maven-lockfile-parent

pkg:maven/io.github.chains-project/maven-lockfile-parent@5.17.0

Used in: 0 components

Overview
Overview

Versions
Versions

Dependents
Dependents

Dependencies
Dependencies

Overview

Description

This plugin is a state-of-the-art solution that can be used to validate the integrity of a maven repository. It does this by generating a lock file that contains the checksums of all the artifacts and plugins in the repository. The lock file can then be used to validate the integrity of the repository. This guards the supply chain against malicious actors that might tamper with the artifacts in the repository.

<dependency>
    <groupId>io.github.chains-project</groupId>
    <artifactId>maven-lockfile-parent</artifactId>
    <version>5.17.0</version>
</dependency>

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>io.github.chains-project</groupId>
  <artifactId>maven-lockfile-parent</artifactId>
  <version>5.17.0</version>
  <packaging>pom</packaging>
  <name>maven-lockfile-parent</name>
  <description>This plugin is a state-of-the-art solution that can be used to validate the integrity
    of a maven repository.
    It does this by generating a lock file that contains the checksums of all the artifacts and plugins in the
    repository.
    The lock file can then be used to validate the integrity of the repository.
    This guards the supply chain against malicious actors that might tamper with the artifacts in
    the repository.</description>
  <url>https://github.com/chains-project/maven-lockfile</url>
  <inceptionYear>2023</inceptionYear>
  <licenses>
    <license>
      <name>MIT</name>
      <url>https://opensource.org/licenses/MIT</url>
      <distribution>repo</distribution>
    </license>
  </licenses>
  <developers>
    <developer>
      <id>MartinWitt</id>
      <name>Martin Wittlinger</name>
    </developer>
  </developers>
  <modules>
    <module>maven_plugin</module>
  </modules>
  <scm>
    <connection>scm:git:https://github.com/chains-project/maven-lockfile</connection>
    <developerConnection>scm:git:https://github.com/chains-project/maven-lockfile.git</developerConnection>
    <tag>v${project.version}</tag>
    <url>https://github.com/chains-project/maven-lockfile/tree/${project.scm.tag}</url>
  </scm>
  <properties>
    <project.build.outputTimestamp>2026-06-05T23:42:21Z</project.build.outputTimestamp>
    <sigstore.skip>true</sigstore.skip>
    <released.version>5.17.0</released.version>
  </properties>
  <build>
    <plugins>
      <plugin>
        <groupId>org.cyclonedx</groupId>
        <artifactId>cyclonedx-maven-plugin</artifactId>
        <version>2.9.1</version>
        <inherited>true</inherited>
        <configuration>
          <includeTestScope>true</includeTestScope>
          <!--<outputDirectory>${project.build.directory}/staging-deploy/io/github/chains-project/${project.artifactId}/</outputDirectory>-->
        </configuration>
        <executions>
          <execution>
            <goals>
              <goal>makeBom</goal>
            </goals>
            <phase>package</phase>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <groupId>dev.sigstore</groupId>
        <artifactId>sigstore-maven-plugin</artifactId>
        <version>2.0.0</version>
        <configuration>
          <skip>${sigstore.skip}</skip>
        </configuration>
        <executions>
          <execution>
            <id>sign</id>
            <goals>
              <goal>sign</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-artifact-plugin</artifactId>
        <version>3.6.1</version>
      </plugin>
      <plugin>
        <groupId>com.diffplug.spotless</groupId>
        <artifactId>spotless-maven-plugin</artifactId>
        <version>3.1.0</version>
        <configuration>
          <formats>
            <format>
              <includes>
                <include>.gitignore</include>
              </includes>
              <trimTrailingWhitespace/>
              <endWithNewline/>
              <indent>
                <tabs>false</tabs>
                <spaces>true</spaces>
                <spacesPerTab>4</spacesPerTab>
              </indent>
            </format>
          </formats>
          <java>
            <palantirJavaFormat/>
          </java>
          <pom>
            <includes>
              <include>pom.xml</include>
            </includes>
            <sortPom/>
          </pom>
        </configuration>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-deploy-plugin</artifactId>
        <version>3.1.4</version>
      </plugin>
      <plugin>
        <groupId>org.codehaus.gmavenplus</groupId>
        <artifactId>gmavenplus-plugin</artifactId>
        <version>4.2.1</version>
        <inherited>false</inherited>
        <dependencies>
          <dependency>
            <groupId>org.apache.groovy</groupId>
            <artifactId>groovy</artifactId>
            <version>5.0.3</version>
            <scope>runtime</scope>
          </dependency>
        </dependencies>
        <executions>
          <execution>
            <goals>
              <goal>execute</goal>
            </goals>
            <phase>generate-resources</phase>
            <configuration>
              <scripts>
                <script>def
                  file = new File(".github/workflows/Lockfile.yml")
                  project.properties.action_content = file.getText()</script>
              </scripts>
            </configuration>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-resources-plugin</artifactId>
        <version>3.4.0</version>
        <configuration>
          <outputDirectory>${project.basedir}</outputDirectory>
          <resources>
            <resource>
              <directory>./template/</directory>
              <includes>
                <include>action.yml</include>
              </includes>
              <filtering>true</filtering>
            </resource>
          </resources>
          <encoding>UTF-8</encoding>
        </configuration>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.14.1</version>
        <configuration/>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.6.2</version>
        <executions>
          <execution>
            <id>enforce-plugin-versions</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <requirePluginVersions>
                  <message>Best Practice is to always define plugin versions!</message>
                  <banLatest>true</banLatest>
                  <banRelease>true</banRelease>
                  <banSnapshots>true</banSnapshots>
                  <phases>clean,deploy,site</phases>
                  <additionalPlugins>
                    <additionalPlugin>org.apache.maven.plugins:maven-reactor-plugin</additionalPlugin>
                  </additionalPlugins>
                  <unCheckedPluginList>org.apache.maven.plugins:maven-enforcer-plugin,org.apache.maven.plugins:maven-idea-plugin,org.apache.maven.plugins:maven-reactor-plugin</unCheckedPluginList>
                </requirePluginVersions>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-site-plugin</artifactId>
        <version>3.21.0</version>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-clean-plugin</artifactId>
        <version>3.5.0</version>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-install-plugin</artifactId>
        <version>3.1.4</version>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-surefire-plugin</artifactId>
        <version>3.5.4</version>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jar-plugin</artifactId>
        <version>3.5.0</version>
      </plugin>

    </plugins>
  </build>
</project>