uima-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marshall Schor <...@schor.com>
Subject Found an approach that mostly works for asc signing and sha512 checksumming, for both deployed and buit-into-/target artifacts
Date Wed, 03 Oct 2018 21:52:02 GMT
I learned that the maven build mechanism sometimes can build things not in
target, that get deployed in your .m2 when "installing" or deploying.  So we
have to check both destinations to see that things are being generated properly.

The approach so far involves "fixing" the checksum-signing plugin (see
https://github.com/nicoulaj/checksum-maven-plugin/issues/63 for details) and
using it in 2 ways.

way 1: with the goal "artifacts".  Surprisingly, this fails to find (for the
uima-wide pom project) the main artifact that is, the pom.  So to get that to
have the sha512 checksum we use

way 2: with the goal "files", specifying the artifact in the target, but

     This needs a help to copy the pom.xml from the top level in the project, to
the target as "${project.build.finalName}.pom" (no trailing "xml") (at least for
the uima-wide pom build).

Other fixes: disabled the ant-based gpg and sha512 sigs, in favor of using the
gpg-plugin and the checksum signing plugin.

This didn't quite work, because the artifacts produced by the source-assembly,
for some reason (unknown - to be investigated) are not being "attached".  Fixed
this by adding a step to attach the source release .zip (and if present the
source-release.jar - produced for java projects).

This may require waiting for the checksum-maven-plugin, and I still want to
investigate why the source-release isn't being attached.


View raw message