View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.maven.plugins.gpg;
20  
21  import java.io.File;
22  import java.util.List;
23  
24  import org.apache.maven.plugin.MojoExecutionException;
25  import org.apache.maven.plugin.MojoFailureException;
26  import org.apache.maven.plugins.annotations.Component;
27  import org.apache.maven.plugins.annotations.LifecyclePhase;
28  import org.apache.maven.plugins.annotations.Mojo;
29  import org.apache.maven.plugins.annotations.Parameter;
30  import org.apache.maven.project.MavenProject;
31  import org.apache.maven.project.MavenProjectHelper;
32  
33  /**
34   * Sign project artifact, the POM, and attached artifacts with GnuPG for deployment.
35   *
36   * @author Jason van Zyl
37   * @author Jason Dillon
38   * @author Daniel Kulp
39   */
40  @Mojo(name = "sign", defaultPhase = LifecyclePhase.VERIFY, threadSafe = true)
41  public class GpgSignAttachedMojo extends AbstractGpgMojo {
42  
43      /**
44       * Skip doing the gpg signing.
45       */
46      @Parameter(property = "gpg.skip", defaultValue = "false")
47      private boolean skip;
48  
49      /**
50       * A list of files to exclude from being signed. Can contain Ant-style wildcards and double wildcards. The default
51       * excludes are <code>**&#47;*.md5 **&#47;*.sha1 **&#47;*.sha256 **&#47;*.sha512 **&#47;*.asc **&#47;*.sigstore</code>.
52       *
53       * @since 1.0-alpha-4
54       */
55      @Parameter
56      private String[] excludes;
57  
58      /**
59       * The directory where to store signature files.
60       *
61       * @since 1.0-alpha-4
62       */
63      @Parameter(defaultValue = "${project.build.directory}/gpg", alias = "outputDirectory")
64      private File ascDirectory;
65  
66      /**
67       * The maven project.
68       */
69      @Parameter(defaultValue = "${project}", readonly = true, required = true)
70      protected MavenProject project;
71  
72      /**
73       * Maven ProjectHelper
74       */
75      @Component
76      private MavenProjectHelper projectHelper;
77  
78      @Override
79      public void execute() throws MojoExecutionException, MojoFailureException {
80          if (skip) {
81              // We're skipping the signing stuff
82              return;
83          }
84  
85          // ----------------------------------------------------------------------------
86          // Collect files to sign
87          // ----------------------------------------------------------------------------
88  
89          FilesCollector collector = new FilesCollector(project, excludes, getLog());
90          List<FilesCollector.Item> items = collector.collect();
91  
92          // ----------------------------------------------------------------------------
93          // Sign collected files and attach all the signatures
94          // ----------------------------------------------------------------------------
95  
96          AbstractGpgSigner signer = newSigner(project);
97          signer.setOutputDirectory(ascDirectory);
98          signer.setBuildDirectory(new File(project.getBuild().getDirectory()));
99          signer.setBaseDirectory(project.getBasedir());
100 
101         getLog().info("Signing " + items.size() + " file" + ((items.size() > 1) ? "s" : "") + " with "
102                 + ((signer.keyname == null) ? "default" : signer.keyname) + " secret key.");
103 
104         for (FilesCollector.Item item : items) {
105             getLog().debug("Generating signature for " + item.getFile());
106 
107             File signature = signer.generateSignatureForArtifact(item.getFile());
108 
109             projectHelper.attachArtifact(
110                     project,
111                     item.getExtension() + AbstractGpgSigner.SIGNATURE_EXTENSION,
112                     item.getClassifier(),
113                     signature);
114         }
115     }
116 }