| ------ |
| Deploy Signed Artifacts |
| ------ |
| Dennis Lundberg |
| ------ |
| 2011-03-19 |
| ------ |
| |
| ~~ Licensed to the Apache Software Foundation (ASF) under one |
| ~~ or more contributor license agreements. See the NOTICE file |
| ~~ distributed with this work for additional information |
| ~~ regarding copyright ownership. The ASF licenses this file |
| ~~ to you under the Apache License, Version 2.0 (the |
| ~~ "License"); you may not use this file except in compliance |
| ~~ with the License. You may obtain a copy of the License at |
| ~~ |
| ~~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~~ |
| ~~ Unless required by applicable law or agreed to in writing, |
| ~~ software distributed under the License is distributed on an |
| ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~~ KIND, either express or implied. See the License for the |
| ~~ specific language governing permissions and limitations |
| ~~ under the License. |
| |
| |
| Deploy Signed Artifacts |
| |
| Without this plugin you deploy your project like this: |
| |
| +----------+ |
| mvn deploy |
| +----------+ |
| |
| If you have configured this plugin according to the instructions in the |
| {{{../usage.html}usage page}}, you just need to specify the passphrase for |
| your private key on the command line like this: |
| |
| +----------+ |
| mvn deploy -Dgpg.passphrase=thephrase |
| +----------+ |
| |
| If you don't specify a passphrase, it will prompt for one. |
| |
| |
| * Install/Deploy without configuring the plugin in the POM |
| |
| Currently this is not easily accomplished. gpg signs the artifacts attached to the |
| build at the point that gpg runs. However, we want to "inject" the gpg into the phases. |
| What MIGHT work is: |
| |
| +----------+ |
| mvn verify gpg:sign install:install deploy:deploy |
| +----------+ |
| |
| However, if there are other plugins configured for phases after the <<<verify>>> phase, they will not be run. |