Introduce mock repository manager to verify uploaded artifacts
14 files changed
tree: 2013d6c29b42701f4cfdf40ba17a8e49afd7fed7
  1. .github/
  2. src/
  3. .asf.yaml
  4. .gitignore
  5. pom.xml

PGP sign plugin

Create PGP signature for all artifacts in maven project


  • first version require maven 3.7.0-SNAPSHOT
  • use build/consumer feature


  • documentations
  • check if all artifacts are ready to sign - if package goal was running
  • find a good approach to storing passwords
  • detect expired key
  • signing by sub key
  • support keyId in short, long and fingerprint formats - now is long
  • review it test from GPG plugin - maybe some case should be addressed
  • decision - if we should move pgp code to external project