Suppressing GPG signing for Maven-based continuous integration builds (Travis CI)
Disable GPG signing by adding the following line to your .travis.yml
file:
install: mvn install -DskipTests -Dgpg.skip
Example: https://github.com/stefanbirkner/system-rules/blob/master/.travis.yml
You need to create a profile & make sure you run that only when you do the release build.
Remove the current plugin, and add it in a profile like this:
<profiles>
<profile>
<id>release-sign-artifacts</id>
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
And then when you actually need to do a release, add the property to your mvn command:
mvn -DperformRelease=true ...
I found a slightly simpler way to do it with the profile as described above. Instead of using a new property value, you can use the gpg.passphrase property which will need to be provided anyway when doing signing. The modified property section is as follows:
<activation>
<property>
<name>gpg.passphrase</name>
</property>
</activation>
Notice, that no value is required since you want this profile to activate if any value is set for that property.
The corresponding command line then looks like this:
mvn <command> -Dgpg.passphrase=myverysupersecretpassphrase
You can test this out by running it the following two ways:
mvn install
No signed artifacts get generated, and:
mvn install -Dgpg.passphrase=myverysupersecretpassphrase
Signed artifacts get created.
To do the actual signed release of the artifacts do the following:
mvn release:perform -Darguments=-Dgpg.passphrase=myverysupersecretpassphrase
The indirection is needed for the release action because it doesn't propagate the command line arguments directly to the spawned process (see http://maven.apache.org/plugins/maven-gpg-plugin/usage.html).