From 341dbcf3f36c44b56e379e00338071aea4e9f871 Mon Sep 17 00:00:00 2001
From: Niklas Gustavsson <niklas@protocol7.com>
Date: Tue, 5 Oct 2021 18:34:30 +0200
Subject: [PATCH] Add release metadata and sign BOM (#117)

* Add required metadata to BOM

* Ensure that BOM releases are signed
---
 semantic-metrics-bom/pom.xml | 75 ++++++++++++++++++++++++++++--------
 1 file changed, 60 insertions(+), 15 deletions(-)

diff --git a/semantic-metrics-bom/pom.xml b/semantic-metrics-bom/pom.xml
index ce218df..87392aa 100644
--- a/semantic-metrics-bom/pom.xml
+++ b/semantic-metrics-bom/pom.xml
@@ -11,6 +11,32 @@
     Semantic Metrics: Bill Of Materials
   </description>
 
+  <developers>
+    <developer>
+      <id>udoprog</id>
+      <name>John-John Tedro</name>
+      <email>udoprog@spotify.com</email>
+    </developer>
+  </developers>
+
+  <url>https://github.com/spotify/semantic-metrics</url>
+
+  <scm>
+    <connection>scm:git:git://github.com/spotify/semantic-metrics.git</connection>
+    <developerConnection>scm:git:git@github.com:spotify/semantic-metrics.git
+    </developerConnection>
+    <url>https://github.com/spotify/semantic-metrics</url>
+    <tag>HEAD</tag>
+  </scm>
+
+  <licenses>
+    <license>
+      <name>The Apache Software License, Version 2.0</name>
+      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+
   <dependencyManagement>
     <dependencies>
       <dependency>
@@ -41,19 +67,38 @@
     </dependencies>
   </dependencyManagement>
 
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.sonatype.plugins</groupId>
-        <artifactId>nexus-staging-maven-plugin</artifactId>
-        <version>1.6.3</version>
-        <extensions>true</extensions>
-        <configuration>
-          <serverId>ossrh</serverId>
-          <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-          <autoReleaseAfterClose>true</autoReleaseAfterClose>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
+  <profiles>
+    <profile>
+      <id>release</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.sonatype.plugins</groupId>
+            <artifactId>nexus-staging-maven-plugin</artifactId>
+            <version>1.6.3</version>
+            <extensions>true</extensions>
+            <configuration>
+              <serverId>ossrh</serverId>
+              <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+              <autoReleaseAfterClose>true</autoReleaseAfterClose>
+            </configuration>
+          </plugin>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-gpg-plugin</artifactId>
+            <version>1.5</version>
+            <executions>
+              <execution>
+                <id>sign-artifacts</id>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sign</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
 </project>