As an external developer, I shouldn't be code signing artifacts when running mvn package or mvn install locally, rather the maven-gpg-plugin should only be enabled in a release profile.
$ mvn install
...
[INFO] Building jar: /Users/heuermh/working/phenopacket-reference-implementation/target/phenopackets-api-0.0.5-SNAPSHOT-javadoc.jar
[INFO]
[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ phenopackets-api ---
/bin/sh: gpg: command not found
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
As an external developer, I shouldn't be code signing artifacts when running
mvn packageormvn installlocally, rather the maven-gpg-plugin should only be enabled in a release profile.$ mvn install ... [INFO] Building jar: /Users/heuermh/working/phenopacket-reference-implementation/target/phenopackets-api-0.0.5-SNAPSHOT-javadoc.jar [INFO] [INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ phenopackets-api --- /bin/sh: gpg: command not found [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------