sigstore:sign

Full name:

io.github.hboutemy:sigstore-maven-plugin:1.0.0-beta-3:sign

Description:

Sign project artifact, the POM, and attached artifacts with sigstore for deployment.

Attributes:

  • Requires a Maven project to be executed.
  • The goal is thread-safe and supports parallel builds.
  • Binds by default to the lifecycle phase: verify.

Optional Parameters

Name Type Since Description
<excludes> String[] - A list of files to exclude from being signed. Can contain Ant-style wildcards and double wildcards. The default excludes are **/*.md5 **/*.sha1 **/*.sha256 **/*.sha512 **/*.asc **/*.sigstore.
<publicStaging> boolean - Use public staging sigstage.dev instead of public default sigstore.dev.
Default value is: false.
User property is: public-staging.
<skip> boolean - Skip doing the gpg signing.
Default value is: false.
User property is: sigstore.skip.

Parameter Details

<excludes>

A list of files to exclude from being signed. Can contain Ant-style wildcards and double wildcards. The default excludes are **/*.md5 **/*.sha1 **/*.sha256 **/*.sha512 **/*.asc **/*.sigstore.
  • Type: java.lang.String[]
  • Required: No

<publicStaging>

Use public staging sigstage.dev instead of public default sigstore.dev.
  • Type: boolean
  • Required: No
  • User Property: public-staging
  • Default: false

<skip>

Skip doing the gpg signing.
  • Type: boolean
  • Required: No
  • User Property: sigstore.skip
  • Default: false