The following changes are applied in this pull request:
Binaries are built and signed using a separate digital signature service; this event is triggered when a release is created via the Github web interface.
Small tweaks in the POM, to include the plugins necessary for GPG signatures and publication on Maven Central
Added a suppression file for OWASP dependency checker, to handle a false positive
Bumped up version numbers of some dependencies
Related Issue
This is a new feature, it was not triggered by an issue.
Motivation and Context
To publish CmpRaComponent on Maven Central, the binaries must be signed. This pull requests implements the necessary logic, tying the signature process to an internally available signature service and HSM.
How Has This Been Tested?
The source code itself is not changed, therefore no new tests were added. The signing procedure itself was tested on a separate fork, with a test key-pair.
Description
The following changes are applied in this pull request:
release
is created via the Github web interface.Related Issue
This is a new feature, it was not triggered by an issue.
Motivation and Context
To publish CmpRaComponent on Maven Central, the binaries must be signed. This pull requests implements the necessary logic, tying the signature process to an internally available signature service and HSM.
How Has This Been Tested?
The source code itself is not changed, therefore no new tests were added. The signing procedure itself was tested on a separate fork, with a test key-pair.