in src/main/java/org/apache/maven/plugins/gpg/SignDeployedMojo.java [119:214]
protected void doExecute() throws MojoExecutionException, MojoFailureException {
if (settings.isOffline()) {
throw new MojoFailureException("Cannot deploy artifacts when Maven is in offline mode");
}
Path tempDirectory = null;
Set<Artifact> artifacts = new HashSet<>();
try {
tempDirectory = Files.createTempDirectory("gpg-sign-deployed");
getLog().debug("Using temp directory " + tempDirectory);
DefaultRepositorySystemSession signingSession =
new DefaultRepositorySystemSession(session.getRepositorySession());
signingSession.setLocalRepositoryManager(repositorySystem.newLocalRepositoryManager(
signingSession, new LocalRepository(tempDirectory.toFile())));
// remote repo where deployed artifacts are, and where signatures need to be deployed
RemoteRepository deploymentRepository = repositorySystem.newDeploymentRepository(
signingSession, new RemoteRepository.Builder(repositoryId, "default", url).build());
// get artifacts list
getLog().debug("Collecting artifacts for signing...");
artifacts.addAll(collectArtifacts(signingSession, deploymentRepository));
getLog().info("Collected " + artifacts.size() + " artifact" + ((artifacts.size() > 1) ? "s" : "")
+ " for signing");
// create additional ones if needed
if (sources || javadoc) {
getLog().debug("Adding additional artifacts...");
List<Artifact> additions = new ArrayList<>();
for (Artifact artifact : artifacts) {
if (artifact.getClassifier().isEmpty()) {
if (sources) {
additions.add(new SubArtifact(artifact, "sources", "jar"));
}
if (javadoc) {
additions.add(new SubArtifact(artifact, "javadoc", "jar"));
}
}
}
artifacts.addAll(additions);
}
// resolve them all
getLog().info("Resolving " + artifacts.size() + " artifact" + ((artifacts.size() > 1) ? "s" : "")
+ " artifacts for signing...");
List<ArtifactResult> results = repositorySystem.resolveArtifacts(
signingSession,
artifacts.stream()
.map(a -> new ArtifactRequest(a, Collections.singletonList(deploymentRepository), "gpg"))
.collect(Collectors.toList()));
artifacts = results.stream().map(ArtifactResult::getArtifact).collect(Collectors.toSet());
// sign all
AbstractGpgSigner signer = newSigner(null);
signer.setOutputDirectory(tempDirectory.toFile());
getLog().info("Signer '" + signer.signerName() + "' is signing " + artifacts.size() + " file"
+ ((artifacts.size() > 1) ? "s" : "") + " with key " + signer.getKeyInfo());
HashSet<Artifact> signatures = new HashSet<>();
for (Artifact a : artifacts) {
signatures.add(new DefaultArtifact(
a.getGroupId(),
a.getArtifactId(),
a.getClassifier(),
a.getExtension() + AbstractGpgSigner.SIGNATURE_EXTENSION,
a.getVersion())
.setFile(signer.generateSignatureForArtifact(a.getFile())));
}
// deploy all signature
getLog().info("Deploying artifact signatures...");
repositorySystem.deploy(
signingSession,
new DeployRequest()
.setRepository(deploymentRepository)
.setArtifacts(signatures)
.setTrace(RequestTrace.newChild(null, this)));
} catch (IOException e) {
throw new MojoExecutionException("IO error: " + e.getMessage(), e);
} catch (ArtifactResolutionException e) {
throw new MojoExecutionException(
"Error resolving deployed artifacts " + artifacts + ": " + e.getMessage(), e);
} catch (DeploymentException e) {
throw new MojoExecutionException("Error deploying signatures: " + e.getMessage(), e);
} finally {
if (tempDirectory != null) {
getLog().info("Cleaning up...");
try {
FileUtils.deleteDirectory(tempDirectory.toFile());
} catch (IOException e) {
getLog().warn("Could not clean up temp directory " + tempDirectory);
}
}
}
}