This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j-transform.git

commit 123f8c48fa98e8f7beefe44bc9c3cfe2ce6af9a8
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Tue May 2 19:06:31 2023 +0200

    Use Maven Assembly for source release
---
 .github/workflows/build.yml     |  7 ++---
 .gitignore                      |  1 +
 pom.xml                         | 57 +++++++++++++++++++++++++++++++++++++++++
 src/assembly/source-release.xml | 45 ++++++++++++++++++++++++++++++++
 4 files changed, 105 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 379fd93..7d317fa 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -184,13 +184,10 @@ jobs:
           # `SIGN_KEY` is used by `sign-maven-plugin`
           SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }}
 
-      - name: Create artifacts (RELEASE)
+      - name: Sign artifacts (RELEASE)
         if: startsWith(github.ref, 'refs/heads/release/')
         run: |
-          export 
ZIP_FILEPATH="target/apache-log4j-transform-${PROJECT_VERSION}-src.zip"
-          git ls-files -z | xargs -0 zip -9 "$ZIP_FILEPATH" --
-          gpg --armor --detach-sign --yes --pinentry-mode error "$ZIP_FILEPATH"
-          sha512sum "$ZIP_FILEPATH" > "$ZIP_FILEPATH.sha512"
+          gpg --armor --detach-sign --yes --pinentry-mode error 
"target/apache-log4j-transform-${PROJECT_VERSION}-src.zip"
 
       - name: Upload artifacts (RELEASE)
         if: startsWith(github.ref, 'refs/heads/release/')
diff --git a/.gitignore b/.gitignore
index c1a33c5..7a0958c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+## Keep in sync with src/assembly/source-assembly.xml
 target/
 # IntelliJ IDEA
 .idea
diff --git a/pom.xml b/pom.xml
index 4cdc39a..505c2de 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,6 +98,7 @@
     <!-- `project.build.outputTimestamp` is required for reproducible builds: 
https://maven.apache.org/guides/mini/guide-reproducible-builds.html -->
     <project.build.outputTimestamp>1682714736</project.build.outputTimestamp>
     <!-- plugin versions -->
+    <checksum-maven-plugin.version>1.11</checksum-maven-plugin.version>
     <flatten-maven-plugin.version>1.4.1</flatten-maven-plugin.version>
     
<log4j-changelog-maven-plugin.version>0.3.0</log4j-changelog-maven-plugin.version>
     <sign-maven-plugin.version>1.0.1</sign-maven-plugin.version>
@@ -200,12 +201,68 @@
         <defaultGoal>deploy</defaultGoal>
         <plugins>
 
+          <!-- Create a source-release artifact that contains the fully 
buildable
+               project directory source structure. This is the artifact which 
is
+               the official subject of any release vote. -->
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-assembly-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>source-release-assembly</id>
+                <goals>
+                  <goal>single</goal>
+                </goals>
+                <phase>package</phase>
+                <configuration>
+                  <runOnlyAtExecutionRoot>true</runOnlyAtExecutionRoot>
+                  
<finalName>apache-log4j-transform-${project.version}</finalName>
+                  <runOnlyAtExecutionRoot>true</runOnlyAtExecutionRoot>
+                  <descriptors>
+                    <descriptor>src/assembly/source-release.xml</descriptor>
+                  </descriptors>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>net.nicoulaj.maven.plugins</groupId>
+            <artifactId>checksum-maven-plugin</artifactId>
+            <version>1.11</version>
+            <executions>
+              <execution>
+                <id>source-release-checksum</id>
+                <goals>
+                  <goal>files</goal>
+                </goals>
+                <!-- execute prior to maven-gpg-plugin:sign due to 
https://github.com/nicoulaj/checksum-maven-plugin/issues/112 -->
+                <phase>post-integration-test</phase>
+                <configuration>
+                  <algorithms>
+                    <algorithm>SHA-512</algorithm>
+                  </algorithms>
+                  <csvSummary>false</csvSummary>
+                  <fileSets>
+                    <fileSet>
+                      <directory>${project.build.directory}</directory>
+                      <includes>
+                        <include>apache-log4j-transform*</include>
+                      </includes>
+                    </fileSet>
+                  </fileSets>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+
           <plugin>
             <groupId>org.simplify4u.plugins</groupId>
             <artifactId>sign-maven-plugin</artifactId>
             <version>${sign-maven-plugin.version}</version>
             <executions>
               <execution>
+                <id>default-sign</id>
                 <goals>
                   <goal>sign</goal>
                 </goals>
diff --git a/src/assembly/source-release.xml b/src/assembly/source-release.xml
new file mode 100644
index 0000000..01a3bda
--- /dev/null
+++ b/src/assembly/source-release.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to you under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<assembly>
+  <id>src</id>
+  <formats>
+    <format>zip</format>
+  </formats>
+  <fileSets>
+    <fileSet>
+      <useDefaultExcludes>true</useDefaultExcludes>
+      <directory>${project.basedir}</directory>
+      <excludes>
+        <!-- Keep in sync with .gitignore -->
+        <exclude>**/target/**</exclude>
+        <exclude>.idea/**</exclude>
+        <exclude>**/*.iml</exclude>
+        <exclude>**/*.iws</exclude>
+        <exclude>**/.classpath</exclude>
+        <exclude>**/.project</exclude>
+        <exclude>**/.settings/**</exclude>
+        <exclude>.mvn/wrapper/maven-wrapper.jar</exclude>
+        <!-- Remove Git and Github specific stuff -->
+        <exclude>.git/**</exclude>
+        <exclude>.github/**</exclude>
+        <exclude>.gitattributes</exclude>
+        <exclude>.gitignore</exclude>
+      </excludes>
+    </fileSet>
+  </fileSets>
+</assembly>

Reply via email to