-
Notifications
You must be signed in to change notification settings - Fork 75
Publish SNAPSHOT
Tadaya Tsuyukubo edited this page Oct 6, 2016
·
1 revision
Add this to pom.xml:
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<profiles>
<!-- This profile is activated by src/build/settings.xml for deployment -->
<profile>
<id>ossrh</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>Create src/build/settings.xml:
<!-- For publishing SNAPSHOT -->
<settings>
<servers>
<server>
<id>ossrh</id>
<username>${env.SONATYPE_USER}</username>
<password>${env.SONATYPE_PASS}</password>
</server>
</servers>
<profiles>
<profile>
<id>ossrh</id>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.keyname>${env.GPG_KEYNAME}</gpg.keyname>
<gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
</properties>
</profile>
</profiles>
<!-- specifying this file activates ossrh profile -->
<activeProfiles>
<activeProfile>ossrh</activeProfile>
</activeProfiles>
</settings>> gpg --gen-key
# distribute public key
> gpg --keyserver hkp://pool.sks-keyservers.net --send-keys [KEY_ID]
Create sub-key for signing artifacts
$ gpg --edit-key tadaya@ttddyy.net- type
addkey - choose
RSA (sign only) - type
save
Create sub-key only gpg store.
This will be included in the project, but master keys are kept separate.
> gpg --export-secret-subkeys tadaya@ttddyy.net > subkeys
> mkdir subkeys-only
> gpg --homedir subkeys-only --import subkeys
Change passphrase:
> gpg --homedir subkeys-only --edit-key tadaya@ttddyy.net
passwd
save
gpg --homedir subkeys-only --export --armor > codesigning.asc
gpg --homedir subkeys-only --export-secret-keys --armor >> codesigning.asc
> travis encrypt-file codesigning.asc
> cp codesigning.asc.enc src/build/
Keep the output and put them in .travis.yml
> travis encrypt SONATYPE_USER=[username]
> travis encrypt SONATYPE_PASS=[password]
> travis encrypt GPG_KEYNAME=[e.g.: 12345ABC]
> travis encrypt GPG_PASSPHRASE=[passphrase]
copy output command from travis encrypt-file codesigning.asc to decode encrypted file.
Also, change file in/out file locations.
src/build/publish.sh
#!/usr/bin/env bash
if [ "$TRAVIS_BRANCH" = 'master' ] && [ "$TRAVIS_PULL_REQUEST" == 'false' ]; then
openssl aes-256-cbc -K $encrypted_[SOME_VARIABLE]_key -iv $encrypted_[SOME_VARIABLE]_iv -in src/build/codesigning.asc.enc -out target/codesigning.asc -d
gpg --fast-import target/codesigning.asc
./mvnw deploy --settings src/build/settings.xml -DskipTests=true
fi.travis.yml
language: java
jdk:
- oraclejdk8
cache:
directories:
- ~/.m2/repository
env:
global:
# SONATYPE_USER
- secure:
# SONATYPE_PASS
- secure:
# GPG_KEYNAME
- secure:
# GPG_PASSPHRASE
- secure:
after_success:
- bash ./src/build/publish.shReferences: