This is an automated email from the ASF dual-hosted git repository. rec pushed a commit to branch refactoring/UIMA-6444-Automatically-sign-Eclipse-plugins-during-release-builds in repository https://gitbox.apache.org/repos/asf/uima-uimaj.git
commit 223c02d4ae55b72ccc6df32c5cb1238d31224081 Author: Richard Eckart de Castilho <[email protected]> AuthorDate: Mon May 9 09:45:11 2022 +0200 [UIMA-6444] Automatically sign Eclipse plugins during release builds - Attempting to embed PGP signatures into the Eclipse artifacts - Disabled due to a Tycho bug embedding the FULL public keychain of the release manager - Also, didn't get Eclipse to recognize the embedded signatures yet (did work with a minimal example I built separately though...) --- uimaj-eclipse-maven-p2-site/pom.xml | 1 + uimaj-eclipse-update-site/pom.xml | 21 +++++++++++++++++++++ uimaj-parent/pom.xml | 6 ++++++ 3 files changed, 28 insertions(+) diff --git a/uimaj-eclipse-maven-p2-site/pom.xml b/uimaj-eclipse-maven-p2-site/pom.xml index 963cd098f..3f8786c19 100644 --- a/uimaj-eclipse-maven-p2-site/pom.xml +++ b/uimaj-eclipse-maven-p2-site/pom.xml @@ -54,6 +54,7 @@ <includeDependencies>false</includeDependencies> <includeManaged>false</includeManaged> <includeTransitiveDependencies>false</includeTransitiveDependencies> + <includePGPSignature>${tycho-include-gpg-signatures}</includePGPSignature> </configuration> </execution> </executions> diff --git a/uimaj-eclipse-update-site/pom.xml b/uimaj-eclipse-update-site/pom.xml index 1c0df6aa6..5ae1c0304 100644 --- a/uimaj-eclipse-update-site/pom.xml +++ b/uimaj-eclipse-update-site/pom.xml @@ -62,6 +62,10 @@ <version>${tycho-version}</version> <configuration> <skipArchive>true</skipArchive> + <!-- + Inclusion of GPG signatures not (yet?) supported + https://github.com/eclipse/tycho/discussions/946 + --> </configuration> </plugin> </plugins> @@ -102,6 +106,23 @@ </execution> </executions> </plugin> + <!-- + tycho-gpg-plugin 2.7.3 includes ALL public keys - not usable atm + https://github.com/eclipse/tycho/issues/948 + <plugin> + <groupId>org.eclipse.tycho</groupId> + <artifactId>tycho-gpg-plugin</artifactId> + <version>${tycho-version}</version> + <executions> + <execution> + <id>sign-p2-artifacts</id> + <goals> + <goal>sign-p2-artifacts</goal> + </goals> + </execution> + </executions> + </plugin> + --> </plugins> </build> </profile> diff --git a/uimaj-parent/pom.xml b/uimaj-parent/pom.xml index 97167f843..4d53a93a9 100644 --- a/uimaj-parent/pom.xml +++ b/uimaj-parent/pom.xml @@ -134,6 +134,7 @@ <properties> <!-- versions >= 2.7.1 seem to have a bug that they embed bundle JARs --> <tycho-version>2.7.3-SNAPSHOT</tycho-version> + <tycho-include-gpg-signatures>false</tycho-include-gpg-signatures> <!-- Configuring settings is best done through default properties that multiple plugins. @@ -348,6 +349,11 @@ <profiles> <profile> <id>apache-release</id> + + <properties> + <tycho-include-gpg-signatures>true</tycho-include-gpg-signatures> + </properties> + <build> <plugins> <plugin>
