From 56387f78d7837350cdad0465791542ab7c91a94b Mon Sep 17 00:00:00 2001 From: Tigran Mkrtchyan Date: Mon, 29 Jul 2019 08:44:36 +0200 Subject: [PATCH] pom: add profile to sign artifacts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Motivation: The are many reasons why we should sign our artifacts. The main two are: - allow library users to verify who have release the jars - maven central accepts only signed artifacts (and this is the goal) Modification: Add profile that will be activated by maven release plugin or manually with `-P sign-artifacts` option. Result: produced artifacts will be released. Acked-by: Jürgen Starek Target: master, 0.19 --- pom.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/pom.xml b/pom.xml index 3c006ce39..43282fb28 100644 --- a/pom.xml +++ b/pom.xml @@ -251,4 +251,37 @@ + + + sign-artifacts + + + performRelease + true + + + + + + org.apache.maven.plugins + maven-gpg-plugin + 1.6 + + ${gpg.passphrase} + + + + sign-artifacts + verify + + sign + + + + + + + + +