You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by mm...@apache.org on 2021/04/05 17:22:12 UTC
[bookkeeper] branch master updated: sign published packages (#2674)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 6eadbaa sign published packages (#2674)
6eadbaa is described below
commit 6eadbaac1806cebcf658a740b6dd7277a24e4fdb
Author: Surinder Singh <su...@gmail.com>
AuthorDate: Mon Apr 5 10:22:04 2021 -0700
sign published packages (#2674)
Add signing plugin to sign artifacts using PGP. For details see
https://docs.gradle.org/current/userguide/signing_plugin.html
This was testing by publishing to local maven repository:
```
$ gradlew bookkeeper-server:publishMavenPublicationToMavenLocal
$ ls -ln ~/.m2/repository/org/apache/bookkeeper/bookkeeper-server/4.14.0-SNAPSHOT/
total 10568
-rw-r--r-- 1 501 20 1596624 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT-tests.jar
-rw-r--r-- 1 501 20 650 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT-tests.jar.asc
-rw-r--r-- 1 501 20 2254279 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT.jar
-rw-r--r-- 1 501 20 650 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT.jar.asc
-rw-r--r-- 1 501 20 6983 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT.module
-rw-r--r-- 1 501 20 650 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT.module.asc
-rw-r--r-- 1 501 20 6251 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT.pom
-rw-r--r-- 1 501 20 650 Mar 31 13:07 bookkeeper-server-4.14.0-SNAPSHOT.pom.asc
-rw-r--r-- 1 501 20 1817 Mar 31 13:07 maven-metadata-local.xml
```
signing can be disable using following using `ORG_GRADLE_PROJECT_skipSigning`:
```
ORG_GRADLE_PROJECT_skipSigning=1 gradlew :bookkeeper-server:publishMavenPublicationToMavenLoca
```
Co-authored-by: Surinder Singh <su...@splunk.com>
---
build.gradle | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/build.gradle b/build.gradle
index 4f4df73..df1b3d0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -42,6 +42,7 @@ allprojects {
&& it.name != 'main') {
apply plugin: 'java'
apply plugin: 'maven-publish'
+ apply plugin: 'signing'
task testJar(type: Jar, dependsOn: testClasses) {
classifier = 'tests'
@@ -76,6 +77,31 @@ allprojects {
}
}
}
+ signing {
+ def skipSigning = project.hasProperty('skipSigning') && skipSigning.toBoolean()
+ def shouldSign = !skipSigning
+
+ if (shouldSign) {
+ if (project.hasProperty("singingKey")) {
+ // The following allow the secretKey and password to be specified using env var
+ // This is mainly for the CI system.
+ // * ORG_GRADLE_PROJECT_signingKey
+ // * ORG_GRADLE_PROJECT_signingPassword
+ // * ORG_GRADLE_PROJECT_signingKeyId
+ // See https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys
+ // for details
+ def signingKey = findProperty("signingKey")
+ def signingKeyId = findProperty("signingKeyId")
+ def signingPassword = findProperty("signingPassword")
+ if (signingKeyId && signingKey && signingPassword) {
+ useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
+ } else if (signingKey && signingPassword) {
+ useInMemoryPgpKeys(signingKey, signingPassword)
+ }
+ }
+ sign publishing.publications.maven
+ }
+ }
}
repositories {