From 969027f0ea378c30346eb2a24707c8961fb5eaf5 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Tue, 24 Sep 2024 15:01:28 +0200 Subject: [PATCH 01/18] [maven-release-plugin] prepare for next development iteration --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 46b790a..ee02061 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ under the License. maven-gpg-plugin - 3.2.7 + 3.2.8-SNAPSHOT maven-plugin Apache Maven GPG Plugin @@ -41,7 +41,7 @@ under the License. scm:git:https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git scm:git:https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git - maven-gpg-plugin-3.2.7 + HEAD https://github.com/apache/maven-gpg-plugin/tree/${project.scm.tag} @@ -64,7 +64,7 @@ under the License. 3.9.9 1.9.22 1.78.1 - 2024-09-24T13:00:59Z + 2024-09-24T13:01:28Z @ From 8710092aeced74e1eee73c0459ae2cceb150e835 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 04:22:44 +0000 Subject: [PATCH 02/18] Bump commons-io:commons-io from 2.17.0 to 2.18.0 Bumps commons-io:commons-io from 2.17.0 to 2.18.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ee02061..7ad9728 100644 --- a/pom.xml +++ b/pom.xml @@ -190,7 +190,7 @@ under the License. commons-io commons-io - 2.17.0 + 2.18.0 test From 805077c80f457d432637ddef647829a038d63142 Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 18 Dec 2024 22:41:02 +0000 Subject: [PATCH 03/18] Prefer Guice constructor injection (#126) --- .../plugins/gpg/GpgSignAttachedMojo.java | 15 ++++++---- .../plugins/gpg/SignAndDeployFileMojo.java | 29 ++++++++++++------- .../maven/plugins/gpg/SignDeployedMojo.java | 11 ++++--- 3 files changed, 35 insertions(+), 20 deletions(-) diff --git a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java index 9eb9a90..7555de1 100644 --- a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java +++ b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java @@ -18,12 +18,13 @@ */ package org.apache.maven.plugins.gpg; +import javax.inject.Inject; + import java.io.File; import java.util.List; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; -import org.apache.maven.plugins.annotations.Component; import org.apache.maven.plugins.annotations.LifecyclePhase; import org.apache.maven.plugins.annotations.Mojo; import org.apache.maven.plugins.annotations.Parameter; @@ -60,14 +61,18 @@ public class GpgSignAttachedMojo extends AbstractGpgMojo { /** * The maven project. */ - @Component - protected MavenProject project; + protected final MavenProject project; /** * Maven ProjectHelper */ - @Component - private MavenProjectHelper projectHelper; + private final MavenProjectHelper projectHelper; + + @Inject + public GpgSignAttachedMojo(MavenProject project, MavenProjectHelper projectHelper) { + this.project = project; + this.projectHelper = projectHelper; + } @Override protected void doExecute() throws MojoExecutionException, MojoFailureException { diff --git a/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java b/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java index db4e09c..cbe0205 100644 --- a/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java +++ b/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java @@ -18,6 +18,8 @@ */ package org.apache.maven.plugins.gpg; +import javax.inject.Inject; + import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; @@ -41,7 +43,6 @@ import org.apache.maven.model.validation.ModelValidator; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; -import org.apache.maven.plugins.annotations.Component; import org.apache.maven.plugins.annotations.Mojo; import org.apache.maven.plugins.annotations.Parameter; import org.apache.maven.project.MavenProject; @@ -185,30 +186,36 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo { @Parameter(property = "files") private String files; - /** - */ - @Component - private RepositorySystem repositorySystem; + private final RepositorySystem repositorySystem; /** * The component used to validate the user-supplied artifact coordinates. */ - @Component - private ModelValidator modelValidator; + private final ModelValidator modelValidator; /** * The default Maven project created when building the plugin * * @since 1.3 */ - @Component - private MavenProject project; + private final MavenProject project; /** * @since 3.2.0 */ - @Component - private ArtifactHandlerManager artifactHandlerManager; + private final ArtifactHandlerManager artifactHandlerManager; + + @Inject + public SignAndDeployFileMojo( + RepositorySystem repositorySystem, + ModelValidator modelValidator, + MavenProject project, + ArtifactHandlerManager artifactHandlerManager) { + this.repositorySystem = repositorySystem; + this.modelValidator = modelValidator; + this.project = project; + this.artifactHandlerManager = artifactHandlerManager; + } private void initProperties() throws MojoExecutionException { // Process the supplied POM (if there is one) diff --git a/src/main/java/org/apache/maven/plugins/gpg/SignDeployedMojo.java b/src/main/java/org/apache/maven/plugins/gpg/SignDeployedMojo.java index a05c230..5f8e22c 100644 --- a/src/main/java/org/apache/maven/plugins/gpg/SignDeployedMojo.java +++ b/src/main/java/org/apache/maven/plugins/gpg/SignDeployedMojo.java @@ -38,7 +38,6 @@ import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; -import org.apache.maven.plugins.annotations.Component; import org.apache.maven.plugins.annotations.Mojo; import org.apache.maven.plugins.annotations.Parameter; import org.codehaus.plexus.util.FileUtils; @@ -106,11 +105,15 @@ public class SignDeployedMojo extends AbstractGpgMojo { @Parameter(property = "artifacts") private String artifacts; - @Component - private RepositorySystem repositorySystem; + private final RepositorySystem repositorySystem; + + private final Map artifactCollectors; @Inject - private Map artifactCollectors; + public SignDeployedMojo(RepositorySystem repositorySystem, Map artifactCollectors) { + this.repositorySystem = repositorySystem; + this.artifactCollectors = artifactCollectors; + } @Override protected void doExecute() throws MojoExecutionException, MojoFailureException { From 1c3977ca51dd20fdf2dd20e88da1e0b837dcc6cc Mon Sep 17 00:00:00 2001 From: Konrad Windszus Date: Sun, 2 Feb 2025 19:30:41 +0100 Subject: [PATCH 04/18] Describe how to prime a specific GPG key (#128) --- src/site/apt/index.apt.vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/apt/index.apt.vm b/src/site/apt/index.apt.vm index 4a6f049..2f9a413 100644 --- a/src/site/apt/index.apt.vm +++ b/src/site/apt/index.apt.vm @@ -49,7 +49,7 @@ ${project.name} configuration). By default, the plugin does not enforce these, but does emit warnings. To "prime" the GnuPG agent, you have several options: either just "sign" something beforehand (usable on - workstations) like <<>>, or use + workstations) like <<>> (optionally using a dedicated private key with <<<--local-user \>>), or use {{{https://www.gnupg.org/documentation/manuals/gnupg/Invoking-gpg_002dpreset_002dpassphrase.html}gpg-preset-passphrase}} GnuPG command, that will "cache" the password in gpg-agent for given login session, cache content is lost between reboots. Note: this tool, while is part of GnuPG suite, may not be on path. Check your OS documentation for it. From 1365f1e84d566fa67151935703b1bcbb78ed1b76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCnger?= Date: Wed, 12 Feb 2025 17:33:55 +0100 Subject: [PATCH 05/18] [MNGSITE-529] Rename "Goals" to "Plugin Documentation" --- src/site/site.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/site.xml b/src/site/site.xml index 1e5e9f1..da704b6 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -25,7 +25,7 @@ under the License. - + From 69d6fc66f2cbc634ed540e0db8a60501df71dfe8 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Tue, 25 Feb 2025 11:28:45 +0100 Subject: [PATCH 06/18] Update documentation (only), no code change. PR for MGPG-130 updated the defaults, but this documentation was left out and may cause confusion. --- .../java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java index 7555de1..bf27576 100644 --- a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java +++ b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java @@ -43,7 +43,7 @@ public class GpgSignAttachedMojo extends AbstractGpgMojo { /** * A list of files to exclude from being signed. Can contain Ant-style wildcards and double wildcards. The default - * excludes are **/*.md5 **/*.sha1 **/*.sha256 **/*.sha512 **/*.asc **/*.sigstore. + * excludes are **/*.md5 **/*.sha1 **/*.sha256 **/*.sha512 **/*.asc **/*.sigstore; **/*.sigstore.json. * * @since 1.0-alpha-4 */ From 78c14a99f58bbda55f3176f2e74fb190da8ca2fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCnger?= Date: Mon, 5 May 2025 21:30:30 +0200 Subject: [PATCH 07/18] Enable GitHub issues --- .github/ISSUE_TEMPLATE/BUG.yml | 48 +++++++++++++++++++++++++++ .github/ISSUE_TEMPLATE/FEATURE.yml | 35 +++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 30 +++++++++++++++++ .github/pull_request_template.md | 31 ++++++++--------- .github/release-drafter.yml | 1 - .github/workflows/pr-automation.yml | 27 +++++++++++++++ .github/workflows/release-drafter.yml | 1 + .github/workflows/stale.yml | 28 ++++++++++++++++ README.md | 17 +++------- pom.xml | 4 +-- 10 files changed, 189 insertions(+), 33 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/BUG.yml create mode 100644 .github/ISSUE_TEMPLATE/FEATURE.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/workflows/pr-automation.yml create mode 100644 .github/workflows/stale.yml diff --git a/.github/ISSUE_TEMPLATE/BUG.yml b/.github/ISSUE_TEMPLATE/BUG.yml new file mode 100644 index 0000000..699181f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUG.yml @@ -0,0 +1,48 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema + +name: Bug Report +description: File a bug report +labels: ["bug"] + +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report. + + Simple fixes in single PRs do not require issues. + + **Do you use the latest project version?** + + - type: input + id: version + attributes: + label: Affected version + validations: + required: true + + - type: textarea + id: message + attributes: + label: Bug description + validations: + required: true + + diff --git a/.github/ISSUE_TEMPLATE/FEATURE.yml b/.github/ISSUE_TEMPLATE/FEATURE.yml new file mode 100644 index 0000000..ddfd1a4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/FEATURE.yml @@ -0,0 +1,35 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema + +name: Feature request +description: File a proposal for new feature, improvement +labels: ["enhancement"] + +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this new feature, improvement proposal. + + - type: textarea + id: message + attributes: + label: New feature, improvement proposal + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..2da715f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,30 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser + +blank_issues_enabled: false + +contact_links: + + - name: Project Mailing Lists + url: https://maven.apache.org/mailing-lists.html + about: Please ask a question or discuss here + + - name: Old JIRA Issues + url: https://issues.apache.org/jira/projects/MGPG + about: Please search old JIRA issues diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 217e86d..51e18bc 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,26 +1,23 @@ -Following this checklist to help us incorporate your contribution quickly and easily: +Following this checklist to help us incorporate your +contribution quickly and easily: -- [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MGPG) filed for the change (usually - before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should - address just this issue, without pulling in other changes. -- [ ] Each commit in the pull request should have a meaningful subject line and body. -- [ ] Format the pull request title like `[MGPG-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MGPG-XXX` - with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the - first line of the commit message. +- [ ] Your pull request should address just one issue, without pulling in other changes. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. -- [ ] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull - request automatically. -- [ ] You have run the integration tests successfully (`mvn -Prun-its clean verify`). +- [ ] Each commit in the pull request should have a meaningful subject line and body. + Note that commits might be squashed by a maintainer on merge. +- [ ] Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied. + This may not always be possible but is a best-practice. +- [ ] Run `mvn verify` to make sure basic checks pass. + A more thorough check will be performed on your pull request automatically. +- [ ] You have run the integration tests successfully (`mvn -Prun-its verify`). If your pull request is about ~20 lines of code you don't need to sign an -[Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the -developers list. +[Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure +please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. -- [ ] I hereby declare this contribution to be licenced under - the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) -- [ ] In any other case, please file - an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). \ No newline at end of file +- [ ] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) +- [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index f532c9f..387b9ca 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -16,4 +16,3 @@ # under the License. _extends: maven-gh-actions-shared -tag-template: maven-gpg-plugin-$NEXT_MINOR_VERSION diff --git a/.github/workflows/pr-automation.yml b/.github/workflows/pr-automation.yml new file mode 100644 index 0000000..5307595 --- /dev/null +++ b/.github/workflows/pr-automation.yml @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: PR Automation +on: + pull_request_target: + types: + - closed + +jobs: + pr-automation: + name: PR Automation + uses: apache/maven-gh-actions-shared/.github/workflows/pr-automation.yml@v4 diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 1049eaa..73aed0d 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -20,6 +20,7 @@ on: push: branches: - master + workflow_dispatch: jobs: update_release_draft: uses: apache/maven-gh-actions-shared/.github/workflows/release-drafter.yml@v4 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..458ca4b --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: Stale + +on: + schedule: + - cron: '14 3 * * *' + issue_comment: + types: [ 'created' ] + +jobs: + stale: + uses: 'apache/maven-gh-actions-shared/.github/workflows/stale.yml@v4' diff --git a/README.md b/README.md index a211a74..72376fc 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,6 @@ Contributing to [Apache Maven GPG Plugin](https://maven.apache.org/plugins/maven-gpg-plugin/) ====================== -[![ASF Jira](https://img.shields.io/endpoint?url=https%3A%2F%2Fmaven.apache.org%2Fbadges%2Fasf_jira-MGPG.json)][jira] [![Apache License, Version 2.0, January 2004](https://img.shields.io/github/license/apache/maven.svg?label=License)][license] [![Maven Central](https://img.shields.io/maven-central/v/org.apache.maven.plugins/maven-gpg-plugin.svg?label=Maven%20Central)](https://search.maven.org/artifact/org.apache.maven.plugins/maven-gpg-plugin) [![Reproducible Builds](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/jvm-repo-rebuild/reproducible-central/master/content/org/apache/maven/plugins/maven-gpg-plugin/badge.json)](https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/maven/plugins/maven-gpg-plugin/README.md) @@ -25,7 +24,7 @@ Contributing to [Apache Maven GPG Plugin](https://maven.apache.org/plugins/maven [![Jenkins tests](https://img.shields.io/jenkins/t/https/ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/job/master.svg)][test-results] -You have found a bug or you have an idea for a cool new feature? Contributing +You have found a bug, or you have an idea for a cool new feature? Contributing code is a great way to give something back to the open source community. Before you dig right into the code, there are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of @@ -34,7 +33,6 @@ things. Getting Started --------------- -+ Make sure you have a [JIRA account](https://issues.apache.org/jira/). + Make sure you have a [GitHub account](https://github.com/signup/free). + If you're planning to implement a new feature, it makes sense to discuss your changes on the [dev list][ml-list] first. @@ -60,15 +58,9 @@ There are some guidelines which will make applying PRs easier for us: + Create minimal diffs - disable on save actions like reformat source code or organize imports. If you feel the source code should be reformatted, create a separate PR for this change. + Check for unnecessary whitespace with `git diff --check` before committing. -+ Make sure your commit messages are in the proper format. Your commit message should contain the key of the JIRA issue. -``` -[MGPG-XXX] - Subject of the JIRA Ticket - Optional supplemental description. -``` + Make sure you have added the necessary tests (JUnit/IT) for your changes. + Run all the tests with `mvn -Prun-its verify` to assure nothing else was accidentally broken. + Submit a pull request to the repository in the Apache organization. -+ Update your JIRA ticket and include a link to the pull request in the ticket. If you plan to contribute on a regular basis, please consider filing a [contributor license agreement][cla]. @@ -83,14 +75,13 @@ Additional Resources -------------------- + [Contributing patches](https://maven.apache.org/guides/development/guide-maven-development.html#Creating_and_submitting_a_patch) -+ [Apache Maven GPG JIRA project page][jira] + [Contributor License Agreement][cla] + [General GitHub documentation](https://help.github.com/) + [GitHub pull request documentation](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) -+ [Apache Maven Twitter Account](https://twitter.com/ASFMavenProject) -+ #Maven IRC channel on freenode.org ++ [Apache Maven X Account](https://x.com/ASFMavenProject) ++ [Apache Maven Bluesky Account](https://bsky.app/profile/maven.apache.org) ++ [Apache Maven Mastodon Account](https://mastodon.social/deck/@ASFMavenProject@fosstodon.org) -[jira]: https://issues.apache.org/jira/projects/MGPG/ [license]: https://www.apache.org/licenses/LICENSE-2.0 [ml-list]: https://maven.apache.org/mailing-lists.html [code-style]: https://maven.apache.org/developers/conventions/code.html diff --git a/pom.xml b/pom.xml index 7ad9728..e0b3716 100644 --- a/pom.xml +++ b/pom.xml @@ -49,8 +49,8 @@ under the License. https://issues.apache.org/jira/browse/MGPG - Jenkins - https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/ + GitHub Issues + https://github.com/apache/maven-gpg-plugin/issues From 490711ac9acc9bf5b2f23fefc7ffc7dc4424468e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCnger?= Date: Mon, 26 May 2025 18:08:51 +0200 Subject: [PATCH 08/18] Really enable GHissues (#136) --- .asf.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.asf.yaml b/.asf.yaml index 8ae37ee..fdc2c8f 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -30,6 +30,9 @@ github: rebase: true autolink_jira: - MGPG + del_branch_on_merge: true + features: + issues: true notifications: commits: commits@maven.apache.org issues: issues@maven.apache.org From a6a412d68a603b0f180695f2721b71307d926297 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCnger?= Date: Sat, 14 Jun 2025 14:10:44 +0200 Subject: [PATCH 09/18] Remove old JIRA issue link --- .github/ISSUE_TEMPLATE/config.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 2da715f..b27d663 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -24,7 +24,3 @@ contact_links: - name: Project Mailing Lists url: https://maven.apache.org/mailing-lists.html about: Please ask a question or discuss here - - - name: Old JIRA Issues - url: https://issues.apache.org/jira/projects/MGPG - about: Please search old JIRA issues From 54ea518a3f5c427e24fbc4cb6271e186b041b375 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 05:02:36 +0000 Subject: [PATCH 10/18] Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 Bumps [org.simplify4u.plugins:pgpverify-maven-plugin](https://github.com/s4u/pgpverify-maven-plugin) from 1.18.2 to 1.19.1. - [Release notes](https://github.com/s4u/pgpverify-maven-plugin/releases) - [Commits](https://github.com/s4u/pgpverify-maven-plugin/compare/v1.18.2...v1.19.1) --- updated-dependencies: - dependency-name: org.simplify4u.plugins:pgpverify-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e0b3716..9bd96e0 100644 --- a/pom.xml +++ b/pom.xml @@ -248,7 +248,7 @@ under the License. org.simplify4u.plugins pgpverify-maven-plugin - 1.18.2 + 1.19.1 ${project.basedir}/pgp-keys-map.list From 8b63932fbe869c8228d5d07527b606ed1da16268 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 18:24:24 +0200 Subject: [PATCH 11/18] Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) Bumps [org.apache.maven.plugins:maven-invoker-plugin](https://github.com/apache/maven-invoker-plugin) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/apache/maven-invoker-plugin/releases) - [Commits](https://github.com/apache/maven-invoker-plugin/compare/maven-invoker-plugin-3.8.0...maven-invoker-plugin-3.9.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-invoker-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9bd96e0..9c5fe0d 100644 --- a/pom.xml +++ b/pom.xml @@ -243,7 +243,7 @@ under the License. org.apache.maven.plugins maven-invoker-plugin - 3.8.0 + 3.9.0 org.simplify4u.plugins From 5377a1044d364f5b345538ecaeaf39ec1bdbafb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 18:37:47 +0200 Subject: [PATCH 12/18] Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) Bumps commons-io:commons-io from 2.18.0 to 2.19.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-version: 2.19.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9c5fe0d..de0d58e 100644 --- a/pom.xml +++ b/pom.xml @@ -190,7 +190,7 @@ under the License. commons-io commons-io - 2.18.0 + 2.19.0 test From cb1236c251b458918b5a7b5b7d240315d5ab6430 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 19:02:49 +0200 Subject: [PATCH 13/18] Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) Bumps `bouncycastleVersion` from 1.78.1 to 1.80. Updates `org.bouncycastle:bcpg-jdk18on` from 1.78.1 to 1.80 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcprov-jdk18on` from 1.78.1 to 1.80 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcutil-jdk18on` from 1.78.1 to 1.80 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcpg-jdk18on dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.bouncycastle:bcutil-jdk18on dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index de0d58e..ac44be6 100644 --- a/pom.xml +++ b/pom.xml @@ -63,7 +63,7 @@ under the License. 8 3.9.9 1.9.22 - 1.78.1 + 1.81 2024-09-24T13:01:28Z @ From f0e45e0a7c3f02a22612b33ff7fcfa8e4540462f Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Tue, 24 Jun 2025 20:34:58 +0200 Subject: [PATCH 14/18] Update parent POM to 45 (#284) And related fixes: * POM add missing deps * move to Maven 3 p-u, drop p-x * test: checkstyle fixes --- pgp-keys-map.list | 3 +-- pom.xml | 9 +++------ .../apache/maven/plugins/gpg/it/BcSignArtifactIT.java | 4 +++- .../apache/maven/plugins/gpg/it/InvokerTestUtils.java | 2 +- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/pgp-keys-map.list b/pgp-keys-map.list index 8e42498..83e65d2 100644 --- a/pgp-keys-map.list +++ b/pgp-keys-map.list @@ -30,5 +30,4 @@ org.apache.maven.shared:maven-invoker = 0x84789D24DF77A32433CE1F079EB80E92EB2135 org.apache.maven.shared:maven-shared-utils = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1 org.codehaus.plexus:plexus-classworlds = 0xB91AB7D2121DC6B0A61AA182D7742D58455ECC7C org.codehaus.plexus:plexus-component-annotations = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A -org.codehaus.plexus:plexus-utils = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1 -org.codehaus.plexus:plexus-xml = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1 +org.codehaus.plexus:plexus-utils = 0x32118CF76C9EC5D918E54967CA80D1F0EB6CA4BA diff --git a/pom.xml b/pom.xml index ac44be6..4d360ea 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,7 @@ under the License. org.apache.maven.plugins maven-plugins - 43 + 45 @@ -133,15 +133,13 @@ under the License. org.apache.maven.plugin-tools maven-plugin-annotations + ${version.maven-plugin-tools} provided org.codehaus.plexus plexus-utils - - - org.codehaus.plexus - plexus-xml + 3.6.0 org.bouncycastle @@ -243,7 +241,6 @@ under the License. org.apache.maven.plugins maven-invoker-plugin - 3.9.0 org.simplify4u.plugins diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/BcSignArtifactIT.java b/src/test/java/org/apache/maven/plugins/gpg/it/BcSignArtifactIT.java index 91aef65..c4c5aff 100644 --- a/src/test/java/org/apache/maven/plugins/gpg/it/BcSignArtifactIT.java +++ b/src/test/java/org/apache/maven/plugins/gpg/it/BcSignArtifactIT.java @@ -26,7 +26,9 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; public class BcSignArtifactIT extends ITSupport { public static Collection data() { diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java b/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java index cdcfde8..71f15a8 100644 --- a/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java +++ b/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java @@ -80,7 +80,7 @@ public static BuildResult executeRequest( final File buildLog = new File(request.getBaseDirectory(request.getPomFile().getParentFile()), "build.log"); - try (final PrintStream buildLogStream = new PrintStream(buildLog)) { + try (PrintStream buildLogStream = new PrintStream(buildLog)) { final InvocationOutputHandler buildLogOutputHandler = new PrintStreamHandler(buildLogStream, false); final InvokerLogger logger = new PrintStreamLogger(buildLogStream, InvokerLogger.DEBUG); From a8368b0622529fa3b13457d19e7c7920ef661e66 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Thu, 26 Jun 2025 15:56:28 +0200 Subject: [PATCH 15/18] Add .mvn --- .mvn/keep.me | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .mvn/keep.me diff --git a/.mvn/keep.me b/.mvn/keep.me new file mode 100644 index 0000000..e69de29 From a9a8c84176e33c715c922457c0a5df97066a8d83 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Thu, 26 Jun 2025 18:24:57 +0200 Subject: [PATCH 16/18] Make empty classifier null (not empty string) (#287) And be consistent: as some legacy stuff in Maven and around (plugins) perform just nullcheck and not also empty string check, and get confused on empty string classifier. Plugins are (should) not be reused as dependencies, so despite the helper class is `public` I see no harm to alter it. Supersedes #135 Fixes #138 --- .../maven/plugins/gpg/FilesCollector.java | 27 +++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java b/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java index 17db184..8f35a92 100644 --- a/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java +++ b/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java @@ -33,6 +33,8 @@ import org.codehaus.plexus.util.SelectorUtils; import org.eclipse.aether.artifact.Artifact; +import static java.util.Objects.requireNonNull; + /** * Collects project artifact, the POM, and attached artifacts to be signed. * @@ -81,7 +83,7 @@ public List collect() throws MojoExecutionException, MojoFailureException File file = artifact.getFile(); if (file != null && file.isFile()) { - items.add(new Item(file, artifact.getExtension())); + items.add(new Item(file, null, artifact.getExtension())); } else if (project.getAttachedArtifacts().isEmpty()) { throw new MojoFailureException("The project artifact has not been assembled yet. " + "Please do not invoke this goal before the lifecycle phase \"package\"."); @@ -103,7 +105,7 @@ public List collect() throws MojoExecutionException, MojoFailureException throw new MojoExecutionException("Error copying POM for signing.", e); } - items.add(new Item(pomToSign, "pom")); + items.add(new Item(pomToSign, null, "pom")); // ---------------------------------------------------------------------------- // Attached artifacts @@ -147,29 +149,32 @@ protected boolean isExcluded(Artifact artifact) { public static class Item { private final File file; - private final String classifier; - private final String extension; public Item(File file, String classifier, String extension) { - this.file = file; - this.classifier = classifier; - this.extension = extension; - } - - public Item(File file, String extension) { - this(file, null, extension); + this.file = requireNonNull(file); + this.classifier = classifier == null || classifier.trim().isEmpty() ? null : classifier; // nullable + this.extension = requireNonNull(extension); } + /** + * The artifact backing file, never {@code null}. + */ public File getFile() { return file; } + /** + * The classifier, if present, or {@code null}. + */ public String getClassifier() { return classifier; } + /** + * The file extension (without leading period), never {@code null}. + */ public String getExtension() { return extension; } From 70128213b1fe0a2226e06d2281a7384fe5265668 Mon Sep 17 00:00:00 2001 From: Slawomir Jaranowski Date: Sat, 28 Jun 2025 10:41:57 +0200 Subject: [PATCH 17/18] Fix issueManagement, ciManagement system and url --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 4d360ea..1338fb2 100644 --- a/pom.xml +++ b/pom.xml @@ -45,12 +45,12 @@ under the License. https://github.com/apache/maven-gpg-plugin/tree/${project.scm.tag} - jira - https://issues.apache.org/jira/browse/MGPG - - GitHub Issues https://github.com/apache/maven-gpg-plugin/issues + + + Jenkins + https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/ From 8a46455fba7d315ce7fdc9d5bdaddd890753886e Mon Sep 17 00:00:00 2001 From: Slawomir Jaranowski Date: Sat, 28 Jun 2025 10:53:35 +0200 Subject: [PATCH 18/18] [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 1338fb2..8e4f692 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ under the License. maven-gpg-plugin - 3.2.8-SNAPSHOT + 3.2.8 maven-plugin Apache Maven GPG Plugin @@ -41,7 +41,7 @@ under the License. scm:git:https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git scm:git:https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git - HEAD + maven-gpg-plugin-3.2.8 https://github.com/apache/maven-gpg-plugin/tree/${project.scm.tag} @@ -64,7 +64,7 @@ under the License. 3.9.9 1.9.22 1.81 - 2024-09-24T13:01:28Z + 2025-06-28T08:53:29Z @