Android - Third-Party Libraries in Your Module
When developing Android modules for the Q2 Mobile App, we follow strict security and performance guidelines that restrict the use of additional Maven repositories. This ensures that our app remains secure and manageable by keeping external dependencies to a minimum.
Standard maven repositories like google and mavenCentral are accessible and should provide no problems in using.
If your module requires third-party libraries that are private or not on one of these maven servers, we provide a process for adding these libraries to the Q2 repository infrastructure.
This document outlines how to handle third-party libraries, especially those hosted in
private Maven repositories or repositories that we cannot access directly. We will explain
how to submit your .aar (Android Archive) and .pom (Project Object Model) files to Q2,
so that we can host them and ensure your module can access them securely.
Key Points
- No Additional Maven Repositories: For security reasons, the Q2 Mobile App does not allow adding additional Maven repositories beyond our approved set. This helps to maintain a controlled environment and ensures all dependencies are vetted and accessible.
- Private Libraries: If your module requires a private library, or a library from a Maven repository we cannot access, we can host the library's artifact for you.
- Process for Hosting Libraries: You will submit your library's
.aarand.pomfiles, and we will upload them to your Android repositories package registry. After that, you can implement the library using a standard Maven-style dependency call.
Step-by-Step Process for Using Third-Party Libraries
Publishing Your Module
If your module depends on a third-party library that is not available in our allowed Maven repositories, follow these steps:
-
Obtain the .aar and .pom files: These are the key artifacts required for a library. The
.aarfile contains the actual Android library, while the.pomfile describes the project structure and dependencies. -
Ensure the .pom file is correct: The
.pomfile needs to be constructed correctly, with case-sensitive values. Any mismatched names or values can cause issues when trying to access the artifact later. Be sure the groupId, artifactId, and version in the.pomfile match the actual library. -
Place the files in an /artifacts folder: For easy organization and upload, place your
.aarand.pomfiles in the root of your Android module under a directory named/artifacts. This structure is crucial for streamlining the hosting process.
Push the Files to Your Git Repository
- Push the /artifacts folder: After you have placed the
.aarand.pomfiles in the/artifactsfolder, push this directory to your module's Git repository.
Open a Ticket for Hosting the Library
Once the files are uploaded to your Git repository, you need to notify the Q2 team so we can host the library for you.
-
Open a ticket: Submit a request through the Q2 support ticketing system. In the ticket, mention that you have pushed the
.aarand.pomfiles to the/artifactsfolder in your repository and require assistance hosting these files. -
Provide the necessary details: Ensure the ticket contains relevant details, such as the name of the library, the version, and any additional information needed for our team to properly configure and host the library.
Q2 Team Uploads the Library to the Package Registry
Once we receive the ticket and the artifact files, the Q2 team will:
-
Verify the files: Ensure that the
.aarand.pomfiles are correct and meet the required format. -
Upload the artifacts: We will upload the
.aarand.pomfiles to your Android repositories package registry, making them available for use in your module.
Implement the Library in Your Module
After the artifacts have been uploaded to the registry, you can implement the third-party library in your Android module just like any other Maven dependency:
- Update your build.gradle: In your module's
build.gradlefile, add the dependency using the standard Maven implementation format:
implementation 'groupId:artifactId:version'
Replace groupId, artifactId, and version with the corresponding values from the .pom
file. If not sure, we can also send you the host link and or dependency implementation.
Dependencies of the Library
If the library you're trying to implement has any other dependencies that are hosted in repositories we cannot access, we will need to host those as well. In this case, ensure that:
-
All dependencies are included: Make sure to include all
.aarand.pomfiles for any additional dependencies in the/artifactsfolder. -
Request hosting for dependencies: Please include all of these in the same original ticket.
Final Testing
After adding the dependency and syncing your Gradle files, make sure to test the module to ensure that:
- The third-party library is correctly integrated.
- All functionality works as expected.
- There are no missing dependencies or runtime issues.
Important Considerations
-
Correct .pom file structure: The
.pomfile must be constructed correctly, with all values (like groupId, artifactId, version) being case-sensitive. Incorrect.pomfiles can result in the library not being found or failing to resolve during the build process. -
Private Libraries: If the library is private or cannot be accessed through our allowed repositories, Q2 will only host it upon request. Be sure to send the correct
.aarand.pomfiles for each artifact. -
Additional Dependencies: If the third-party library you are using has transitive dependencies (i.e., other libraries it depends on), those will also need to be hosted if they are not available in our allowed Maven repositories.
-
Security & Compliance: We maintain strict security practices, and as such, all third-party libraries hosted on our infrastructure are carefully vetted. Any unapproved repositories or unverified libraries will not be allowed.
Conclusion
By following this process, you can ensure that your Android module can safely and securely
use third-party libraries, even if they are hosted in private or restricted Maven
repositories. The Q2 team is here to help you host and manage these libraries, ensuring
that they are accessible to your module while adhering to security and performance
standards. If you require any assistance, do not hesitate to open a ticket and provide the
necessary .aar and .pom files for hosting.