How to upload signed artifacts with GPG
Create a file called "gpg.rake" under the tasks
directory of your project and paste the following code in it,
module GPG extend self def sign_task(pkg) file(pkg.to_s + '.gpg') do cmd = 'gpg', '--local-user', ENV['GPG_USER'], '--armor', '--output', pkg.to_s + '.gpg', '--detach-sig', pkg cmd += ['--passphrase', ENV['GPG_PASS']] if ENV['GPG_PASS'] cmd << { :verbose => true } sh *cmd end end def sign_and_upload(pkg) artifact = Buildr.artifact(pkg.to_spec_hash.merge(:type => "#{pkg.type}.gpg")) artifact.from sign_task(pkg) task(:upload).enhance [artifact.upload_task] end end
Then in your Buildfile
, simply call the sign_and_upload
method on the packages you want to sign. For example,
define "my-project" do ... # sign and upload a single artifact GPG.sign_and_upload package(:jar) # sign and upload all the project's artifacts packages.each { |pkg| GPG.sign_and_upload(pkg) } end
Make sure you have the gpg
program in your PATH and the GPG_USER environment variable defined,
export GPG_USER=user@example.org
or
buildr upload GPG_USER=user@example.org
That's it. You're now publishing GPG signed artifacts!