Support in memory PGP signing

bazelbuild / rules_jvm_external

Bazel rules to resolve, fetch and export Maven artifacts

Apache License 2.0

317 stars 237 forks source link

Support in memory PGP signing #1190

Open ThomasCJY opened 1 week ago

ThomasCJY commented 1 week ago

Background The export rule only supports gpg_sign option which requires the gpg binary to be installed on the machine and set up correctly. This doesn't fit the need if we want to build, sign and release artifacts through our CI builder. In that use case, we should use OpenPGP in memory signing and keep the signing key and pwd inside Jenkins job as a secret env variable.

ThomasCJY commented 1 week ago

proposed change in: https://github.com/bazelbuild/rules_jvm_external/pull/1191