are only needed to get dependencies, not for the application to work. there should be no passwords in the build. If this is not the case, I will be surprised)

The credentials are not the problem, we want to keep the repo private, but just hide the sources…

By the same logic - repo is needed to get the dependency. I don't think they somehow figure in the finished build.

I looked at the build process for publishing and I saw that the first two stages are generating the sources, and the minify only happens near the end.. I’m not an expert on the subject but it feels very strange to me… • coreandroidDebugSourcesJar • coreandroidReleaseSourcesJar • corepreBuild • coreextractProguardFiles • corepreDebugBuild • corecompileDebugAidl • coremergeDebugJniLibFolders • coremergeDebugNativeLibs • corestripDebugDebugSymbols • corecopyDebugJniLibsProjectAndLocalJars • corecompileDebugRenderscript • coregenerateBuildKonfig • coregenerateDebugBuildConfig • coregenerateDebugResValues • coregenerateDebugResources • corepackageDebugResources • coreparseDebugLocalResources • coreprocessDebugManifest • corejavaPreCompileDebug • coremergeDebugShaders • corecompileDebugShaders • coregenerateDebugAssets • corepackageDebugAssets • corepackageDebugRenderscript • coreprepareLintJarForPublish • coreprocessDebugJavaRes • corewriteDebugAarMetadata • corepreReleaseBuild • corecompileReleaseAidl • coremergeReleaseJniLibFolders • coremergeReleaseNativeLibs • corestripReleaseDebugSymbols • corecopyReleaseJniLibsProjectAndLocalJars • corecompileReleaseRenderscript • coregenerateReleaseBuildConfig • coregenerateReleaseResValues • coregenerateReleaseResources • corepackageReleaseResources • coreparseReleaseLocalResources • coreprocessReleaseManifest • corejavaPreCompileRelease • coremergeReleaseShaders • corecompileReleaseShaders • coregenerateReleaseAssets • corepackageReleaseAssets • corepackageReleaseRenderscript • coreprocessReleaseJavaRes • corewriteReleaseAarMetadata • coregeneratePomFileForAndroidPublication • coregenerateDebugRFile • coregenerateDebugLibraryProguardRules • coregenerateReleaseRFile • coregenerateReleaseLibraryProguardRules • corecompileDebugKotlinAndroid • BufferingMeter.kt • ‘when’ expression on enum is recommended to be exhaustive, add ‘STATE_IDLE’, ‘STATE_ENDED’ branches or ‘else’ branch instead • ‘when’ expression on enum is recommended to be exhaustive, add ‘STATE_IDLE’, ‘STATE_ENDED’ branches or ‘else’ branch instead • ‘when’ expression on enum is recommended to be exhaustive, add ‘STATE_IDLE’, ‘STATE_ENDED’ branches or ‘else’ branch instead • ‘when’ expression on enum is recommended to be exhaustive, add ‘STATE_IDLE’, ‘STATE_ENDED’ branches or ‘else’ branch instead • CoViewClientImpl.kt • MessengerFeatureImpl.kt • RoomStateSerializer.kt • PositionSynchronizer.kt • corecompileDebugJavaWithJavac • coreextractDebugAnnotations • coremergeDebugGeneratedProguardFiles • coremergeDebugConsumerProguardFiles • coremergeDebugJavaResource • corecompileReleaseKotlinAndroid • corecompileReleaseJavaWithJavac • coreextractReleaseAnnotations • coremergeReleaseGeneratedProguardFiles • coremergeReleaseConsumerProguardFiles • coremergeReleaseJavaResource • coreminifyDebugWithR8 • coresyncDebugLibJars • corebundleDebugAar • coreminifyReleaseWithR8 • coresyncReleaseLibJars • corebundleReleaseAar • coregenerateMetadataFileForAndroidPublication • corepublishAndroidPublicationToMavenLocal

And how users will use your sdk then?

Yeah, I looked in the github packages page and there is no sources.jar

🤯

I don't think you can remove sdk api and have it at the same time

Yes, so what do we have: 1. Yaniv removed sdk sources, so that means removed api too 2. It is possible to use api 3. Api doesn't exists 4. 🤯

The api is still there. The sdk is compiled and uploaded as an aar file to github.

Ohhhhh damned

and there is no ‘download sources’ from the android studio

This is solved with minimization

minify = true? I tried but the sources.jar was still uploaded and that wasn’t minified

Hmmm I think that exactly what Vitaliy was talking about - gradle.properties

umm… I think that only works locally, it would not work for some client who tries to consume the sdk. I could be wrong though..

Don't know, I have this enabled in my SDK, but don't remember how exactly - can't take a look now, because out of pc