From a7c3ad32f124d2aaa8573e5d4faeadc37db8bd0a Mon Sep 17 00:00:00 2001 From: Daniel Flassak Date: Fri, 11 Feb 2022 19:23:10 +0100 Subject: [PATCH] try fixing signing again again again again --- .github/sign_and_deploy.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/sign_and_deploy.sh b/.github/sign_and_deploy.sh index 4b61f69..8150c0a 100755 --- a/.github/sign_and_deploy.sh +++ b/.github/sign_and_deploy.sh @@ -7,7 +7,11 @@ gpg --passphrase "${GPG_PASSPHRASE}" --batch --yes --fast-import ${KEY_FILE} echo gpg keyname ${GPG_KEYNAME} if [[ "${REF_TYPE}" == "tag" ]]; then - mvn --batch-mode -DskipTests=true -Dproject.version=${REF_NAME} verify gpg:sign deploy + # -P sign plugin is used instead of gpg:sign because gpg:sign has side-effects + # also, install cannot be used because deploy will cause the signatures to be invalid because it + # re-creates the jars. So explicitly calling source:jar and javadoc:jar seems to be the only + # viable solution. + mvn --batch-mode -DskipTests=true -Dproject.version=${REF_NAME} -P sign clean source:jar javadoc:jar deploy SUCCESS=$? else echo "this should only be run for tags"