This is an automated email from the ASF dual-hosted git repository.
hboutemy pushed a commit to branch sigstore
in repository https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git
commit 8aa9dc1f143d22d9adc5eb436aa057c4555ca4c9
Author: Hervé Boutemy <hbout...@apache.org>
AuthorDate: Mon Apr 17 08:38:07 2023 +0200
add optional wait time before signing a file
---
.../apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git
a/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
b/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
index ea6978c..6a30b6b 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/SigstoreSignAttachedMojo.java
@@ -75,6 +75,12 @@ public class SigstoreSignAttachedMojo
@Parameter( defaultValue = "${project}", readonly = true, required = true )
protected MavenProject project;
+ /**
+ * PoC: wait time before each file signature (in seconds)
+ */
+ @Parameter( property = "sigstore.wait", defaultValue = "0" )
+ private long wait;
+
/**
* Maven ProjectHelper
*/
@@ -181,6 +187,12 @@ public class SigstoreSignAttachedMojo
KeylessSigner signer =
KeylessSigner.builder().sigstoreStagingDefaults().build();
for ( SigningBundle bundleToSign : filesToSign )
{
+ if ( wait > 0 )
+ {
+ getLog().info( "waiting for " + wait + " seconds before
signing" );
+ Thread.sleep( wait * 1000 );
+ }
+
File fileToSign = bundleToSign.getSignature(); // reusing
original GPG implementation where it's the signature: TODO change
KeylessSignature signature = signer.signFile(
fileToSign.toPath() );
