Situation
JetBrains expects Marketplace-bound plugins to be signed before publication. The project already uses the IntelliJ Platform Gradle Plugin and declares zipSigner(), but build.gradle.kts does not configure secret-backed signing inputs for signPlugin, and there is no documented verifyPluginSignature check.
Relevant docs: https://plugins.jetbrains.com/docs/intellij/plugin-signing.html
Out-of-Scope
- Generating or storing real signing secrets in the repository.
- Choosing the long-term owner of the signing certificate.
- Publishing to JetBrains Marketplace.
- Changing plugin runtime behavior.
Acceptance Criteria
- Gradle signing is configured with secret-backed certificate chain, private key, and password inputs.
- No signing credentials are committed to source control.
signPlugin produces a signed plugin ZIP when the required secrets are present.
verifyPluginSignature is documented and passes for the signed ZIP when signing secrets are present.
- Local and CI behavior is documented for the case where signing secrets are intentionally unavailable.
Situation
JetBrains expects Marketplace-bound plugins to be signed before publication. The project already uses the IntelliJ Platform Gradle Plugin and declares
zipSigner(), butbuild.gradle.ktsdoes not configure secret-backed signing inputs forsignPlugin, and there is no documentedverifyPluginSignaturecheck.Relevant docs: https://plugins.jetbrains.com/docs/intellij/plugin-signing.html
Out-of-Scope
Acceptance Criteria
signPluginproduces a signed plugin ZIP when the required secrets are present.verifyPluginSignatureis documented and passes for the signed ZIP when signing secrets are present.