This is an automated email from the ASF dual-hosted git repository. kwin pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git
commit 6319ec31b92cad8000fabf78b8cdad8e7f68ac4f Author: Konrad Windszus <[email protected]> AuthorDate: Mon Dec 1 20:49:07 2025 +0100 Migrate to Markdown format Use Site descriptor 2.0 --- .../markdown/examples/deploy-signed-artifacts.md | 130 +++++++--------- src/site/markdown/index.md.vm | 106 +++++-------- src/site/markdown/usage.md.vm | 168 +++++++++------------ src/site/site.xml | 9 +- 4 files changed, 165 insertions(+), 248 deletions(-) diff --git a/src/site/markdown/examples/deploy-signed-artifacts.md b/src/site/markdown/examples/deploy-signed-artifacts.md index cfbc789..a697635 100644 --- a/src/site/markdown/examples/deploy-signed-artifacts.md +++ b/src/site/markdown/examples/deploy-signed-artifacts.md @@ -1,101 +1,81 @@ - ------ - Deploy Signed Artifacts - ------ - Dennis Lundberg - ------ - 2011-03-19 - ------ - -~~ Licensed to the Apache Software Foundation (ASF) under one -~~ or more contributor license agreements. See the NOTICE file -~~ distributed with this work for additional information -~~ regarding copyright ownership. The ASF licenses this file -~~ to you under the Apache License, Version 2.0 (the -~~ "License"); you may not use this file except in compliance -~~ with the License. You may obtain a copy of the License at -~~ -~~ http://www.apache.org/licenses/LICENSE-2.0 -~~ -~~ Unless required by applicable law or agreed to in writing, -~~ software distributed under the License is distributed on an -~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -~~ KIND, either express or implied. See the License for the -~~ specific language governing permissions and limitations -~~ under the License. - - -Deploy Signed Artifacts - - Without this plugin you deploy your project like this: - -+----------+ +--- +title: Deploy Signed Artifacts +author: + - Dennis Lundberg +date: 2011-03-19 +--- + +<!-- Licensed to the Apache Software Foundation (ASF) under one--> +<!-- or more contributor license agreements. See the NOTICE file--> +<!-- distributed with this work for additional information--> +<!-- regarding copyright ownership. The ASF licenses this file--> +<!-- to you under the Apache License, Version 2.0 (the--> +<!-- "License"); you may not use this file except in compliance--> +<!-- with the License. You may obtain a copy of the License at--> +<!----> +<!-- http://www.apache.org/licenses/LICENSE-2.0--> +<!----> +<!-- Unless required by applicable law or agreed to in writing,--> +<!-- software distributed under the License is distributed on an--> +<!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY--> +<!-- KIND, either express or implied. See the License for the--> +<!-- specific language governing permissions and limitations--> +<!-- under the License.--> +# Deploy Signed Artifacts + +Without this plugin you deploy your project like this: + +```unknown mvn deploy -+----------+ +``` - If you have configured this plugin according to the instructions in the - {{{../usage.html}usage page}}, nothing changes for interactive sessions: +If you have configured this plugin according to the instructions in the [usage page](../usage.html), nothing changes for interactive sessions: -+----------+ +```unknown mvn deploy -+----------+ +``` - And the gpg-agent will prompt you for passphrase. +And the gpg-agent will prompt you for passphrase. - General remark regarding environment variables: Examples below are NOT - instructions how to invoke Maven, as if you'd follow these examples - literally, it would defy the goal of not leaking cleartext passphrases, - as these would end up in terminal history! You should set these environment - variables on your own discretion in some secure manner. +General remark regarding environment variables: Examples below are NOT instructions how to invoke Maven, as if you'd follow these examples literally, it would defy the goal of not leaking cleartext passphrases, as these would end up in terminal history\! You should set these environment variables on your own discretion in some secure manner. - If you use "batch" build (or build is invoked by Maven Release Plugin), - then gpg-agent will be unable to ask interactively for password. In such - cases you want to "prime" the agent with passwords first. See {{{../usage.html}usage page}} - for details how to "prime" gpg-agent. +If you use "batch" build \(or build is invoked by Maven Release Plugin\), then gpg-agent will be unable to ask interactively for password. In such cases you want to "prime" the agent with passwords first. See [usage page](../usage.html) for details how to "prime" gpg-agent. - In "agent-less" (CI like usage) mode one can supply passphrase via environment - variable only. +In "agent-less" \(CI like usage\) mode one can supply passphrase via environment variable only. -+----------+ +```unknown MAVEN_GPG_PASSPHRASE=thephrase mvn --batch-mode deploy -+----------+ +``` -* Sign using BC Signer +## Sign using BC Signer - By default the plugin uses the "gpg" Signer (that relies on GnuPG tool installed - on host OS). The "bc" Signer on the other hand implements signing in pure - Java using Bouncy Castle libraries. +By default the plugin uses the "gpg" Signer \(that relies on GnuPG tool installed on host OS\). The "bc" Signer on the other hand implements signing in pure Java using Bouncy Castle libraries. - The "bc" signer, unlike "gpg", does not and cannot make use of <<<~/.gnupg>>> - directory in user home, and have to have configured both, the key used - to sign and the passphrase (if key is passphrase protected). The key is expected to be in - TSK format (see {{{https://openpgp.dev/book/private_keys.html#transferable-secret-key-format}"Transferable Secret Keys"}} format). +The "bc" signer, unlike "gpg", does not and cannot make use of `~/.gnupg` directory in user home, and have to have configured both, the key used to sign and the passphrase \(if key is passphrase protected\). The key is expected to be in TSK format \(see ["Transferable Secret Keys"](https://openpgp.dev/book/private_keys.html#transferable-secret-key-format) format\). -+----------+ +```unknown mvn deploy -Dgpg.signer=bc -Dgpg.keyFilePath=path/to/key -+----------+ +``` - In interactive sessions, similarly as with "gpg" Signer, gpg-agent will be used to - ask for password. In batch sessions, you can use environment variables to achieve - similar thing: +In interactive sessions, similarly as with "gpg" Signer, gpg-agent will be used to ask for password. In batch sessions, you can use environment variables to achieve similar thing: -+----------+ +```unknown MAVEN_GPG_PASSPHRASE=thephrase mvn deploy -Dgpg.signer=bc -Dgpg.keyFilePath=path/to/key -+----------+ +``` - Ultimately, you can place both, they key and passphrase into environment variables: +Ultimately, you can place both, they key and passphrase into environment variables: -+----------+ +```unknown MAVEN_GPG_KEY=thekeymaterial MAVEN_GPG_PASSPHRASE=thephrase mvn deploy -Dgpg.signer=bc -+----------+ +``` -* Install/Deploy without configuring the plugin in the POM +## Install/Deploy without configuring the plugin in the POM - Currently this is not easily accomplished. gpg signs the artifacts attached to the - build at the point that gpg runs. However, we want to "inject" the gpg into the phases. - What MIGHT work is: +Currently this is not easily accomplished. gpg signs the artifacts attached to the build at the point that gpg runs. However, we want to "inject" the gpg into the phases. What MIGHT work is: -+----------+ +```unknown mvn verify gpg:sign install:install deploy:deploy -+----------+ +``` + +However, if there are other plugins configured for phases after the `verify` phase, they will not be run. - However, if there are other plugins configured for phases after the <<<verify>>> phase, they will not be run. diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 2f9a413..95b57a2 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -1,82 +1,50 @@ - ------ - Introduction - ------ - Dennis Lundberg - ------ - 2013-07-22 - ------ +--- +title: Introduction +author: + - Dennis Lundberg +date: 2013-07-22 +--- -~~ Licensed to the Apache Software Foundation (ASF) under one -~~ or more contributor license agreements. See the NOTICE file -~~ distributed with this work for additional information -~~ regarding copyright ownership. The ASF licenses this file -~~ to you under the Apache License, Version 2.0 (the -~~ "License"); you may not use this file except in compliance -~~ with the License. You may obtain a copy of the License at -~~ -~~ http://www.apache.org/licenses/LICENSE-2.0 -~~ -~~ Unless required by applicable law or agreed to in writing, -~~ software distributed under the License is distributed on an -~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -~~ KIND, either express or implied. See the License for the -~~ specific language governing permissions and limitations -~~ under the License. +<!-- Licensed to the Apache Software Foundation (ASF) under one--> +<!-- or more contributor license agreements. See the NOTICE file--> +<!-- distributed with this work for additional information--> +<!-- regarding copyright ownership. The ASF licenses this file--> +<!-- to you under the Apache License, Version 2.0 (the--> +<!-- "License"); you may not use this file except in compliance--> +<!-- with the License. You may obtain a copy of the License at--> +<!----> +<!-- http://www.apache.org/licenses/LICENSE-2.0--> +<!----> +<!-- Unless required by applicable law or agreed to in writing,--> +<!-- software distributed under the License is distributed on an--> +<!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY--> +<!-- KIND, either express or implied. See the License for the--> +<!-- specific language governing permissions and limitations--> +<!-- under the License.--> +# ${project.name} -${project.name} +This plugin signs all of the project's attached artifacts with GnuPG. - This plugin signs all of the project's attached artifacts with GnuPG. +#[[##]]# Goals Overview -* Goals Overview +- [gpg:sign](./sign-mojo.html) Sign project artifact, the POM, and attached artifacts with GnuPG for deployment. +- [gpg:sign-and-deploy-file](./sign-and-deploy-file-mojo.html) Signs artifacts and installs the artifact in the remote repository. +#[[##]]# Usage - * {{{./sign-mojo.html}gpg:sign}} Sign project artifact, the POM, and attached artifacts with GnuPG for deployment. +General instructions on how to use the GPG Plugin can be found on the [usage page](./usage.html). Some more specific use cases are described in the examples given below. - * {{{./sign-and-deploy-file-mojo.html}gpg:sign-and-deploy-file}} Signs artifacts and installs the artifact in the remote repository. +Since 3\.2\.0, plugin can enforce "best practices", and will fail the build if any violation are detected. In short, intent is to stop users putting secrets \(plaintext or quasi-encrypted\) in their Maven configuration files \(settings.xml, POMs\) or use secrets in a way they leave trace \(like in terminal history\). In this mode, plugin leaves two options to obtain passphrase: use of gpg-agent \(with pinentry in interactive sessions, or pre-seeded "cached" passwords [...] - [] +To "prime" the GnuPG agent, you have several options: either just "sign" something beforehand \(usable on workstations\) like `echo "test" | gpg --clearsign` \(optionally using a dedicated private key with [`--local-user <keyname>>>), or use gpg-preset-passphrase GnuPG command, that will "cache" the password in gpg-agent for given login session, cache content is lost between reboots. Note: this tool, while is part of GnuPG suite, may not be on path. Check your OS docu [...] -* Usage +**Note:** The GpgSigner, that uses GnuPG tool installed and configured on the host OS, while it does contain support for older GnuPGP versions, is tested \(locally by developers and on CI systems\) only by using [latest "stable" GnuPG version](https://www.gnupg.org/download/index.html) \(scroll to bottom of page for EOL information\). - General instructions on how to use the GPG Plugin can be found on the {{{./usage.html}usage page}}. Some more - specific use cases are described in the examples given below. +In case you still have questions regarding the plugin's usage, please have a look at the [FAQ](./faq.html) and feel free to contact the [user mailing list](./mailing-lists.html). The posts to the mailing list are archived and could already contain the answer to your question as part of an older thread. Hence, it is also worth browsing/searching the [mail archive](./mailing-lists.html). - Since 3.2.0, plugin can enforce "best practices", and will fail the build if any violation are detected. - In short, intent is to stop users putting secrets (plaintext or quasi-encrypted) in their Maven configuration - files (settings.xml, POMs) or use secrets in a way they leave trace (like in terminal history). In this mode, - plugin leaves two options to obtain passphrase: use of gpg-agent (with pinentry in interactive sessions, or pre-seeded - "cached" passwords in non-interactive mode), and use of environment variables in batch/non-interactive/no-agent - sessions. To enable "best practices" configure the plugin accordingly (see goals, look for <<<bestPractices>>> - configuration). By default, the plugin does not enforce these, but does emit warnings. +If you feel like the plugin is missing a feature or has a defect, you can fill a feature request or bug report in our [issue tracker](./issue-management.html). When creating a new issue, please provide a comprehensive description of your concern. Especially for fixing bugs it is crucial that the developers can reproduce your problem. For this reason, entire debug logs, POMs or most preferably little demo projects attached to the issue are very much appreciated. Of course, patches are wel [...] - To "prime" the GnuPG agent, you have several options: either just "sign" something beforehand (usable on - workstations) like <<<echo "test" | gpg --clearsign>>> (optionally using a dedicated private key with <<<--local-user \<keyname\>>>), or use - {{{https://www.gnupg.org/documentation/manuals/gnupg/Invoking-gpg_002dpreset_002dpassphrase.html}gpg-preset-passphrase}} - GnuPG command, that will "cache" the password in gpg-agent for given login session, cache content is lost between - reboots. Note: this tool, while is part of GnuPG suite, may not be on path. Check your OS documentation for it. - For example, on modern versions of Fedora this tool is not on path, but is located in <<</usr/libexec/gpg-preset-passphrase>>>. +#[[##]]# Examples - <<Note:>> The GpgSigner, that uses GnuPG tool installed and configured on the host OS, while it does contain support - for older GnuPGP versions, is tested (locally by developers and on CI systems) only by using - {{{https://www.gnupg.org/download/index.html}latest "stable" GnuPG version}} (scroll to bottom of page for EOL information). +To provide you with better understanding of some usages of the GPG Plugin, you can take a look at the following example: - In case you still have questions regarding the plugin's usage, please have a look at the {{{./faq.html}FAQ}} and feel - free to contact the {{{./mailing-lists.html}user mailing list}}. The posts to the mailing list are archived and could - already contain the answer to your question as part of an older thread. Hence, it is also worth browsing/searching - the {{{./mailing-lists.html}mail archive}}. - - If you feel like the plugin is missing a feature or has a defect, you can fill a feature request or bug report in our - {{{./issue-management.html}issue tracker}}. When creating a new issue, please provide a comprehensive description of your - concern. Especially for fixing bugs it is crucial that the developers can reproduce your problem. For this reason, - entire debug logs, POMs or most preferably little demo projects attached to the issue are very much appreciated. - Of course, patches are welcome, too. Contributors can check out the project from our - {{{./scm.html}source repository}} and will find supplementary information in the - {{{/guides/development/guide-helping.html}guide to helping with Maven}}. - -* Examples - - To provide you with better understanding of some usages of the GPG Plugin, - you can take a look at the following example: - - * {{{./examples/deploy-signed-artifacts.html}Deploy Signed Artifacts}} - - [] +- [Deploy Signed Artifacts](./examples/deploy-signed-artifacts.html) diff --git a/src/site/markdown/usage.md.vm b/src/site/markdown/usage.md.vm index c69776a..ab32626 100644 --- a/src/site/markdown/usage.md.vm +++ b/src/site/markdown/usage.md.vm @@ -1,41 +1,39 @@ - ------ - Usage - ------ - Dennis Lundberg - ------ - 2011-03-19 - ------ - -~~ Licensed to the Apache Software Foundation (ASF) under one -~~ or more contributor license agreements. See the NOTICE file -~~ distributed with this work for additional information -~~ regarding copyright ownership. The ASF licenses this file -~~ to you under the Apache License, Version 2.0 (the -~~ "License"); you may not use this file except in compliance -~~ with the License. You may obtain a copy of the License at -~~ -~~ http://www.apache.org/licenses/LICENSE-2.0 -~~ -~~ Unless required by applicable law or agreed to in writing, -~~ software distributed under the License is distributed on an -~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -~~ KIND, either express or implied. See the License for the -~~ specific language governing permissions and limitations -~~ under the License. - -Usage - -* Sign artifacts with GnuPG - - Signs all of a project's attached artifacts with GnuPG. - - You need to have previously configured the default key using GnuPG. - - <<<gpg>>> also needs to be on the search path. - - First you add the plugin to your <<<pom.xml>>> like this: - -+----------+ +--- +title: Usage +author: + - Dennis Lundberg +date: 2011-03-19 +--- + +<!-- Licensed to the Apache Software Foundation (ASF) under one--> +<!-- or more contributor license agreements. See the NOTICE file--> +<!-- distributed with this work for additional information--> +<!-- regarding copyright ownership. The ASF licenses this file--> +<!-- to you under the Apache License, Version 2.0 (the--> +<!-- "License"); you may not use this file except in compliance--> +<!-- with the License. You may obtain a copy of the License at--> +<!----> +<!-- http://www.apache.org/licenses/LICENSE-2.0--> +<!----> +<!-- Unless required by applicable law or agreed to in writing,--> +<!-- software distributed under the License is distributed on an--> +<!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY--> +<!-- KIND, either express or implied. See the License for the--> +<!-- specific language governing permissions and limitations--> +<!-- under the License.--> +# Usage + +#[[##]]# Sign artifacts with GnuPG + +Signs all of a project's attached artifacts with GnuPG. + +You need to have previously configured the default key using GnuPG. + +`gpg` also needs to be on the search path. + +First you add the plugin to your `pom.xml` like this: + +```unknown <project> ... <build> @@ -58,69 +56,45 @@ Usage </build> ... </project> -+----------+ - - Ideally, if invoked on workstation, you should rely on gpg-agent to - collect passphrase from, as in that way no secrets will enter terminal history nor - any file on disk. In agent-less (batch) sessions, typically on CI, you should provide - passphrases via environment variable (see goals). - - <<Note:>> When using the GPG Plugin in combination with the Maven Release Plugin, - on a developer Workstation, you should rely on gpg-agent, but have it "primed", - as Release plugin invokes build in batch mode, that will prevent agent to present - the "pinentry pop up". If fully unattended release is being done, for example - on a CI system, then with <<<useAgent>>> set to <<<false>>> one can pass - the passphrase via environment variable. - - <<To prime gpg-agent caches>>, one can perform simple "sign" operation on - workstation like this <<<echo "test" | gpg --clearsign>>> or can use - gpg command {{{https://www.gnupg.org/documentation/manuals/gnupg/Invoking-gpg_002dpreset_002dpassphrase.html}gpg-preset-passphrase}}. - - General remark regarding environment variables: Examples below are NOT - instructions how to invoke Maven, as if you'd follow these examples - literally, it would defy the goal of not leaking cleartext passphrases, - as these would end up in terminal history! You should set these environment - variables on your own discretion in some secure manner. - -+----------+ +``` + +Ideally, if invoked on workstation, you should rely on gpg-agent to collect passphrase from, as in that way no secrets will enter terminal history nor any file on disk. In agent-less \(batch\) sessions, typically on CI, you should provide passphrases via environment variable \(see goals\). + +**Note:** When using the GPG Plugin in combination with the Maven Release Plugin, on a developer Workstation, you should rely on gpg-agent, but have it "primed", as Release plugin invokes build in batch mode, that will prevent agent to present the "pinentry pop up". If fully unattended release is being done, for example on a CI system, then with `useAgent` set to `false` one can pass the passphrase via environment variable. + +**To prime gpg-agent caches**, one can perform simple "sign" operation on workstation like this `echo "test" | gpg --clearsign` or can use gpg command [gpg-preset-passphrase](https://www.gnupg.org/documentation/manuals/gnupg/Invoking-gpg_002dpreset_002dpassphrase.html). + +General remark regarding environment variables: Examples below are NOT instructions how to invoke Maven, as if you'd follow these examples literally, it would defy the goal of not leaking cleartext passphrases, as these would end up in terminal history\! You should set these environment variables on your own discretion in some secure manner. + +```unknown MAVEN_GPG_PASSPHRASE=thephrase mvn release:perform -+----------+ +``` - One "real life" example, on Un*x systems could be this: +One "real life" example, on Un*x systems could be this: -+----------+ +```unknown read -s -p "Enter your GnuPG key passphrase: " MAVEN_GPG_PASSPHRASE; mvn release:perform -+----------+ +``` - Finally, the passphrase can be given on the command line as well, but this is not recommended, - and plugin will emit warnings. This mode of invocation is highly discouraged, - as passphrase in cleartext is recorded into Terminal history. +Finally, the passphrase can be given on the command line as well, but this is not recommended, and plugin will emit warnings. This mode of invocation is highly discouraged, as passphrase in cleartext is recorded into Terminal history. -+----------+ +```unknown mvn verify -Dgpg.passphrase=thephrase -+----------+ +``` -* Security considerations +#[[##]]# Security considerations - In the future, plugin will operate in <<<bestPractices>>> mode enabled, and will fail - the build if any violation of those is detected. The goal of this change was to protect - plugin users from possible "leaks" of sensitive information (like passphrase is). - Sensitive information like passphrases should never be stored on disks (plaintext - or quasi-encrypted), nor should be used in way they may "leak" into other files - (for example bash terminal history). +In the future, plugin will operate in `bestPractices` mode enabled, and will fail the build if any violation of those is detected. The goal of this change was to protect plugin users from possible "leaks" of sensitive information \(like passphrase is\). Sensitive information like passphrases should never be stored on disks \(plaintext or quasi-encrypted\), nor should be used in way they may "leak" into other files \(for example bash terminal history\). - Hence, examples below will work by emit warnings. In the future, once "best practices" - become enforced, these examples will not work anymore. +Hence, examples below will work by emit warnings. In the future, once "best practices" become enforced, these examples will not work anymore. -* Configure passphrase in settings.xml +#[[##]]# Configure passphrase in settings.xml - <<NOTE:>> These techniques below are highly discouraged. Ideally sensitive information - should enter via gpg-agent or via environment variables. +**NOTE:** These techniques below are highly discouraged. Ideally sensitive information should enter via gpg-agent or via environment variables. - Instead of specifying the passphrase on the command line, you can place it in your local <<<settings.xml>>> - either in clear or {{{/guides/mini/guide-encryption.html}encrypted}} text. +Instead of specifying the passphrase on the command line, you can place it in your local `settings.xml` either in clear or [encrypted](/guides/mini/guide-encryption.html) text. -+----------+ +```unknown <settings> [...] <servers> @@ -131,15 +105,13 @@ mvn verify -Dgpg.passphrase=thephrase </server> </servers> </settings> -+----------+ - -* Configure passphrase in settings.xml with a keyname +``` - To allow discovery of keyname and passphrase at build time, configure this plugin to map both <keyname> and <passphraseServerId> to - a fixed property. +#[[##]]# Configure passphrase in settings.xml with a keyname +To allow discovery of keyname and passphrase at build time, configure this plugin to map both _keyname_ and _passphraseServerId_ to a fixed property. -+----------+ +```unknown <project> ... <build> @@ -166,12 +138,11 @@ mvn verify -Dgpg.passphrase=thephrase </build> ... </project> -+----------+ +``` +and use local `settings.xml` to discover the passphrase via the keyname - and use local <<<settings.xml>>> to discover the passphrase via the keyname - -+----------+ +```unknown <settings> [...] <servers> @@ -195,4 +166,5 @@ mvn verify -Dgpg.passphrase=thephrase </profile> <profiles> </settings> -+----------+ +``` + diff --git a/src/site/site.xml b/src/site/site.xml index da704b6..d237739 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> - <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file @@ -18,10 +17,8 @@ KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> - -<project xmlns="http://maven.apache.org/DECORATION/1.0.0"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://maven.apache.org/DECORATION/1.0.0 http://maven.apache.org/xsd/decoration-1.0.0.xsd";> +<site xmlns="http://maven.apache.org/SITE/2.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/SITE/2.0.0 https://maven.apache.org/xsd/site-2.0.0.xsd";> <body> <menu name="Overview"> <item name="Introduction" href="index.html"/> @@ -36,4 +33,4 @@ under the License. <item name="Deploy Signed Artifacts" href="/examples/deploy-signed-artifacts.html"/> </menu> </body> -</project> +</site>
