Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/s4u/sign-maven-plugin

Maven plugin which creates Open PGP / GPG signatures for all of the project's artifacts
https://github.com/s4u/sign-maven-plugin

hacktoberfest java maven maven-plugin pgp-signature

Last synced: 3 days ago
JSON representation

Maven plugin which creates Open PGP / GPG signatures for all of the project's artifacts

Host: GitHub
URL: https://github.com/s4u/sign-maven-plugin
Owner: s4u
License: apache-2.0
Created: 2020-12-14T20:45:45.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2024-12-16T23:55:41.000Z (18 days ago)
Last Synced: 2024-12-17T00:56:11.405Z (18 days ago)
Topics: hacktoberfest, java, maven, maven-plugin, pgp-signature
Language: Java
Homepage: https://www.simplify4u.org/sign-maven-plugin/
Size: 967 KB
Stars: 47
Watchers: 6
Forks: 7
Open Issues: 11
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# Sign Maven Plugin
[![Build](https://github.com/s4u/sign-maven-plugin/workflows/Build/badge.svg)](https://github.com/s4u/sign-maven-plugin/actions?query=workflow%3ABuild)
[![Reproducible Builds](https://img.shields.io/badge/Reproducible_Builds-ok-success?labelColor=1e5b96)](https://github.com/jvm-repo-rebuild/reproducible-central#org.simplify4u.plugins:sign-maven-plugin)
[![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.simplify4u.plugins/sign-maven-plugin/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.simplify4u.plugins/sign-maven-plugin)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=org.simplify4u.plugins%3Asign-maven-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=org.simplify4u.plugins%3Asign-maven-plugin)
[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=org.simplify4u.plugins%3Asign-maven-plugin&metric=coverage)](https://sonarcloud.io/dashboard?id=org.simplify4u.plugins%3Asign-maven-plugin)
[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=org.simplify4u.plugins%3Asign-maven-plugin&metric=ncloc)](https://sonarcloud.io/dashboard?id=org.simplify4u.plugins%3Asign-maven-plugin)

Creates Open PGP / GPG signatures for all of the project's artifacts
without any external software.

This plugin can replace **maven-gpg-plugin** in an easy way and provide new features.

# Feature

- all the signing operations are done using `Bouncy Castle`
- support Maven `3.6` and is ready for next version `4.0` of Maven
- support `subkey` for signing
- easy to use on CI system, configuration can be provided by environment variables
- key passphrase can be encrypted by standard Maven [Password Encryption](https://maven.apache.org/guides/mini/guide-encryption.html)
- no needed store private key on CI system - you can use key from environment variable

# Key prepare

Please look at our [tutorial](https://www.simplify4u.org/sign-maven-plugin/key-prepare.html)

# Usage
## Key configuration provided in pom

```xml

org.simplify4u.plugins
sign-maven-plugin

sign

...

```

## Key configuration provided in environment variables

Key configuration can be provided by environment variables: `SIGN_KEY`, `SIGN_KEY_ID`, `SIGN_KEY_PASS`.

When using environment variables for configuration, `SIGN_KEY` - must contain private key content - not file path for key

So your pom configuration can be simplified to:

```xml

org.simplify4u.plugins
sign-maven-plugin

sign

...

```

# Documentations

You can find more information about configuration options on the site:

https://www.simplify4u.org/sign-maven-plugin/

# Testing latest snapshot version

Each build of current version is deployed to sonatype snapshots repository.