This is an automated email from the ASF dual-hosted git repository.
hboutemy pushed a commit to branch sigstore
in repository https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git
The following commit(s) were added to refs/heads/sigstore by this push:
new a227062 add optional wait time before signing a file
a227062 is described below
commit a2270621f3f5eeacc1d4f2f029f42a8d7c82568b
Author: Hervé Boutemy <hbout...@apache.org>
AuthorDate: Mon Apr 17 08:38:07 2023 +0200
add optional wait time before signing a file
---
.../apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git
a/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
b/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
index ea6978c..47bf237 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
@@ -75,6 +75,12 @@ public class SigstoreSignAttachedMojo
@Parameter( defaultValue = "${project}", readonly = true, required = true )
protected MavenProject project;
+ /**
+ * PoC: wait time before each file signature (in seconds)
+ */
+ @Parameter( property = "sigstore.wait", defaultValue = "0" )
+ private long wait;
+
/**
* Maven ProjectHelper
*/
@@ -181,6 +187,11 @@ public class SigstoreSignAttachedMojo
KeylessSigner signer =
KeylessSigner.builder().sigstoreStagingDefaults().build();
for ( SigningBundle bundleToSign : filesToSign )
{
+ if ( wait > 0 )
+ {
+ Thread.sleep( wait * 1000 );
+ }
+
File fileToSign = bundleToSign.getSignature(); // reusing
original GPG implementation where it's the signature: TODO change
KeylessSignature signature = signer.signFile(
fileToSign.toPath() );
