Please publish PGP signature for the plugin at Gradle Plugin Portal

[vlsi]

The following changes would do:

1. Use the recent com.gradle.plugin-publish version in build.gradle. For instance, 1.2.1
2. Add signing plugin

See https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#sign_artifacts

Context

I'm upgrading forbidden-apis in JMeter, and I would like to configure PGP for the trusted signature so I don't need to update PGP on every update.

[uschindler]

Will check. The last time I tried it wasn't able to sign the artifacts or take over the dog atures from maven central. Basically the code just copies the artifacts from maven to Gradle plugins.

[uschindler]

Not sure if I can add signatures for the already existing artifacts.

[vlsi]

If you publish to central, then you could publish with signatures. I tend to publish plugins to both Central and Gradle Plugin Portal for redundancy.

However, it might be enough to add the signatures on the next update.

[uschindler]

Central has signatures: https://repo1.maven.org/maven2/de/thetaphi/forbiddenapis/3.6/

[vlsi]

Could you publish de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin:3.6 artifact to Central as well?

[vlsi]

Just to clarify: signatures can be published to both Central and GPP. I am not sure if there's an option to add signatures to already existing artifacts at GPP.