| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor |
| license agreements. See the NOTICE file distributed with this work for additional |
| information regarding copyright ownership. The ASF licenses this file to |
| you under the Apache License, Version 2.0 (the "License"); you may not use |
| this file except in compliance with the License. You may obtain a copy of |
| the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required |
| by applicable law or agreed to in writing, software distributed under the |
| License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS |
| OF ANY KIND, either express or implied. See the License for the specific |
| language governing permissions and limitations under the License. --> |
| <project |
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" |
| xmlns="http://maven.apache.org/POM/4.0.0" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> |
| <modelVersion>4.0.0</modelVersion> |
| <parent> |
| <groupId>org.apache.sling.ide</groupId> |
| <artifactId>sling-ide-tooling</artifactId> |
| <version>1.2.3-SNAPSHOT</version> |
| </parent> |
| <artifactId>org.apache.sling.ide.p2update</artifactId> |
| <packaging>eclipse-repository</packaging> |
| <name>Apache Sling IDE Tools Update Site</name> |
| |
| <scm> |
| <connection>scm:git:https://gitbox.apache.org/repos/asf/sling-ide-tooling.git</connection> |
| <developerConnection>scm:git:https://gitbox.apache.org/repos/asf/sling-ide-tooling.git</developerConnection> |
| <url>https://github.com/apache/sling-ide-tooling.git</url> |
| </scm> |
| |
| <build> |
| <!-- ensure that extra files are picked up by the maven-source-plugin --> |
| <resources> |
| <resource> |
| <directory>.</directory> |
| <includes> |
| <include>category.xml</include> |
| </includes> |
| </resource> |
| </resources> |
| <plugins> |
| <!-- the update site is not expected to contain legal artifacts --> |
| <plugin> |
| <groupId>org.apache.geronimo.genesis.plugins</groupId> |
| <artifactId>tools-maven-plugin</artifactId> |
| <configuration> |
| <skip>true</skip> |
| </configuration> |
| </plugin> |
| <plugin> |
| <groupId>org.eclipse.tycho</groupId> |
| <artifactId>target-platform-configuration</artifactId> |
| <version>${tycho.version}</version> |
| <configuration> |
| <target> |
| <file>${basedir}/org.apache.sling.ide.target-definition.target</file> |
| </target> |
| </configuration> |
| </plugin> |
| </plugins> |
| <pluginManagement> |
| <plugins> |
| <plugin> |
| <groupId>org.apache.geronimo.genesis.plugins</groupId> |
| <artifactId>tools-maven-plugin</artifactId> |
| <executions> |
| <execution> |
| <!-- this goal does not work for eclipse repositories, therefore bind |
| to invalid phase id --> |
| <id>verify-legal-files</id> |
| <phase>invalid</phase> |
| </execution> |
| </executions> |
| </plugin> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-source-plugin</artifactId> |
| <executions> |
| <execution> |
| <!-- this goal does not work for eclipse repositories, therefore bind |
| to invalid phase id --> |
| <id>attach-sources</id> |
| <phase>invalid</phase> |
| </execution> |
| </executions> |
| </plugin> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-release-plugin</artifactId> |
| <configuration> |
| <releaseProfiles>apache-release,sign-with-jarsigner</releaseProfiles> |
| </configuration> |
| </plugin> |
| </plugins> |
| </pluginManagement> |
| </build> |
| <profiles> |
| <profile> |
| <!-- this profile is automatically active during release:perform |
| each signature costs the ASF money, therefore only activate during releases |
| --> |
| <id>sign-with-jarsigner</id> |
| <build> |
| <plugins> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-enforcer-plugin</artifactId> |
| <executions> |
| <execution> |
| <id>enforce-digicert-one-env-variables</id> |
| <goals> |
| <goal>enforce</goal> |
| </goals> |
| <configuration> |
| <rules> |
| <requireProperty> |
| <property>env.PKCS11_CONFIG</property> |
| </requireProperty> |
| <!-- the ones listed at https://docs.digicert.com/de/digicert-one/secure-software-manager/ci-cd-integrations/maven-integration-with-pkcs11.html --> |
| <requireProperty> |
| <property>env.SM_CLIENT_CERT_PASSWORD</property> |
| </requireProperty> |
| <requireProperty> |
| <property>env.SM_CLIENT_CERT_FILE</property> |
| </requireProperty> |
| <requireProperty> |
| <property>env.SM_API_KEY</property> |
| </requireProperty> |
| </rules> |
| </configuration> |
| </execution> |
| </executions> |
| </plugin> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-jarsigner-plugin</artifactId> |
| <version>3.0.0</version> |
| <executions> |
| <execution> |
| <id>sign</id> |
| <goals> |
| <goal>sign</goal> |
| </goals> |
| <phase>prepare-package</phase> <!-- must happen after "assemble-repository" but before "fix-artifacts-metadata" --> |
| <configuration> |
| <keystore>NONE</keystore> |
| <alias>Sling-PMC-2022-09</alias> |
| <storepass>none</storepass> |
| <providerClass>sun.security.pkcs11.SunPKCS11</providerClass> |
| <storetype>PKCS11</storetype> |
| <providerArg>${env.PKCS11_CONFIG}</providerArg> |
| <tsa>http://timestamp.digicert.com</tsa> |
| <verbose>true</verbose> |
| <processMainArtifact>false</processMainArtifact> |
| <archiveDirectory>${project.build.directory}/repository/plugins</archiveDirectory> |
| <includes> |
| <!-- only sign our own artifacts --> |
| <include>org.apache.sling.*.jar</include> |
| </includes> |
| </configuration> |
| </execution> |
| </executions> |
| </plugin> |
| <!-- fix metadata of repository after signing --> |
| <plugin> |
| <groupId>org.eclipse.tycho</groupId> |
| <artifactId>tycho-p2-repository-plugin</artifactId> |
| <version>${tycho.version}</version> |
| <executions> |
| <execution> |
| <id>update-metadata-after-signing</id> |
| <goals> |
| <goal>fix-artifacts-metadata</goal> |
| </goals> |
| <phase>prepare-package</phase><!-- must happen after "sign" but before "archive-repository" --> |
| </execution> |
| <execution> |
| <id>verify</id> |
| <goals> |
| <goal>verify-repository</goal> |
| </goals> |
| </execution> |
| </executions> |
| </plugin> |
| </plugins> |
| </build> |
| </profile> |
| <profile> |
| <id>sign-with-gpg</id> |
| <build> |
| <plugins> |
| <plugin> |
| <groupId>org.eclipse.tycho</groupId> |
| <artifactId>tycho-gpg-plugin</artifactId> |
| <version>${tycho.version}</version> |
| <executions> |
| <execution> |
| <!-- https://tycho.eclipseprojects.io/doc/latest/tycho-gpg-plugin/sign-p2-artifacts-mojo.html --> |
| <id>sign-p2-artifacts</id> |
| <goals> |
| <goal>sign-p2-artifacts</goal> |
| </goals> |
| </execution> |
| </executions> |
| </plugin> |
| </plugins> |
| </build> |
| </profile> |
| </profiles> |
| </project> |