Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Add ignore key test coverage and bump wrapper

    • -0
    • +75
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 1 more file in changeset.
Add ignore key test coverage and bump wrapper

    • -0
    • +75
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 1 more file in changeset.
More test coverage + fixes for tests.

    • -1
    • +40
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
  1. … 4 more files in changeset.
Fix for transform service inject.

    • -1
    • +1
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
  1. … 3 more files in changeset.
Allow various Gradle services to be injected into artifact transform actions.

    • -0
    • +49
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
  1. … 7 more files in changeset.
Allow various Gradle services to be injected into artifact transform actions.

    • -1
    • +89
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
  1. … 14 more files in changeset.
Allow various Gradle services to be injected into artifact transform actions.

    • -1
    • +89
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
  1. … 14 more files in changeset.
Update the error message to link to the docs

    • -2
    • +7
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 5 more files in changeset.
Update the error message to link to the docs

    • -2
    • +7
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 5 more files in changeset.
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

    • -0
    • +33
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 1 more file in changeset.
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

    • -0
    • +33
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 1 more file in changeset.
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

    • -0
    • +33
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 1 more file in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -1
    • +11
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +17
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 12 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -1
    • +11
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +17
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 12 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -1
    • +11
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +17
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 12 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -1
    • +9
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +17
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 12 more files in changeset.
Add information about paths to dependencies when failing verification

When dependency verification fails, it's often necessary to actually

look at the artifacts which were downloaded. Gradle will not display

the paths to the artifacts which were involved in a verification

failure, so that the user can check if they are the ones they expect

or something else.

This also gives the ability to actually delete the file from the

local cache if it makes sense.

    • -1
    • +11
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +17
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 12 more files in changeset.
Avoid verifying the same artifact multiple times

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 4 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 9 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 7 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 9 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 9 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 8 more files in changeset.
Avoid verifying the same artifact multiple times

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 5 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 9 more files in changeset.
Avoid verifying the same artifact multiple times

and make sure that signature files are downloaded concurrently. This

commit adds several improvements, in particular by avoiding making

the same network requests multiple times just because we use the same

PGP key but in a different context.

    • -0
    • +86
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
  1. … 7 more files in changeset.
Fix ignored keys not written for failed verifications

In order to generate a file which can _immediately_ be used

despite verification failures (because we fallback on checksum

verification), we need to add the ignored keys at the artifact

level.

    • -0
    • +3
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 1 more file in changeset.
Fix ignored keys not written for failed verifications

In order to generate a file which can _immediately_ be used

despite verification failures (because we fallback on checksum

verification), we need to add the ignored keys at the artifact

level.

    • -0
    • +3
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 1 more file in changeset.
Fix ignored keys not written for failed verifications

In order to generate a file which can _immediately_ be used

despite verification failures (because we fallback on checksum

verification), we need to add the ignored keys at the artifact

level.

    • -0
    • +3
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 1 more file in changeset.
Fix ignored keys not written for failed verifications

In order to generate a file which can _immediately_ be used

despite verification failures (because we fallback on checksum

verification), we need to add the ignored keys at the artifact

level.

    • -0
    • +3
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 1 more file in changeset.