抑制基于Maven的连续集成构建的GPG签名（Travis CI） [英] Suppressing GPG signing for Maven-based continous integration builds (Travis CI)

问题描述

我使用 Travis-CI 为我正在开发的一些Java开源项目提供持续集成构建。 / p>

通常这个工作流畅，但我有一个问题，当POM指定GPG签名，例如

 < plugin> 
< groupId> org.apache.maven.plugins< / groupId> 
< artifactId> maven-gpg-plugin< / artifactId> 
< version> 1.4< / version> 
< executions> 
< execution> 
< id> sign-artifacts< / id> 
< phase> verify< / phase> 
< goals> 
< goal> sign< / goal> 
< / goal> 
< / execution> 
< / executions> 
< / plugin> 
  

这导致Travis构建失败 - 显然是因为它在运行<$时没有可用的密码c $ c> mvn install 。有关示例，请参见此版本。

什么是配置Maven和/或Travis跳过GPG签名的CI测试版本，但仍然执行GPG签名，当我做一个合适的版本构建的最佳方式？

解决方案

您需要创建一个配置文件&

删除当前插件，并将其添加到如下配置文件中：

 < profiles> 
< profile> 
< id> release-sign-artifacts< / id> 
< activation> 
< property> 
< name> performRelease< / name> 
< value> true< / value> 
< / property> 
< / activation> 
< build> 
< plugins> 
< plugin> 
< groupId> org.apache.maven.plugins< / groupId> 
< artifactId> maven-gpg-plugin< / artifactId> 
<版本> 1.4< / version> 
< executableions> 
< execution> 
< id> sign-artifacts< / id> 
< phase> verify< / phase> 
< goals> 
< goal> sign< / goal> 
< / goal> 
< / execution> 
< / executions> 
< / plugin> 
< / plugins> 
< / build> 
< / profile> 
< / profiles> 
  

然后当你真的需要做一个发布，添加属性到你的mvn命令： p>

  mvn -DperformRelease = true ... 
  

I'm using Travis-CI to provide continuous integration builds for a few Java open source projects I'm working on.

Normally this works smoothly, but I have a problem when the POM specifies GPG signing, e.g.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <version>1.4</version>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <phase>verify</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>

This causes the Travis build to fail - apparently because it does not have a passphrase available while running mvn install. See this build for an example.

What is the best way to configure Maven and/or Travis to skip GPG signing for CI test builds, but still perform GPG signing when I do a proper release build?

解决方案

You need to create a profile & make sure you run that only when you do the release build.

Remove the current plugin, and add it in a profile like this:

<profiles>
    <profile>
        <id>release-sign-artifacts</id>
        <activation>
            <property>
                <name>performRelease</name>
                <value>true</value>
            </property>
        </activation>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-gpg-plugin</artifactId>
                    <version>1.4</version>
                    <executions>
                        <execution>
                            <id>sign-artifacts</id>
                            <phase>verify</phase>
                            <goals>
                                <goal>sign</goal>
                            </goals>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </build>
    </profile>
</profiles>

And then when you actually need to do a release, add the property to your mvn command:

mvn -DperformRelease=true ...

这篇关于抑制基于Maven的连续集成构建的GPG签名（Travis CI）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！