On 29/09/2010, at 12:26 AM, Joern Huxhorn wrote: > Hi everyone. > > I'm writing a gradle plugin that provides the functionality of the > maven-gpg-plugin and I've now reached a point where I don't know how to solve > the remaining issues... > > You can find the project here: > http://github.com/huxi/huxi-gradle-plugins > > The current version has several issues: > - The created signature files are not added to the set of artifacts, meaning > they are not deployed to the maven repository. :(
Have a look at this email thread from some details: http://gradle.markmail.org/thread/pgdhc7hrfn2e27o5 > - If no password is given using either the System property 'pgp.password' or > password in the convention above (which would actually both be a rather bad > idea concerning security) then the plugin asks once for password entry using > console.readPassword. This requires Java 6. > - The text output 'Enter PGP-Password: ' is mixed up with the '> Building > > :foo:uploadArchives' text. > The password is prompted for after the later one There is a JIRA issue for this: http://jira.codehaus.org/browse/GRADLE-1147 > . > - This plugin currently attaches itself to uploadArtifact.doFirst - which is > probably a bad idea. It might be better to add a custom task to do the signing, which uploadArtifacts would depend on. This would allow you to, for example, make use of incremental build for signing. It would also allow someone to reuse the signing task without necessarily doing an upload. Or to sign multiple configurations. > - The configuration used for signing is always 'default' Having a custom task would give you a place to add, say, a property that specifies which configuration to sign. -- Adam Murdoch Gradle Developer http://www.gradle.org CTO, Gradle Inc. - Gradle Training, Support, Consulting http://www.gradle.biz
