View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.maven.plugins.gpg;
20  
21  import javax.inject.Inject;
22  
23  import java.io.File;
24  import java.util.List;
25  
26  import org.apache.maven.plugin.MojoExecutionException;
27  import org.apache.maven.plugin.MojoFailureException;
28  import org.apache.maven.plugins.annotations.LifecyclePhase;
29  import org.apache.maven.plugins.annotations.Mojo;
30  import org.apache.maven.plugins.annotations.Parameter;
31  import org.apache.maven.project.MavenProject;
32  import org.apache.maven.project.MavenProjectHelper;
33  
34  /**
35   * Sign project artifact, the POM, and attached artifacts with GnuPG for deployment.
36   *
37   * @author Jason van Zyl
38   * @author Jason Dillon
39   * @author Daniel Kulp
40   */
41  @Mojo(name = "sign", defaultPhase = LifecyclePhase.VERIFY, threadSafe = true)
42  public class GpgSignAttachedMojo extends AbstractGpgMojo {
43  
44      /**
45       * A list of files to exclude from being signed. Can contain Ant-style wildcards and double wildcards. The default
46       * excludes are <code>**&#47;*.md5 **&#47;*.sha1 **&#47;*.sha256 **&#47;*.sha512 **&#47;*.asc **&#47;*.sigstore; **&#47;*.sigstore.json</code>.
47       *
48       * @since 1.0-alpha-4
49       */
50      @Parameter
51      private String[] excludes;
52  
53      /**
54       * The directory where to store signature files.
55       *
56       * @since 1.0-alpha-4
57       */
58      @Parameter(defaultValue = "${project.build.directory}/gpg", alias = "outputDirectory")
59      private File ascDirectory;
60  
61      /**
62       * The maven project.
63       */
64      protected final MavenProject project;
65  
66      /**
67       * Maven ProjectHelper
68       */
69      private final MavenProjectHelper projectHelper;
70  
71      @Inject
72      public GpgSignAttachedMojo(MavenProject project, MavenProjectHelper projectHelper) {
73          this.project = project;
74          this.projectHelper = projectHelper;
75      }
76  
77      @Override
78      protected void doExecute() throws MojoExecutionException, MojoFailureException {
79          // ----------------------------------------------------------------------------
80          // Collect files to sign
81          // ----------------------------------------------------------------------------
82  
83          FilesCollector collector = new FilesCollector(project, excludes, getLog());
84          List<FilesCollector.Item> items = collector.collect();
85  
86          // ----------------------------------------------------------------------------
87          // Sign collected files and attach all the signatures
88          // ----------------------------------------------------------------------------
89  
90          AbstractGpgSigner signer = newSigner(project);
91          signer.setOutputDirectory(ascDirectory);
92          signer.setBuildDirectory(new File(project.getBuild().getDirectory()));
93          signer.setBaseDirectory(project.getBasedir());
94  
95          getLog().info("Signer '" + signer.signerName() + "' is signing " + items.size() + " file"
96                  + ((items.size() > 1) ? "s" : "") + " with key " + signer.getKeyInfo());
97  
98          for (FilesCollector.Item item : items) {
99              getLog().debug("Generating signature for " + item.getFile());
100 
101             File signature = signer.generateSignatureForArtifact(item.getFile());
102 
103             projectHelper.attachArtifact(
104                     project,
105                     item.getExtension() + AbstractGpgSigner.SIGNATURE_EXTENSION,
106                     item.getClassifier(),
107                     signature);
108         }
109     }
110 }