This project provides a Maven plugin for generating PGP signature files for project artifacts using BouncyCastle.
This plugin provides the same functionality as the maven-gpg-plugin when executing the gpg:sign goal. The only difference in functionality is that this plugin does not rely upon GPG (or another command line utility) which allows us to provide PGP keys and passphrases via Maven properties. As a result, your cryptographic material does not have to exist on the build server's disk.
In order to use this plugin add the following to your pom.xml file:
<plugin>
<groupId>com.deciphernow</groupId>
<artifactId>bouncycastle-maven-plugin</artifactId>
<version>1.0.0-SNAPSHOT</version>
<configuration>
<passphrase>${env.PGP_PASSPHRASE}</passphrase>
<rings>${env.PGP_RINGS}</rings>
<userId>${env.PGP_USER_ID}</userId>
</configuration>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>This build uses standard Maven build commands but assumes that the following are installed and configured locally:
- Java (1.8 or greater)
- Maven (3.0 or greater)
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request