Sign published artifacts

Description

Need to set up keys. Otherwise, applying the signing is pretty straight-forward...

In `published-java-module`, add the following:

Linked issues

is duplicated by

HHH-14606

Sign published artifacts (?)

Activity

Show:

Steve EbersoleJanuary 26, 2022 at 12:52 PM

I don’t think I have yet successfully released 6.0 from the CI job

Yoann RodièreJanuary 26, 2022 at 12:43 PM
Edited

FYI the PGP key is available on Jenkins CI; however, you need to import it into gpg before your build. And above all, you need to make sure to remove it after the build (even if the build fails), so that we don’t expose the key to, say, pull request builds.

See:

setting up the environment variables in the Jenkinsfile (I’m sure you can get an equivalent configuration in a “legacy” job defined through UI): and also
importing the key
taking advantage of the environment variables in the Maven/Gradle build:

Fixed

Details
Assignee
Steve Ebersole
Reporter
Steve Ebersole
Components
Fix versions
6.0.0.CR2
Priority
Major

Created May 14, 2021 at 4:15 PM

Updated March 9, 2022 at 3:20 AM

Resolved February 7, 2022 at 2:17 PM

Sign published artifacts

Description

Linked issues

is duplicated by

Activity

Steve EbersoleJanuary 26, 2022 at 12:52 PM

Yoann RodièreJanuary 26, 2022 at 12:43 PMEdited

DetailsAssigneeSteve EbersoleSteve EbersoleReporterSteve EbersoleSteve EbersoleComponentsFix versions6.0.0.CR2PriorityMajor

Details

Assignee

Reporter

Components

Fix versions

Priority

Yoann RodièreJanuary 26, 2022 at 12:43 PM
Edited

Details
Assignee
Steve Ebersole
Reporter
Steve Ebersole
Components
Fix versions
6.0.0.CR2
Priority
Major