[maven-studies] 08/15: next fixes after review

Sun, 01 Nov 2020 01:16:03 -0800 

This is an automated email from the ASF dual-hosted git repository.

rfscholte pushed a commit to branch maven-sign-plugin
in repository https://gitbox.apache.org/repos/asf/maven-studies.git

commit 6c313109bac5db344094776bc1e949f3efbc04c8
Author: Slawomir Jaranowski <s.jaranow...@gmail.com>
AuthorDate: Mon Oct 5 08:33:07 2020 +0200

    next fixes after review
---
 .github/workflows/maven.yml                               |  4 ++--
 README.md                                                 |  3 ++-
 pom.xml                                                   |  3 ---
 src/it/settings.xml                                       | 13 -------------
 .../maven/plugins/sign/PGPSecretKeyInfoFromParams.java    |  2 +-
 src/main/java/org/apache/maven/plugins/sign/SignMojo.java | 15 ++++++++-------
 .../org/apache/maven/plugins/sign/SignMojoException.java  |  5 +++++
 .../java/org/apache/maven/plugins/sign/pgp/PGPSigner.java |  2 +-
 src/test/resources/settings-security.xml                  |  4 ----
 9 files changed, 19 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index eb80283..e0fbda9 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -40,8 +40,8 @@ jobs:
           path: ~/.m2/repository
           key: maven-sign-plugin-${{ matrix.os }}-java${{ matrix.java }}-${{ 
hashFiles('**/pom.xml') }}
           restore-keys: |
-            maven-${{ matrix.os }}-java${{ matrix.java }}-
-            maven-${{ matrix.os }}-
+            maven-sign-plugin-${{ matrix.os }}-java${{ matrix.java }}-
+            maven-sign-plugin-${{ matrix.os }}-
 
       - name: Set up JDK
         uses: actions/setup-java@v1
diff --git a/README.md b/README.md
index eeaf82f..a716be4 100644
--- a/README.md
+++ b/README.md
@@ -9,8 +9,9 @@ Create PGP signature for all artifacts in maven project
 ## TODO
  - documentations
  - check if all artifacts are ready to sign - if package goal was running
- - verify password encryption in settings.xml
+ - find a good approach to storing passwords
  - detect expired key
  - signing by sub key
+ - support keyId in short, long and fingerprint formats - now is long
  - review it test from GPG plugin - maybe some case should be addressed
  - decision - if we should move pgp code to external project
diff --git a/pom.xml b/pom.xml
index ede1744..923668a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -159,9 +159,6 @@
               <showErrors>true</showErrors>
               <showVersion>true</showVersion>
               <streamLogs>true</streamLogs>
-              <properties>
-                
<settings.security>${project.basedir}/src/test/resources/settings-security.xml</settings.security>
-              </properties>
             </configuration>
           </plugin>
         </plugins>
diff --git a/src/it/settings.xml b/src/it/settings.xml
index c79c1a8..28f9d85 100644
--- a/src/it/settings.xml
+++ b/src/it/settings.xml
@@ -52,17 +52,4 @@
       </pluginRepositories>
     </profile>
   </profiles>
-
-  <servers>
-
-    <server>
-      <id>pgpKey</id>
-      <username>AC71B3E31C0C0D38</username>
-      
<privateKey>@project.basedir@/src/test/resources/pgp-priv-key.asc</privateKey>
-      <!-- testPass -->
-      <!-- 
passphrase>{sM9eNH++jOkHSAUJGpZe6pSpJi7Z9l8hZII8w9GPSFs=}</passphrase -->
-      <passphrase>testPass</passphrase>
-    </server>
-
-  </servers>
 </settings>
diff --git 
a/src/main/java/org/apache/maven/plugins/sign/PGPSecretKeyInfoFromParams.java 
b/src/main/java/org/apache/maven/plugins/sign/PGPSecretKeyInfoFromParams.java
index cef7333..af9a65b 100644
--- 
a/src/main/java/org/apache/maven/plugins/sign/PGPSecretKeyInfoFromParams.java
+++ 
b/src/main/java/org/apache/maven/plugins/sign/PGPSecretKeyInfoFromParams.java
@@ -48,7 +48,7 @@ public class PGPSecretKeyInfoFromParams implements 
PGPSecretKeyInfo
             }
             catch ( NumberFormatException e )
             {
-                throw new SignMojoException( e );
+                throw new SignMojoException( "The keyId is not a numerical 
value in hexadecimal format", e );
             }
         }
         else
diff --git a/src/main/java/org/apache/maven/plugins/sign/SignMojo.java 
b/src/main/java/org/apache/maven/plugins/sign/SignMojo.java
index 9dd897c..a024fa8 100644
--- a/src/main/java/org/apache/maven/plugins/sign/SignMojo.java
+++ b/src/main/java/org/apache/maven/plugins/sign/SignMojo.java
@@ -90,6 +90,7 @@ public class SignMojo extends AbstractMojo
         }
         catch ( PGPSignerException e )
         {
+            LOGGER.error( "{}", e.getMessage() );
             throw new MojoExecutionException( e.getMessage(), e );
         }
 
@@ -102,13 +103,13 @@ public class SignMojo extends AbstractMojo
 
         // sign and attach signature to project
         artifactsToSign.stream()
-                .map( this::signArtefact )
+                .map( this::signArtifact )
                 .flatMap( List::stream )
-                .forEach( this::attacheSignResult );
+                .forEach( this::attachSignResult );
     }
 
     /**
-     * Sign given artifact. In result we can have many signatures, 
transformers can produce multiple output for one
+     * Sign given artifact. In result we can have multiple signatures, 
transformers can produce multiple output for one
      * artifact.
      * <p>
      * This method ask transformers for inputStream for all artifact 
mutations, and sign each stream.
@@ -116,9 +117,9 @@ public class SignMojo extends AbstractMojo
      * @param artifact artifact to sign
      * @return sign result
      */
-    private List<SignResult> signArtefact( Artifact artifact )
+    private List<SignResult> signArtifact( Artifact artifact )
     {
-        LOGGER.info( "Sign artifact: {}", artifact );
+        LOGGER.info( "Signing artifact: {}", artifact );
 
         org.eclipse.aether.artifact.Artifact srcArtifact = new 
org.eclipse.aether.artifact.DefaultArtifact(
                 artifact.getGroupId(),
@@ -200,9 +201,9 @@ public class SignMojo extends AbstractMojo
     /**
      * Attache sign result to project.
      */
-    private void attacheSignResult( SignResult signResult )
+    private void attachSignResult( SignResult signResult )
     {
-        LOGGER.info( "Attache signature: {}", signResult );
+        LOGGER.info( "Attach signature: {}", signResult );
 
         projectHelper
                 .attachArtifact( project, signResult.getExtension(), 
signResult.getClassifier(), signResult.getFile() );
diff --git a/src/main/java/org/apache/maven/plugins/sign/SignMojoException.java 
b/src/main/java/org/apache/maven/plugins/sign/SignMojoException.java
index 6cff61b..8e3d922 100644
--- a/src/main/java/org/apache/maven/plugins/sign/SignMojoException.java
+++ b/src/main/java/org/apache/maven/plugins/sign/SignMojoException.java
@@ -34,4 +34,9 @@ public class SignMojoException extends RuntimeException
     {
         super( cause );
     }
+
+    public SignMojoException( String message, Throwable cause )
+    {
+        super( message, cause );
+    }
 }
diff --git a/src/main/java/org/apache/maven/plugins/sign/pgp/PGPSigner.java 
b/src/main/java/org/apache/maven/plugins/sign/pgp/PGPSigner.java
index 26d998f..a4d82b9 100644
--- a/src/main/java/org/apache/maven/plugins/sign/pgp/PGPSigner.java
+++ b/src/main/java/org/apache/maven/plugins/sign/pgp/PGPSigner.java
@@ -81,7 +81,7 @@ public class PGPSigner
     }
 
     /**
-     * Find and load private key form file.
+     * Find and load private key from file.
      */
     private void loadKey() throws IOException, PGPException, PGPSignerException
     {
diff --git a/src/test/resources/settings-security.xml 
b/src/test/resources/settings-security.xml
deleted file mode 100644
index ba4bba5..0000000
--- a/src/test/resources/settings-security.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<settingsSecurity>
-  <!-- masterPass -->
-  <master>{AQdp0H14ZZAHqlyH5GyKbN0GFUh2q4pvBnGqgTxH5RE=}</master>
-</settingsSecurity>

Reply via email to