Monday, July 14, 2008

Maven 2 GPG Plugin

Maven 2 GPG Plugin, allows to sign attached artifacts with GunPG. One of the tedious processes involved in releasing a project is to sign its artifacts. Some of the releases might contain 10-15 artifacts. Ex: WSO2 WSAS etc. So in order to get the release process smoother, one could just need to add the following plugin into the parent pom.xml,

<plugin>
<groupid>org.apache.maven.plugins</groupid>
<artifactid>maven-gpg-plugin</artifactid>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>


The latest version of this plugin is 1.0-alpha-4 as at 2007-09-28.

Then using "mvn clean deploy" will sign the artifacts in addition to md5 & sha1. It's advisable if the prior plugin be added in a "profile" section. Then only at the release time, "asc" files are generated. Trust me, when you have A LOT OF artifacts to be signed, above plugin is a life saver.

No comments: