Versions Compared

Old Version 3

changes.mady.by.user Alex Boisvert

Saved on

compared with

New Version Current

changes.mady.by.user Alex Boisvert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

How to upload signed artifacts with GPG

Create a file called "gpg.rake" under the tasks directory of your project and paste the following code in it,

Code Block
module GPG
  extend self

  def sign_task(pkg)
    file(pkg.to_s + '.gpg') do
      cmd = 'gpg',
             '--local-user', ENV['GPG_USER'],
             '--armor',
             '--output', pkg.to_s + '.gpg',
             '--detach-sig', pkg
      cmd += ['--passphrase', ENV['GPG_PASS']] if ENV['GPG_PASS']
      cmd << { :verbose => true }
      sh *cmd
    end
  end

  def sign_and_upload(pkg)
    artifact = Buildr.artifact(pkg.to_spec_hash.merge(:type => "#{pkg.type}.gpg"))
    artifact.from sign_task(pkg)
    task(:upload).enhance [artifact.upload_task]
  end
end

Then in your Buildfile, simply call the sign_and_upload method on the packages you want to sign. For example,

Code Block
define "my-project" do
  ...

  # sign and upload a single artifact
  GPG.sign_and_upload package(:jar)


  # sign and upload all the project's artifacts
  packages.each { |pkg| GPG.sign_and_upload(pkg) }
end

Make sure you have the gpg program in your PATH and the GPG_USER environment variable defined,

Code Block
export GPG_USER=user@example.org

or

Code Block
buildr upload GPG_USER=user@example.org

That's it. You're now publishing GPG signed artifacts!