Using ProGuard to Protect Minecraft Server Plugins

Since I’ve personally been using ProGuard to shrink and protect Bukkit/Spigot plugins for Minecraft servers, I figured sharing the information here can’t hurt.

First of all, you need to integrate ProGuard in your build process. If you have not done so already, I would highly recommend using Gradle for your builds as it can easily download the required dependencies for you. In the past I used Maven for building and got dependencies from Maven repositories, but Gradle can also download dependencies from those same Maven repositories and is more flexible.

I won’t include all the details on how to set up Gradle based builds (might be for another post if there is interest) but I do have a few tips:

• Use the resource processing task to automatically replace your plugin version in plugin.yml

  processResources {
      outputs.upToDateWhen { false }
      filesMatching('**/plugin.yml') {
          filter {
              it.replace('@version@', project.version.toString())
          }
      }
  }

• If you have a public API that you are keeping (more on this later) create a task that can export a library jar that can be used by other plugin devs.

  task apiJar(type: Jar, dependsOn: compileJava) {
      from (sourceSets.main.output) {
          include 'my/package/api**'
      }
      includeEmptyDirs = false
      baseName = 'APIJAR'
  }

Now for the ProGuard part, this is a partial config with the most essential rules:

With this information and some help from the ProGuard manual regarding the Gradle setup, you should be able to process your plugin!