From e7e41a767f20a83b74e26443382f9219c150d446 Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Mon, 8 Jan 2024 13:28:51 -0500 Subject: [PATCH] gpg and sigstore sign publications Signed-off-by: Appu Goundan --- build-logic/publishing/build.gradle.kts | 1 + ...ld-logic.java-published-library.gradle.kts | 3 ++ .../kotlin/build-logic.signing.gradle.kts | 34 +++++++++++++++++++ build.gradle.kts | 28 ++------------- 4 files changed, 40 insertions(+), 26 deletions(-) create mode 100644 build-logic/publishing/src/main/kotlin/build-logic.signing.gradle.kts diff --git a/build-logic/publishing/build.gradle.kts b/build-logic/publishing/build.gradle.kts index 504044ea..aa4fe403 100644 --- a/build-logic/publishing/build.gradle.kts +++ b/build-logic/publishing/build.gradle.kts @@ -10,5 +10,6 @@ dependencies { implementation(project(":basics")) implementation(project(":jvm")) implementation("dev.sigstore.build-logic:gradle-plugin") + implementation("dev.sigstore:sigstore-gradle-sign-plugin:0.5.0") implementation("com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin:1.2.1") } diff --git a/build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts b/build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts index 1db56085..76e50195 100644 --- a/build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts +++ b/build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts @@ -3,6 +3,7 @@ plugins { id("build-logic.java-library") id("build-logic.reproducible-builds") id("build-logic.publish-to-central") + id("build-logic.signing") } java { @@ -17,3 +18,5 @@ publishing { } } } + +signing.sign(publishing.publications["mavenJava"]) diff --git a/build-logic/publishing/src/main/kotlin/build-logic.signing.gradle.kts b/build-logic/publishing/src/main/kotlin/build-logic.signing.gradle.kts new file mode 100644 index 00000000..32fbd43b --- /dev/null +++ b/build-logic/publishing/src/main/kotlin/build-logic.signing.gradle.kts @@ -0,0 +1,34 @@ +plugins { + id("signing") + id("dev.sigstore.sign") +} + +signing { + val signingKey: String? by project + val signingPassword: String? by project + useInMemoryPgpKeys(signingKey, signingPassword) +} + +tasks.withType().configureEach { + onlyIf("Is a release") { + project.hasProperty("release") + } + onlyIf("Signing is not skipped") { + !project.hasProperty("skipSigning") + } + onlyIf("PGP Signing is not skipped") { + !project.hasProperty("skipPgpSigning") + } +} + +tasks.withType().configureEach { + onlyIf("Is a release") { + project.hasProperty("release") + } + onlyIf("Signing is not skipped") { + !project.hasProperty("skipSigning") + } + onlyIf("Sigstore Signing is not skipped") { + !project.hasProperty("skipSigstoreSigning") + } +} diff --git a/build.gradle.kts b/build.gradle.kts index e9907378..99d86e26 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,35 +1,11 @@ plugins { id("build-logic.root-build") - // It does not support participating in precompiled script plugins - id("com.github.vlsi.stage-vote-release") version "1.90" // The Kotlin Gradle plugin was loaded multiple times in different subprojects, which is not supported and may break the build. `embedded-kotlin` apply false } -version = "${findProperty("version")}${releaseParams.snapshotSuffix}" - -println("Building Sigstore Java $version") - -releaseParams { - tlp.set("sigstore-java") - organizationName.set("sigstore") - componentName.set("sigstore-java") - prefixForProperties.set("s01") - svnDistEnabled.set(false) - sitePreviewEnabled.set(false) - nexus { - prodUrl.set(uri("https://s01.oss.sonatype.org")) - } - voteText.set { - """ - ${it.componentName} v${it.version}-rc${it.rc} is ready for preview. - - Git SHA: ${it.gitSha} - Staging repository: ${it.nexusRepositoryUri} - """.trimIndent() - } -} +val calculatedVersion = property("version") as String + (if (hasProperty("release")) "" else "-SNAPSHOT") allprojects { - version = rootProject.version + version = calculatedVersion }