抑制基于Maven的连续集成构建的GPG签名(Travis CI) [英] Suppressing GPG signing for Maven-based continous integration builds (Travis CI)
问题描述
我使用 Travis-CI 为我正在开发的一些Java开源项目提供持续集成构建。 / p>
通常这个工作流畅,但我有一个问题,当POM指定GPG签名,例如
< plugin>
< groupId> org.apache.maven.plugins< / groupId>
< artifactId> maven-gpg-plugin< / artifactId>
< version> 1.4< / version>
< executions>
< execution>
< id> sign-artifacts< / id>
< phase> verify< / phase>
< goals>
< goal> sign< / goal>
< / goal>
< / execution>
< / executions>
< / plugin>
这导致Travis构建失败 - 显然是因为它在运行<$时没有可用的密码c $ c> mvn install 。有关示例,请参见此版本。
什么是配置Maven和/或Travis跳过GPG签名的CI测试版本,但仍然执行GPG签名,当我做一个合适的版本构建的最佳方式?
您需要创建一个配置文件&
删除当前插件,并将其添加到如下配置文件中:
< profiles>
< profile>
< id> release-sign-artifacts< / id>
< activation>
< property>
< name> performRelease< / name>
< value> true< / value>
< / property>
< / activation>
< build>
< plugins>
< plugin>
< groupId> org.apache.maven.plugins< / groupId>
< artifactId> maven-gpg-plugin< / artifactId>
<版本> 1.4< / version>
< executableions>
< execution>
< id> sign-artifacts< / id>
< phase> verify< / phase>
< goals>
< goal> sign< / goal>
< / goal>
< / execution>
< / executions>
< / plugin>
< / plugins>
< / build>
< / profile>
< / profiles>
然后当你真的需要做一个发布,添加属性到你的mvn命令: p>
mvn -DperformRelease = true ...
I'm using Travis-CI to provide continuous integration builds for a few Java open source projects I'm working on.
Normally this works smoothly, but I have a problem when the POM specifies GPG signing, e.g.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
This causes the Travis build to fail - apparently because it does not have a passphrase available while running mvn install
. See this build for an example.
What is the best way to configure Maven and/or Travis to skip GPG signing for CI test builds, but still perform GPG signing when I do a proper release build?
You need to create a profile & make sure you run that only when you do the release build.
Remove the current plugin, and add it in a profile like this:
<profiles>
<profile>
<id>release-sign-artifacts</id>
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
And then when you actually need to do a release, add the property to your mvn command:
mvn -DperformRelease=true ...
这篇关于抑制基于Maven的连续集成构建的GPG签名(Travis CI)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!