/ 
Dist-Zilla-Plugin-SignReleaseNotes-0.0008
River stage zero No dependents
⭐ Starred 0 GitHub stars
/ Dist::Zilla::Plugin::SignReleaseNotes

NAME

Dist::Zilla::Plugin::SignReleaseNotes - Create and signs a 'Release' notes file

VERSION

version 0.0008

SYNOPSIS

In your dist.ini:

[SignReleaseNotes]
sign = always           ; default is always
sig_alg = sha512        ; default is sha256

DESCRIPTION

This plugin will sign a 'Release' file that includes:

1. Git commits since the last tag
2. the sha checksum of the file that is being distributed to CPAN

the file is then signed using Module::Signature.

The resulting file can be used as the Release information for GitHub or similar.

This plugin should appear after any other AfterBuild plugin in your dist.ini file

SAMPLE OUTPUT

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Dist::Zilla::Plugin::SignReleaseNotes

Release 0.0004

Change Log
  - 5c4df12 v0.0004
  - 9000d39 Increment version number
  - 1835a25 rev-list --tags matching commits that it should not

SHA256 hash of CPAN release

0b05776713165ad90d1385669e56dcd9f0abed8701f4e4652f5aa270687a3435 *Dist-Zilla-Plugin-SignReleaseNotes-0.0004.tar.gz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAwAdFiEEMguXHBCUSzAt6mNu1fh7LgYGpfkFAmH91iYACgkQ1fh7LgYG
pfmwrg//TXpyu8UeAaotLR0RFuLdmt9IrFmpflJ0SqwyY8MPBJOdb5BiwzSLDthi
1BNUtj4P+UsVlWrmXVufUYMEsGPyim6fD656NrUNds+PQQok3bTfR9qf341CY9Cq
MoR0an/u5APRaB4SurHs/lA3Nf/TRfAjkwBX4hzaRG1Iw9IcSHi5/gRBMA1E/+zT
/1GxkICjo0CrSe7REUiGmVf96TYGi/3D18pP/09Gnc6f1DMuKihiLy8BY57j9MCW
g6BWL8aXDpNvJFwwZv2h6OPLKF04xfjnVYzaAloCOaf2vHxb2ocv2KbOas8oWglf
BmameSAIHpxRTdV01M40V8eA6IHEDT4pUXGydggb9LQ/2s3X2n0AJN4HDwxtclvI
cF85Kfp2e5lqYJwHKN+tmQm3NUEJkvj+yM5tKeSoJWmba87fe7DKfhKHUSL7rqT5
PI2aKbs0auR2b5cXegUnNqKAjnF+I4pY/yWkmhUNPqQ+ctE/dy85opI6sQ1nIQ4v
Q3oIFhs4y+XkQorsorJJn3MtdrxTow/CoOjQ/Mydd11xpQSlXkTAO3TqxEiXIz0l
i4RybXbqlFB9MAbs9dbC96Lq5hxroxeIVxo99r9Q327it1gQWPMCnfUV9LKmzusZ
2j18EynyALPs/onwA4VOIi1kC3As8d+1cBfhaFaZf9vgryXQx84=
=kzjP
-----END PGP SIGNATURE-----

ATTRIBUTES

sign

A string value. If always then a signature will be created after an archive is created. If always then the 'Release' file will be signed after the release. Default is always

This attribute can be overridden by an environment variable DZSIGN

hash_alg

A string value for the Digest::SHA supported hash algorithm to use for the hash of the cpan upload file.

METHODS

after_release

The main processing function includes getting the git information. Should likely be split up.

create_release_file

Create's the plaintext Release file contents.

do_sign

Signs the 'Release' file to Module::Signature. Unfortunately we cannot use the Module::Signature::sign function as it gets its plaintext from the list of files that are normally used.

sub get_git_checksums_and_titles

Gets the short version of the checksums and the titles of each git commit since the most recent tag that was found in the repo.

get_checksum

Get's the checksum of the file being released. Expects the filename and returns the checksum with the requested Digest::SHA algorithim.

get_name

Get's the name of the Distribution being released. This takes it from the filename. There is likely a better way to obtain it.

get_version

Get's the version of the Distribution being released. This takes it from the $self->{zilla}->version. There is likely a better way to obtain it.

AUTHOR

Timothy Legge <timlegge@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2021 by Timothy Legge.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

AUTHOR

Timothy Legge

COPYRIGHT AND LICENSE

This software is copyright (c) 2022 by Timothy Legge.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.