The direction for using the GPG plugin are:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
However, this is going to run the GPG plugin every time I run install (I
tested).
That's a problem for me, and a problem for my continuous integration server.
I don't want to store a public key passphrase in my settings.xml.
How can I ensure that the GPG plugin is only used when I'm using the deploy
goal?
And is there a hook for signing assemblies as well as aritfacts?
Thanks!
--
Howard M. Lewis Ship
TWD Consulting, Inc.
Independent J2EE / Open-Source Java Consultant
Creator and PMC Chair, Apache Tapestry
Creator, Apache HiveMind
Professional Tapestry training, mentoring, support
and project work. http://howardlewisship.com
