NAME Dist::Zilla::Plugin::SignReleaseNotes - Create and signs a 'Release' notes file VERSION version 0.0008 SYNOPSIS In your dist.ini: [SignReleaseNotes] sign = always ; default is always sig_alg = sha512 ; default is sha256 DESCRIPTION This plugin will sign a 'Release' file that includes: 1. Git commits since the last tag 2. the sha checksum of the file that is being distributed to CPAN the file is then signed using Module::Signature. The resulting file can be used as the Release information for GitHub or similar. This plugin should appear after any other AfterBuild plugin in your "dist.ini" file SAMPLE OUTPUT -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Dist::Zilla::Plugin::SignReleaseNotes Release 0.0004 Change Log - 5c4df12 v0.0004 - 9000d39 Increment version number - 1835a25 rev-list --tags matching commits that it should not SHA256 hash of CPAN release 0b05776713165ad90d1385669e56dcd9f0abed8701f4e4652f5aa270687a3435 *Dist-Zilla-Plugin-SignReleaseNotes-0.0004.tar.gz -----BEGIN PGP SIGNATURE----- iQIzBAEBAwAdFiEEMguXHBCUSzAt6mNu1fh7LgYGpfkFAmH91iYACgkQ1fh7LgYG pfmwrg//TXpyu8UeAaotLR0RFuLdmt9IrFmpflJ0SqwyY8MPBJOdb5BiwzSLDthi 1BNUtj4P+UsVlWrmXVufUYMEsGPyim6fD656NrUNds+PQQok3bTfR9qf341CY9Cq MoR0an/u5APRaB4SurHs/lA3Nf/TRfAjkwBX4hzaRG1Iw9IcSHi5/gRBMA1E/+zT /1GxkICjo0CrSe7REUiGmVf96TYGi/3D18pP/09Gnc6f1DMuKihiLy8BY57j9MCW g6BWL8aXDpNvJFwwZv2h6OPLKF04xfjnVYzaAloCOaf2vHxb2ocv2KbOas8oWglf BmameSAIHpxRTdV01M40V8eA6IHEDT4pUXGydggb9LQ/2s3X2n0AJN4HDwxtclvI cF85Kfp2e5lqYJwHKN+tmQm3NUEJkvj+yM5tKeSoJWmba87fe7DKfhKHUSL7rqT5 PI2aKbs0auR2b5cXegUnNqKAjnF+I4pY/yWkmhUNPqQ+ctE/dy85opI6sQ1nIQ4v Q3oIFhs4y+XkQorsorJJn3MtdrxTow/CoOjQ/Mydd11xpQSlXkTAO3TqxEiXIz0l i4RybXbqlFB9MAbs9dbC96Lq5hxroxeIVxo99r9Q327it1gQWPMCnfUV9LKmzusZ 2j18EynyALPs/onwA4VOIi1kC3As8d+1cBfhaFaZf9vgryXQx84= =kzjP -----END PGP SIGNATURE----- ATTRIBUTES sign A string value. If "always" then a signature will be created after an archive is created. If "always" then the 'Release' file will be signed after the release. Default is "always" This attribute can be overridden by an environment variable "DZSIGN" hash_alg A string value for the Digest::SHA supported hash algorithm to use for the hash of the cpan upload file. METHODS after_release The main processing function includes getting the git information. Should likely be split up. create_release_file Create's the plaintext Release file contents. do_sign Signs the 'Release' file to Module::Signature. Unfortunately we cannot use the Module::Signature::sign function as it gets its plaintext from the list of files that are normally used. sub get_git_checksums_and_titles Gets the short version of the checksums and the titles of each git commit since the most recent tag that was found in the repo. get_checksum Get's the checksum of the file being released. Expects the filename and returns the checksum with the requested Digest::SHA algorithim. get_name Get's the name of the Distribution being released. This takes it from the filename. There is likely a better way to obtain it. get_version Get's the version of the Distribution being released. This takes it from the $self->{zilla}->version. There is likely a better way to obtain it. AUTHOR Timothy Legge COPYRIGHT AND LICENSE This software is copyright (c) 2021 by Timothy Legge. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. AUTHOR Timothy Legge COPYRIGHT AND LICENSE This software is copyright (c) 2022 by Timothy Legge. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.