Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fix verification of dependencies resolved in buildFinished

Previously it was possible that a user hook (buildFinished)

was executed _after_ the verification code was done. With

this commit this is no longer possible.

    • -0
    • +36
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -2
    • +47
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
    • -3
    • +3
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
  1. … 8 more files in changeset.
Rework error message in case verification loading fails

As #11775 shows that dependency verification initialization

may fail for a different reason than not being able to parse

the file, the exception is more generic and the cause will

give the details.

    • -2
    • +3
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 2 more files in changeset.
Rework error message in case verification loading fails

As #11775 shows that dependency verification initialization

may fail for a different reason than not being able to parse

the file, the exception is more generic and the cause will

give the details.

    • -2
    • +3
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
  1. … 2 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -2
    • +3
    ./resolve/verification/AbstractSignatureVerificationIntegrationTest.groovy
    • -23
    • +131
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -6
    • +5
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 17 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -2
    • +3
    ./resolve/verification/AbstractSignatureVerificationIntegrationTest.groovy
    • -23
    • +131
    ./resolve/verification/DependencyVerificationSignatureCheckIntegTest.groovy
    • -6
    • +5
    ./resolve/verification/DependencyVerificationSignatureWriteIntegTest.groovy
  1. … 17 more files in changeset.
Fix for previous commit.

    • -10
    • +8
    ./resolve/transform/ArtifactTransformParallelIntegrationTest.groovy
    • -21
    • +16
    ./resolve/transform/TransformationLoggingIntegrationTest.groovy
Fix for previous commit.

    • -10
    • +8
    ./resolve/transform/ArtifactTransformParallelIntegrationTest.groovy
    • -21
    • +16
    ./resolve/transform/TransformationLoggingIntegrationTest.groovy
Serialize the artifact metadata for an `ArtifactCollection` instance to the instant execution cache.

    • -10
    • +8
    ./resolve/transform/ArtifactTransformParallelIntegrationTest.groovy
    • -21
    • +16
    ./resolve/transform/TransformationLoggingIntegrationTest.groovy
  1. … 9 more files in changeset.
Serialize the artifact metadata for an `ArtifactCollection` instance to the instant execution cache.

    • -10
    • +8
    ./resolve/transform/ArtifactTransformParallelIntegrationTest.groovy
    • -21
    • +16
    ./resolve/transform/TransformationLoggingIntegrationTest.groovy
  1. … 9 more files in changeset.
Fix for previous commit.

    • -13
    • +12
    ./resolve/api/ArtifactCollectionIntegrationTest.groovy
    • -68
    • +63
    ./resolve/transform/ArtifactTransformCachingIntegrationTest.groovy
Fix for previous commit.

    • -13
    • +12
    ./resolve/api/ArtifactCollectionIntegrationTest.groovy
    • -68
    • +63
    ./resolve/transform/ArtifactTransformCachingIntegrationTest.groovy
Fix the serialization of `ArtifactCollection` instances that contain the output of artifact transforms to the instant execution cache.

Use a similar strategy to that used to capture the contents of a `FileCollection` that contains the output of artifact transforms.

    • -13
    • +12
    ./resolve/api/ArtifactCollectionIntegrationTest.groovy
    • -68
    • +63
    ./resolve/transform/ArtifactTransformCachingIntegrationTest.groovy
  1. … 6 more files in changeset.
Fix the serialization of `ArtifactCollection` instances that contain the output of artifact transforms to the instant execution cache.

Use a similar strategy to that used to capture the contents of a `FileCollection` that contains the output of artifact transforms.

    • -13
    • +12
    ./resolve/api/ArtifactCollectionIntegrationTest.groovy
    • -68
    • +63
    ./resolve/transform/ArtifactTransformCachingIntegrationTest.groovy
  1. … 6 more files in changeset.
Make it possible to declare a group of repositories for exclusive content

This should address the case where an artifact can be found in a specific

group of repositories, not in a single one. This is for example the case

when an artifact can be found either in the 'release' or 'snapshot'

repository of a company, but not on the public repositories.

    • -0
    • +104
    ./resolve/ExclusiveRepositoryContentFilteringIntegrationTest.groovy
  1. … 3 more files in changeset.
Make it possible to declare a group of repositories for exclusive content

This should address the case where an artifact can be found in a specific

group of repositories, not in a single one. This is for example the case

when an artifact can be found either in the 'release' or 'snapshot'

repository of a company, but not on the public repositories.

    • -0
    • +104
    ./resolve/ExclusiveRepositoryContentFilteringIntegrationTest.groovy
  1. … 3 more files in changeset.
Add a way to declare exclusive content for each repository

Before this change, if a repository declared contents using

`repository.content { include "...." }`, it was required to

also declare that the _other_ repositories excluded it in

order to be mutually exclusive.

There's now an API which allows to declare exclusive content:

```

repositories {

exclusiveContent {

forRepository {

maven { url "https://my-company-repo.com" }

}

filter { includeGroup("com.mycompany") }

}

mavenCentral()

}

```

    • -0
    • +144
    ./resolve/ExclusiveRepositoryContentFilteringIntegrationTest.groovy
  1. … 6 more files in changeset.
Add a way to declare exclusive content for each repository

Before this change, if a repository declared contents using

`repository.content { include "...." }`, it was required to

also declare that the _other_ repositories excluded it in

order to be mutually exclusive.

There's now an API which allows to declare exclusive content:

```

repositories {

exclusiveContent {

forRepository {

maven { url "https://my-company-repo.com" }

}

filter { includeGroup("com.mycompany") }

}

mavenCentral()

}

```

    • -0
    • +144
    ./resolve/ExclusiveRepositoryContentFilteringIntegrationTest.groovy
  1. … 6 more files in changeset.
Add a way to declare exclusive content for each repository

Before this change, if a repository declared contents using

`repository.content { include "...." }`, it was required to

also declare that the _other_ repositories excluded it in

order to be mutually exclusive.

There's now an API which allows to declare exclusive content:

```

repositories {

exclusiveContent {

forRepository {

maven { url "https://my-company-repo.com" }

}

filter { includeGroup("com.mycompany") }

}

mavenCentral()

}

```

    • -0
    • +144
    ./resolve/ExclusiveRepositoryContentFilteringIntegrationTest.groovy
  1. … 6 more files in changeset.
Fixes for previous commit.

    • -2
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -4
    • +3
    ./resolve/transform/ArtifactTransformWithDependenciesIntegrationTest.groovy
Do not fail when writing an artifact transform that takes the upstream dependencies of the artifact to the instant execution cache.

In this change, the result will be incorrect because an empty set of dependencies is passed to the transform action when it is loaded from the cache.

    • -2
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -4
    • +3
    ./resolve/transform/ArtifactTransformWithDependenciesIntegrationTest.groovy
  1. … 8 more files in changeset.
Do not fail when writing an artifact transform that takes the upstream dependencies of the artifact to the instant execution cache.

In this change, the result will be incorrect because an empty set of dependencies is passed to the transform action when it is loaded from the cache.

    • -2
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -4
    • +3
    ./resolve/transform/ArtifactTransformWithDependenciesIntegrationTest.groovy
  1. … 8 more files in changeset.
Fix for previous commit.

    • -2
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -3
    • +0
    ./resolve/transform/ArtifactTransformWithFileInputsIntegrationTest.groovy
Fix for previous commit.

    • -1
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -1
    • +0
    ./resolve/transform/ArtifactTransformWithFileInputsIntegrationTest.groovy
Serialize the parameters of an artifact transform to the instant execution cache, rather than attempting to isolate the parameters and then serializing the result.

This allows the parameters to include files and other inputs that may need to be built before they can be queried, for example when the output of some transform is used as an input parameter to another transform (which is something different to chaining of several transforms to produce an output). An implication of this change is that the artifact parameter isolation now happens every time the cache is reused, whereas previously the isolation happened once on write. This can be improved later.

    • -3
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -4
    • +0
    ./resolve/transform/ArtifactTransformWithFileInputsIntegrationTest.groovy
  1. … 10 more files in changeset.
Serialize the parameters of an artifact transform to the instant execution cache, rather than attempting to isolate the parameters and then serializing the result.

This allows the parameters to include files and other inputs that may need to be built before they can be queried, for example when the output of some transform is used as an input parameter to another transform (which is something different to chaining of several transforms to produce an output). An implication of this change is that the artifact parameter isolation now happens every time the cache is reused, whereas previously the isolation happened once on write. This can be improved later.

    • -3
    • +0
    ./resolve/transform/ArtifactTransformValuesInjectionIntegrationTest.groovy
    • -4
    • +0
    ./resolve/transform/ArtifactTransformWithFileInputsIntegrationTest.groovy
  1. … 10 more files in changeset.
Treat single version ranges as "required"

This commit changes the way Gradle handles single version

ranges to treat them like Maven does: they are effectively

"exact" version selectors (not strictly).

Fixes #11185

    • -9
    • +0
    ./resolve/ivy/IvyDynamicRevisionResolveIntegrationTest.groovy
    • -1
    • +1
    ./resolve/maven/MavenVersionRangeResolveIntegrationTest.groovy
  1. … 3 more files in changeset.
Treat single version ranges as "required"

This commit changes the way Gradle handles single version

ranges to treat them like Maven does: they are effectively

"exact" version selectors (not strictly).

Fixes #11185

    • -9
    • +0
    ./resolve/ivy/IvyDynamicRevisionResolveIntegrationTest.groovy
    • -1
    • +1
    ./resolve/maven/MavenVersionRangeResolveIntegrationTest.groovy
  1. … 5 more files in changeset.
Treat single version ranges as "required"

This commit changes the way Gradle handles single version

ranges to treat them like Maven does: they are effectively

"exact" version selectors (not strictly).

Fixes #11185

    • -9
    • +0
    ./resolve/ivy/IvyDynamicRevisionResolveIntegrationTest.groovy
    • -1
    • +1
    ./resolve/maven/MavenVersionRangeResolveIntegrationTest.groovy
  1. … 5 more files in changeset.
Mark tests as failing with instant execution

    • -0
    • +1
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +1
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy
Mark tests as failing with instant execution

    • -0
    • +1
    ./resolve/verification/DependencyVerificationIntegrityCheckIntegTest.groovy
    • -0
    • +1
    ./resolve/verification/DependencyVerificationWritingIntegTest.groovy