java 禁止基于 Maven 的持续集成构建的 GPG 签名 (Travis CI)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14825039/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Suppressing GPG signing for Maven-based continuous integration builds (Travis CI)
提问by mikera
I'm using Travis-CIto provide continuous integration builds for a few Java open source projects I'm working on.
我正在使用Travis-CI为我正在处理的一些 Java 开源项目提供持续集成构建。
Normally this works smoothly, but I have a problem when the POM specifies GPG signing, e.g.
通常这很顺利,但是当 POM 指定 GPG 签名时我遇到了问题,例如
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
This causes the Travis build to fail - apparently because it does not have a passphrase available while running mvn install. See this buildfor an example.
这会导致 Travis 构建失败——显然是因为它在运行时没有可用的密码mvn install。有关示例,请参见此构建。
What is the best way to configure Maven and/or Travis to skip GPG signing for CI test builds, but still perform GPG signing when I do a proper release build?
配置 Maven 和/或 Travis 以跳过 CI 测试构建的 GPG 签名,但在我进行适当的发布构建时仍执行 GPG 签名的最佳方法是什么?
采纳答案by Peter
You need to create a profile & make sure you run that only when you do the release build.
您需要创建一个配置文件并确保仅在您进行发布构建时运行它。
Remove the current plugin, and add it in a profile like this:
删除当前插件,并将其添加到这样的配置文件中:
<profiles>
<profile>
<id>release-sign-artifacts</id>
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
And then when you actually need to do a release, add the property to your mvn command:
然后当您真正需要发布时,将该属性添加到您的 mvn 命令中:
mvn -DperformRelease=true ...
回答by Stefan Birkner
Disable GPG signing by adding the following line to your .travis.ymlfile:
通过在您的.travis.yml文件中添加以下行来禁用 GPG 签名:
install: mvn install -DskipTests -Dgpg.skip
Example: https://github.com/stefanbirkner/system-rules/blob/master/.travis.yml
示例:https: //github.com/stefanbirkner/system-rules/blob/master/.travis.yml
回答by Derk
I found a slightly simpler way to do it with the profile as described above. Instead of using a new property value, you can use the gpg.passphraseproperty which will need to be provided anyway when doing signing. The modified property section is as follows:
我找到了一种稍微简单的方法来使用如上所述的配置文件。您可以使用gpg.passphrase属性,而不是使用新的属性值,在进行签名时无论如何都需要提供该属性。修改后的属性部分如下:
<activation>
<property>
<name>gpg.passphrase</name>
</property>
</activation>
Notice, that no value is required since you want this profile to activate if any value is set for that property.
请注意,如果为该属性设置了任何值,则不需要任何值,因为您希望此配置文件激活。
The corresponding command line then looks like this:
相应的命令行如下所示:
mvn <command> -Dgpg.passphrase=myverysupersecretpassphrase
You can test this out by running it the following two ways:
您可以通过以下两种方式运行它来测试它:
mvn install
No signed artifacts get generated, and:
不会生成已签名的工件,并且:
mvn install -Dgpg.passphrase=myverysupersecretpassphrase
Signed artifacts get created.
签名的工件被创建。
To do the actual signed release of the artifacts do the following:
要进行工件的实际签名发布,请执行以下操作:
mvn release:perform -Darguments=-Dgpg.passphrase=myverysupersecretpassphrase
The indirection is needed for the release action because it doesn't propagate the command line arguments directly to the spawned process (see http://maven.apache.org/plugins/maven-gpg-plugin/usage.html).
释放操作需要间接引用,因为它不会将命令行参数直接传播到生成的进程(请参阅http://maven.apache.org/plugins/maven-gpg-plugin/usage.html)。
