-
Notifications
You must be signed in to change notification settings - Fork 0
/
prepare-bundle
156 lines (118 loc) · 3.29 KB
/
prepare-bundle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#!/bin/bash
set -e
#
# This script exists to sign, jar, and bundle up the required artifacts for a
# release into maven central. This script exists for several reasons:
#
# 1. There are bugs in maven-gpg-plugin, including knowing needs signing
# 2. There isn't a way to specify that
# 3. The maven-repository-plugin doesn't put the signatures into the bundle
# 4. The maven-release-plugin gives me fits - I'd rather do it myself.
#
# What is a bundle? It's a single file that sonatype understands and considers
# acceptable for publication to central.
#
# This script examines the pom using the maven help:evaluate goal, so the only
# necessary configuration (for a standard maven project layout) should be to
# change the key. However, be warned this probably won't work if you have the
# version number defined in a parent pom - I'm not entirely sure. (Maybe it
# does, but I'm feeling too lazy to test it now).
#
# I tried my best to make sure this works on both windows and linux bash 3.1
# or later.
#
# Which key to use
#
key='671D103A'
#
# Location of the files we're signing
#
target="target"
# Create an alias for filtering the noise out of maven's output
shopt -s expand_aliases
alias nf="grep -v '^\['"
echo "Examining pom..."
#
# Try to find a fina.Name attribute if it exists
#
finalname=$(mvn help:evaluate -Dexpression=project.build.finalname | nf )
#
# If a finalName was not defined, use the artifactId and version
#
if [[ "$finalname" = "null"* ]] ; then
echo "No finalOutput was defined, looking deeper ..."
version=$(mvn help:evaluate -Dexpression=project.version | nf )
artifactId=$(mvn help:evaluate -Dexpression=project.artifactId | nf )
finalname=$artifactId-$version
fi
#
# Which artifacts to include
#
ARTIFACTS=( \
${finalname}.pom \
${finalname}.jar \
${finalname}-sources.jar \
${finalname}-javadoc.jar )
#
# Define the name of the bundle
#
bundle="${target}"/"${finalname}"-bundle.jar
#############################################################################
#
# PROCESSING
#
#############################################################################
if [ -e "${bundle}" ] ; then
echo "Removing old ${bundle}"
rm "${bundle}"
fi
#
# Copy the pom
#
cp pom.xml "${target}/${finalname}.pom"
count=0
declare -a RESULTS
for item in "${ARTIFACTS[@]}" ; do
#
# Sign
#
gpg2 -abq --yes --default-key="${key}" "${target}"/"${item}"
#
# Verify
#
if gpg2 --quiet \
--batch \
--no-tty \
--verify \
"${target}/${item}.asc" \
"${target}/${item}"
then
RESULTS+=("Signature on ${item} is GOOD")
if [ "${count}" -eq 0 ] ; then
(( count++ ))
jar -cf "${bundle}" -C "${target}" "${item}"
else
jar -uf "${bundle}" -C "${target}" "${item}"
fi
jar -uf "${bundle}" -C "${target}" "${item}".asc
(( count++ ))
else
RESULTS+=("Signature on ${item} is BAD")
fi
echo "Added ${count} files"
done
#############################################################################
#
# A lot of the commands above are extremely noisy, so print a bunch of
# spaces here and display the collected results.
#
#############################################################################
echo ''
echo ''
# Show the results of the signature verifications
for result in "${RESULTS[@]}" ; do
echo "$result"
done
echo ''
# Show contents of the jar
jar -tvf "${bundle}"