LUCENE-9997: Collect signed maven artifacts if -Psign is passed. (#392)

* Collect signed maven artifacts if -Psign is passed. * Configure signing using gpg across all projects.
2021-10-18 20:58:29 +02:00 · 2021-10-18 20:58:29 +02:00 · c4c3c3270e
parent 41fe301a21
commit c4c3c3270e
6 changed files with 59 additions and 19 deletions
--- a/gradle/maven/publications-maven.gradle
+++ b/gradle/maven/publications-maven.gradle
@ -30,6 +30,11 @@ configure(rootProject.ext.mavenProjects) { Project project ->
      }
    }

+    // signedJars publication is always signed.
+    signing {
+      sign publishing.publications.signedJars
+    }
+
    // Each publication consists of the java components, source and javadoc artifacts.
    // Add tasks to assemble source and javadoc JARs.
    task sourcesJar(type: Jar, dependsOn: classes) {
--- a/gradle/maven/publications.gradle
+++ b/gradle/maven/publications.gradle
@ -44,6 +44,9 @@ configure(rootProject) {
  }
 }

+// Configure the signing plugin.
+apply from: buildscript.sourceFile.toPath().resolveSibling("signing.gradle")
+
 // Configure projects for publishing Maven artifacts and set up metadata.
 apply from: buildscript.sourceFile.toPath().resolveSibling("publications-maven.gradle")

--- a/gradle/maven/signing.gradle
+++ b/gradle/maven/signing.gradle
@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+// Optionally, switch to using an external GPG command, using it's configured gpg-agent for key management
+if (propertyOrDefault("useGpg", null) != null) {
+
+  // Do this check before 'useGpgCmd()' (and once), otherwise gradle will fail with a confusing error about 'signatory.keyId'
+  //
+  // 'signatory.keyId' is an implementation detail of the SigningPlugin that it populates from 'signing.gnupg.keyName' when useGpgCmd()
+  // is used -- but does not explain in the error produced if 'signing.gnupg.keyName' is not set.
+  def propName = 'signing.gnupg.keyName'
+  if (propertyOrDefault(propName, null) == null) {
+    throw new GradleException("'$propName' property must be set when using external GPG via 'useGpg', please see help/publishing.txt")
+  }
+
+  rootProject.allprojects {
+    plugins.withType(SigningPlugin) {
+      signing {
+        useGpgCmd()
+      }
+    }
+  }
+}
--- a/lucene/distribution/artifact-signing.gradle
+++ b/lucene/distribution/artifact-signing.gradle
@ -30,20 +30,3 @@ task signReleaseArchives(type: Sign) {
 }


-// Optionally, switch to using an external GPG command, using it's configured gpg-agent for key management
-if (propertyOrDefault("useGpg", null) != null) {
-
-  // Do this check before 'useGpgCmd()', otherwise gradle will fail with a confusing error about 'signatory.keyId'
-  //
-  // 'signatory.keyId' is an implementation detail of the SigningPlugin that it populates from 'signing.gnupg.keyName' when useGpgCmd()
-  // is used -- but does not explain in the error produced if 'signing.gnupg.keyName' is not set.
-  def propName = 'signing.gnupg.keyName'
-  if (propertyOrDefault(propName, null) == null) {
-    throw new GradleException("'$propName' property must be set when using external GPG via 'useGpg', please see help/publishing.txt")
-  }
-
-  signing {
-    useGpgCmd()
-  }
-
-}
--- a/lucene/distribution/build.gradle
+++ b/lucene/distribution/build.gradle
@ -26,6 +26,11 @@ plugins {

 ext {
  releaseDir = file("${buildDir}/release")
+  withSignedArtifacts = { ->
+    def propValue = propertyOrDefault("sign", null)
+    // Allow -Psign to work as a shorthand for -Psign=true
+    return propValue != null && (propValue.isBlank() || Boolean.parseBoolean(propValue))
+  }.call()
 }

 // Prepare the "source" distribution artifact.
@ -89,7 +94,7 @@ task assembleRelease(type: Sync) {
  from tasks.computeChecksums

  // Conditionally, attach signatures of all the release archives.
-  if (propertyOrDefault("sign", null) != null) {
+  if (project.ext.withSignedArtifacts) {
    from tasks.signReleaseArchives
  }

--- a/lucene/distribution/collect-maven-artifacts.gradle
+++ b/lucene/distribution/collect-maven-artifacts.gradle
@ -28,8 +28,14 @@ configure(project(":lucene:distribution")) {
  task mavenToBuild() {
    outputs.dir(mavenRepositoryDir)

+    // In signed mode, collect signed artifacts. Otherwise collect
+    // unsigned JARs (and their checksums).
+    def mavenConventionTask = project.ext.withSignedArtifacts ?
+        "publishSignedJarsPublicationToBuildRepository" :
+        "publishJarsPublicationToBuildRepository"
+
    dependsOn rootProject.ext.mavenProjects.collect {
-      it.tasks.matching { it.name == "publishJarsPublicationToBuildRepository" }
+      it.tasks.matching { it.name == mavenConventionTask }
    }
  }