From 129f459948eaf81d2006370f6965a2b3a7b2a9e6 Mon Sep 17 00:00:00 2001
From: Giovanni <gvdschelde@gmail.com>
Date: Fri, 27 Aug 2021 23:38:31 +0200
Subject: [PATCH 1/3] [MGPG-44] gpg:sign fix non-default output directory
 Submitted by: Giovanni van der Schelde

Setting the output directory added an extra unnecessary /target directory.
Applied a fix for this issue and mostly adding integration tests.
---
 .../maven/plugins/gpg/AbstractGpgSigner.java  |  14 +-
 .../plugins/gpg/it/GpgSignArtifactIT.java     |  85 +++++++++++++
 .../resources/it/settings-with-passphrase.xml |  66 ++++++++++
 .../pom.xml                                   | 119 +++++++++++++++++
 .../pom.xml                                   | 119 +++++++++++++++++
 .../pom.xml                                   | 120 ++++++++++++++++++
 .../it/sign-release-with-artifact/pom.xml     | 116 +++++++++++++++++
 7 files changed, 634 insertions(+), 5 deletions(-)
 create mode 100644 src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
 create mode 100644 src/test/resources/it/settings-with-passphrase.xml
 create mode 100644 src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml
 create mode 100644 src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml
 create mode 100644 src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml
 create mode 100644 src/test/resources/it/sign-release-with-artifact/pom.xml

diff --git a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java b/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java
index 78f50f6..977a575 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java
@@ -174,14 +174,11 @@ public File generateSignatureForArtifact( File file )
 
             while ( ( signatureDirectory = signatureDirectory.getParentFile() ) != null )
             {
-                if ( !signatureDirectory.equals( baseDir ) )
-                {
-                    fileDirectory = signatureDirectory.getName() + File.separatorChar + fileDirectory;
-                }
-                else
+                if ( isPossibleRootOfArtifact( signatureDirectory ) )
                 {
                     break;
                 }
+                fileDirectory = signatureDirectory.getName() + File.separatorChar + fileDirectory;
             }
             signatureDirectory = new File( outputDir, fileDirectory );
             if ( !signatureDirectory.exists() )
@@ -254,4 +251,11 @@ private char[] readPassword( String prompt )
     {
         return System.console().readPassword();
     }
+
+    private boolean isPossibleRootOfArtifact( File signatureDirectory )
+    {
+        return signatureDirectory.equals( outputDir )
+                || signatureDirectory.equals( buildDir )
+                || signatureDirectory.equals( baseDir );
+    }
 }
diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
new file mode 100644
index 0000000..19da0cb
--- /dev/null
+++ b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
@@ -0,0 +1,85 @@
+package org.apache.maven.plugins.gpg.it;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.maven.shared.invoker.InvocationRequest;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import java.io.File;
+import java.util.Arrays;
+import java.util.Collection;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.runners.Parameterized.*;
+
+@RunWith( Parameterized.class )
+public class GpgSignArtifactIT
+{
+    private final File mavenHome;
+    private final File localRepository;
+    private final File mavenUserSettings;
+    private final File gpgHome;
+
+    public GpgSignArtifactIT() throws Exception
+    {
+        this.mavenHome = new File( System.getProperty( "maven.home" ) );
+        this.localRepository = new File( System.getProperty( "localRepositoryPath" ) );
+        this.mavenUserSettings = InvokerTestUtils.getTestResource( "/it/settings-with-passphrase.xml" );
+        this.gpgHome = new File( System.getProperty( "gpg.homedir" ) );
+    }
+
+    @Parameters
+    public static Collection<Object[]> data() {
+        return Arrays.asList(new Object[][] {
+                { "/it/sign-release-with-artifact/pom.xml", "/target/gpg/tarballs/", new String[]{ "sign-release-with-artifact-1.0-jar-with-dependencies.jar.asc" } },
+                { "/it/sign-release-with-artifact-and-output-directory/pom.xml", "/target/signed-files/tarballs/", new String[]{ "sign-release-with-artifact-and-output-directory-1.0-jar-with-dependencies.jar.asc" } },
+                { "/it/sign-release-with-artifact-and-output-directory-root/pom.xml", "/signed-files/tarballs/", new String[]{ "sign-release-with-artifact-and-output-directory-root-1.0-jar-with-dependencies.jar.asc" } },
+                { "/it/sign-release-with-artifact-same-directory/pom.xml", "/target/tarballs/", new String[]{ "sign-release-with-artifact-same-directory-1.0-jar-with-dependencies.jar", "sign-release-with-artifact-same-directory-1.0-jar-with-dependencies.jar.asc" } },
+        });
+    }
+
+    @Parameter
+    public String pomPath;
+    @Parameter(1)
+    public String expectedFileLocation;
+    @Parameter(2)
+    public String[] expectedFiles;
+
+    @Test
+    public void testFolderStructureWithArtifactAndDefaultOutputDirectory() throws Exception
+    {
+        // given
+        final File pomFile = InvokerTestUtils.getTestResource( pomPath );
+        final InvocationRequest request = InvokerTestUtils.createRequest( pomFile, mavenUserSettings, gpgHome );
+        final File integrationTestRootDirectory = new File( pomFile.getParent());
+        final File expectedOutputDirectory =  new File (integrationTestRootDirectory + expectedFileLocation );
+
+        // when
+        InvokerTestUtils.executeRequest( request, mavenHome, localRepository );
+
+        // then
+        assertThat( expectedOutputDirectory.exists(), equalTo( true ) );
+        assertThat( expectedOutputDirectory.list(), equalTo( expectedFiles ) );
+    }
+
+}
diff --git a/src/test/resources/it/settings-with-passphrase.xml b/src/test/resources/it/settings-with-passphrase.xml
new file mode 100644
index 0000000..75aa832
--- /dev/null
+++ b/src/test/resources/it/settings-with-passphrase.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+    <profiles>
+        <profile>
+            <id>it-repo</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <repositories>
+                <repository>
+                    <id>local.central</id>
+                    <url>file://@settings.localRepository@</url>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                    <snapshots>
+                        <enabled>true</enabled>
+                    </snapshots>
+                </repository>
+            </repositories>
+            <pluginRepositories>
+                <pluginRepository>
+                    <id>local.central</id>
+                    <url>file://@settings.localRepository@</url>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                    <snapshots>
+                        <enabled>true</enabled>
+                    </snapshots>
+                </pluginRepository>
+            </pluginRepositories>
+        </profile>
+    </profiles>
+
+    <servers>
+        <server>
+            <id>gpg.passphrase</id>
+            <passphrase>TEST</passphrase>
+        </server>
+    </servers>
+
+</settings>
diff --git a/src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml b/src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml
new file mode 100644
index 0000000..a8792f4
--- /dev/null
+++ b/src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.maven.its.gpg.srwopi</groupId>
+    <artifactId>sign-release-with-artifact-and-output-directory-root</artifactId>
+    <version>1.0</version>
+    <packaging>jar</packaging>
+
+    <description>
+        Tests that signed artifacts are placed in the correct configured folder structure.
+        Expected path: '/path/to/maven-gpg-plugin/signed-files/tarballs'
+    </description>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>@project.version@</version>
+                <configuration>
+                    <ascDirectory>signed-files</ascDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- Using assembly plugin to create folder structure -->
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>3.3.0</version>
+                <configuration>
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                    <outputDirectory>target/tarballs</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.0.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <updateReleaseInfo>true</updateReleaseInfo>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.0.4</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.3.1</version>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml b/src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml
new file mode 100644
index 0000000..bce1506
--- /dev/null
+++ b/src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.maven.its.gpg.srwopi</groupId>
+    <artifactId>sign-release-with-artifact-and-output-directory</artifactId>
+    <version>1.0</version>
+    <packaging>jar</packaging>
+
+    <description>
+        Tests that signed artifacts are placed in the correct configured folder structure.
+        Expected path: '/path/to/maven-gpg-plugin/target/signed-files/tarballs'
+    </description>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>@project.version@</version>
+                <configuration>
+                    <ascDirectory>target/signed-files</ascDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- Using assembly plugin to create folder structure -->
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>3.3.0</version>
+                <configuration>
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                    <outputDirectory>target/tarballs</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.0.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <updateReleaseInfo>true</updateReleaseInfo>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.0.4</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.3.1</version>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml b/src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml
new file mode 100644
index 0000000..6a55215
--- /dev/null
+++ b/src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.maven.its.gpg.srwopi</groupId>
+    <artifactId>sign-release-with-artifact-same-directory</artifactId>
+    <version>1.0</version>
+    <packaging>jar</packaging>
+
+    <description>
+        Tests that signed artifacts are placed in the correct configured folder structure.
+        Expected path: '/path/to/maven-gpg-plugin/target/tarballs'
+        Contains both the original file and the signed file
+    </description>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>@project.version@</version>
+                <configuration>
+                    <ascDirectory>target/tarballs</ascDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- Using assembly plugin to create folder structure -->
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>3.3.0</version>
+                <configuration>
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                    <outputDirectory>target/tarballs</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.0.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <updateReleaseInfo>true</updateReleaseInfo>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.0.4</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.3.1</version>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/src/test/resources/it/sign-release-with-artifact/pom.xml b/src/test/resources/it/sign-release-with-artifact/pom.xml
new file mode 100644
index 0000000..7973641
--- /dev/null
+++ b/src/test/resources/it/sign-release-with-artifact/pom.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.maven.its.gpg.srwopi</groupId>
+    <artifactId>sign-release-with-artifact</artifactId>
+    <version>1.0</version>
+    <packaging>jar</packaging>
+
+    <description>
+        Tests that signed artifacts are placed in the correct default folder structure.
+        Expected path: '/path/to/maven-gpg-plugin/target/gpg/tarballs'
+    </description>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>@project.version@</version>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- Using assembly plugin to create folder structure -->
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>3.3.0</version>
+                <configuration>
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                    <outputDirectory>target/tarballs</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.0.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <updateReleaseInfo>true</updateReleaseInfo>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.0.4</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.3.1</version>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

From 44d55021b9bcf2488809139890705ca14ec2aef3 Mon Sep 17 00:00:00 2001
From: Giovanni van der Schelde <gvdschelde@gmail.com>
Date: Tue, 7 Sep 2021 22:01:43 +0200
Subject: [PATCH 2/3] [MGPG-44] Make it-test order agnostic

Submitted by: Giovanni van der Schelde

The integration test for the folder structure was flaky due to
Files.list() returning the items in no particular order.
---
 .../org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
index 19da0cb..704df50 100644
--- a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
+++ b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
@@ -29,6 +29,7 @@
 import java.util.Collection;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
 import static org.hamcrest.Matchers.equalTo;
 import static org.junit.runners.Parameterized.*;
 
@@ -66,20 +67,20 @@ public static Collection<Object[]> data() {
     public String[] expectedFiles;
 
     @Test
-    public void testFolderStructureWithArtifactAndDefaultOutputDirectory() throws Exception
+    public void testPlacementOfArtifactInOutputDirectory() throws Exception
     {
         // given
         final File pomFile = InvokerTestUtils.getTestResource( pomPath );
         final InvocationRequest request = InvokerTestUtils.createRequest( pomFile, mavenUserSettings, gpgHome );
         final File integrationTestRootDirectory = new File( pomFile.getParent());
-        final File expectedOutputDirectory =  new File (integrationTestRootDirectory + expectedFileLocation );
+        final File expectedOutputDirectory = new File (integrationTestRootDirectory + expectedFileLocation );
 
         // when
         InvokerTestUtils.executeRequest( request, mavenHome, localRepository );
 
         // then
         assertThat( expectedOutputDirectory.exists(), equalTo( true ) );
-        assertThat( expectedOutputDirectory.list(), equalTo( expectedFiles ) );
+        assertThat( expectedOutputDirectory.list(), arrayContainingInAnyOrder( expectedFiles ) );
     }
 
 }

From 829971c330a5e6126ee608578178a8b3b27675f8 Mon Sep 17 00:00:00 2001
From: Giovanni van der Schelde <gvdschelde@gmail.com>
Date: Fri, 10 Sep 2021 00:02:08 +0200
Subject: [PATCH 3/3] [MGPG-44] Format test and improve readability

Submitted by: Giovanni van der Schelde

- Format the test file
- Decrease the length of the test data to increase readability
---
 .../plugins/gpg/it/GpgSignArtifactIT.java     | 30 +++++++++++--------
 .../pom.xml                                   |  3 +-
 .../pom.xml                                   |  3 +-
 .../pom.xml                                   |  3 +-
 .../pom.xml                                   |  3 +-
 5 files changed, 26 insertions(+), 16 deletions(-)
 rename src/test/resources/it/{sign-release-with-artifact => sign-release-in-default-dir}/pom.xml (97%)
 rename src/test/resources/it/{sign-release-with-artifact-and-output-directory => sign-release-in-output-dir}/pom.xml (97%)
 rename src/test/resources/it/{sign-release-with-artifact-and-output-directory-root => sign-release-in-root-dir}/pom.xml (97%)
 rename src/test/resources/it/{sign-release-with-artifact-same-directory => sign-release-in-same-dir}/pom.xml (97%)

diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
index 704df50..0cd72de 100644
--- a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
+++ b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
@@ -31,7 +31,8 @@
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
 import static org.hamcrest.Matchers.equalTo;
-import static org.junit.runners.Parameterized.*;
+import static org.junit.runners.Parameterized.Parameter;
+import static org.junit.runners.Parameterized.Parameters;
 
 @RunWith( Parameterized.class )
 public class GpgSignArtifactIT
@@ -50,20 +51,25 @@ public GpgSignArtifactIT() throws Exception
     }
 
     @Parameters
-    public static Collection<Object[]> data() {
-        return Arrays.asList(new Object[][] {
-                { "/it/sign-release-with-artifact/pom.xml", "/target/gpg/tarballs/", new String[]{ "sign-release-with-artifact-1.0-jar-with-dependencies.jar.asc" } },
-                { "/it/sign-release-with-artifact-and-output-directory/pom.xml", "/target/signed-files/tarballs/", new String[]{ "sign-release-with-artifact-and-output-directory-1.0-jar-with-dependencies.jar.asc" } },
-                { "/it/sign-release-with-artifact-and-output-directory-root/pom.xml", "/signed-files/tarballs/", new String[]{ "sign-release-with-artifact-and-output-directory-root-1.0-jar-with-dependencies.jar.asc" } },
-                { "/it/sign-release-with-artifact-same-directory/pom.xml", "/target/tarballs/", new String[]{ "sign-release-with-artifact-same-directory-1.0-jar-with-dependencies.jar", "sign-release-with-artifact-same-directory-1.0-jar-with-dependencies.jar.asc" } },
-        });
+    public static Collection<Object[]> data()
+    {
+        return Arrays.asList( new Object[][] {
+                { "/it/sign-release-in-default-dir/pom.xml", "/target/gpg/tarballs/",
+                        new String[] { "sign-release-in-default-dir-1.0.jar.asc" }},
+                { "/it/sign-release-in-output-dir/pom.xml", "/target/signed-files/tarballs/",
+                        new String[] { "sign-release-in-output-dir-1.0.jar.asc" }},
+                { "/it/sign-release-in-root-dir/pom.xml", "/signed-files/tarballs/",
+                        new String[] { "sign-release-in-root-dir-1.0.jar.asc" }},
+                { "/it/sign-release-in-same-dir/pom.xml", "/target/tarballs/",
+                        new String[] { "sign-release-in-same-dir-1.0.jar", "sign-release-in-same-dir-1.0.jar.asc" }},
+        } );
     }
 
     @Parameter
     public String pomPath;
-    @Parameter(1)
+    @Parameter( 1 )
     public String expectedFileLocation;
-    @Parameter(2)
+    @Parameter( 2 )
     public String[] expectedFiles;
 
     @Test
@@ -72,8 +78,8 @@ public void testPlacementOfArtifactInOutputDirectory() throws Exception
         // given
         final File pomFile = InvokerTestUtils.getTestResource( pomPath );
         final InvocationRequest request = InvokerTestUtils.createRequest( pomFile, mavenUserSettings, gpgHome );
-        final File integrationTestRootDirectory = new File( pomFile.getParent());
-        final File expectedOutputDirectory = new File (integrationTestRootDirectory + expectedFileLocation );
+        final File integrationTestRootDirectory = new File( pomFile.getParent() );
+        final File expectedOutputDirectory = new File( integrationTestRootDirectory + expectedFileLocation );
 
         // when
         InvokerTestUtils.executeRequest( request, mavenHome, localRepository );
diff --git a/src/test/resources/it/sign-release-with-artifact/pom.xml b/src/test/resources/it/sign-release-in-default-dir/pom.xml
similarity index 97%
rename from src/test/resources/it/sign-release-with-artifact/pom.xml
rename to src/test/resources/it/sign-release-in-default-dir/pom.xml
index 7973641..da1d947 100644
--- a/src/test/resources/it/sign-release-with-artifact/pom.xml
+++ b/src/test/resources/it/sign-release-in-default-dir/pom.xml
@@ -24,7 +24,7 @@ under the License.
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.apache.maven.its.gpg.srwopi</groupId>
-    <artifactId>sign-release-with-artifact</artifactId>
+    <artifactId>sign-release-in-default-dir</artifactId>
     <version>1.0</version>
     <packaging>jar</packaging>
 
@@ -57,6 +57,7 @@ under the License.
                         <descriptorRef>jar-with-dependencies</descriptorRef>
                     </descriptorRefs>
                     <outputDirectory>target/tarballs</outputDirectory>
+                    <appendAssemblyId>false</appendAssemblyId>
                 </configuration>
                 <executions>
                     <execution>
diff --git a/src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml b/src/test/resources/it/sign-release-in-output-dir/pom.xml
similarity index 97%
rename from src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml
rename to src/test/resources/it/sign-release-in-output-dir/pom.xml
index bce1506..ab51394 100644
--- a/src/test/resources/it/sign-release-with-artifact-and-output-directory/pom.xml
+++ b/src/test/resources/it/sign-release-in-output-dir/pom.xml
@@ -24,7 +24,7 @@ under the License.
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.apache.maven.its.gpg.srwopi</groupId>
-    <artifactId>sign-release-with-artifact-and-output-directory</artifactId>
+    <artifactId>sign-release-in-output-dir</artifactId>
     <version>1.0</version>
     <packaging>jar</packaging>
 
@@ -60,6 +60,7 @@ under the License.
                         <descriptorRef>jar-with-dependencies</descriptorRef>
                     </descriptorRefs>
                     <outputDirectory>target/tarballs</outputDirectory>
+                    <appendAssemblyId>false</appendAssemblyId>
                 </configuration>
                 <executions>
                     <execution>
diff --git a/src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml b/src/test/resources/it/sign-release-in-root-dir/pom.xml
similarity index 97%
rename from src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml
rename to src/test/resources/it/sign-release-in-root-dir/pom.xml
index a8792f4..d4c231c 100644
--- a/src/test/resources/it/sign-release-with-artifact-and-output-directory-root/pom.xml
+++ b/src/test/resources/it/sign-release-in-root-dir/pom.xml
@@ -24,7 +24,7 @@ under the License.
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.apache.maven.its.gpg.srwopi</groupId>
-    <artifactId>sign-release-with-artifact-and-output-directory-root</artifactId>
+    <artifactId>sign-release-in-root-dir</artifactId>
     <version>1.0</version>
     <packaging>jar</packaging>
 
@@ -60,6 +60,7 @@ under the License.
                         <descriptorRef>jar-with-dependencies</descriptorRef>
                     </descriptorRefs>
                     <outputDirectory>target/tarballs</outputDirectory>
+                    <appendAssemblyId>false</appendAssemblyId>
                 </configuration>
                 <executions>
                     <execution>
diff --git a/src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml b/src/test/resources/it/sign-release-in-same-dir/pom.xml
similarity index 97%
rename from src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml
rename to src/test/resources/it/sign-release-in-same-dir/pom.xml
index 6a55215..77f4c98 100644
--- a/src/test/resources/it/sign-release-with-artifact-same-directory/pom.xml
+++ b/src/test/resources/it/sign-release-in-same-dir/pom.xml
@@ -24,7 +24,7 @@ under the License.
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.apache.maven.its.gpg.srwopi</groupId>
-    <artifactId>sign-release-with-artifact-same-directory</artifactId>
+    <artifactId>sign-release-in-same-dir</artifactId>
     <version>1.0</version>
     <packaging>jar</packaging>
 
@@ -61,6 +61,7 @@ under the License.
                         <descriptorRef>jar-with-dependencies</descriptorRef>
                     </descriptorRefs>
                     <outputDirectory>target/tarballs</outputDirectory>
+                    <appendAssemblyId>false</appendAssemblyId>
                 </configuration>
                 <executions>
                     <execution>