Clone Tools
  • last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
Remove wrong test

This test has no value as the dependencies are GradleDependencyMetadata, not the ones we added the API to.

Signed-off-by: Benjamin Muskalla <>

Rework API to expose selectors

This allows to expose metadata for multiple artifacts.

Selectors are now also exposed for Ivy components.

Signed-off-by: Benjamin Muskalla <>

  1. … 4 more files in changeset.
Add accessors for sourced attributes within metadata rules

If a component metadata rule needs to rewrite dependencies

based on either the original maven pom classifier or type,

these are now exposed on the dependencies within the metadata


Fixes #11975

Signed-off-by: Benjamin Muskalla <>

  1. … 4 more files in changeset.
Replace several more usages of direct `FileCollection` implementation instantiation with a factory method.

Remove/deprecate a couple of `FileCollection` implementations, as these can now be replaced with public API factory methods instead.

The deprecation is intended to be tempory, until the play plugin can be updated to use public APIs instead, then the implementation will be removed.

  1. … 45 more files in changeset.
Add unit tests for the two stage caches

    • -0
    • +119
    • -0
    • +78
Fix duplicate entry found when building error

It was possible that the same key is checked multiple times

and reported multiple times as an error if a key is found

multiple times in a single keyring. This commit works around

the problem by collecting using a regular map then converting

to an immutable map.

Fixes #11999

  1. … 1 more file in changeset.
Fix incorrect Gradle root build directory location

This would cause a couple of bugs:

- a `gradle` directory would be created for each build even if

they didn't have one

- a `gradle` directory would be created for subprojects if the

gradle command was executed from this directory (#11971)

In addition, this would cause the verification metadata file to be

ignored if running from a subproject directory.

  1. … 5 more files in changeset.
Add documentation links for insecure url deprecations

  1. … 7 more files in changeset.
Require documentation or explicit undocumented() when nagging of deprecations

  1. … 63 more files in changeset.
Initial steps towards a 2-stage dependency cache

This commit introduces the infrastructure required to get a 2-stage

dependency cache, consisting of a read-only, shareable cache and

a read-write local mutable cache.

The read-only cache would typically be mounted on Docker images.

Only infrastructure, no tests yet.

  1. … 73 more files in changeset.
Fix use of schema location

The code was using `xmlns` instead of `xsi`

  1. … 4 more files in changeset.
Replace remaining uses of nagUserOfDeprecatedBehaviour with the builder

  1. … 3 more files in changeset.
Move DeprecationLogger to internal.deprecation package

  1. … 79 more files in changeset.
Optimize duplicated projects detection

Because project names cannot be changed, we can detect

duplicated project names much earlier and once for all.

This makes it redundant to recompute everytime.

  1. … 4 more files in changeset.
Fix circular dependencies when project have the same name

Before this commit, during dependency resolution, a synthetic

module version identifier was generated by project, using the

group and name of the project. However, it's possible for a

project in gradle to have the same name as another in the

same build, leading to duplicates. In this case the projects

were mixed together and lead to a circular dependency.

This commit fixes the problem by making sure we generate

distinct module version identifiers for such projects, by

using the full project path as the name instead of the short


This also makes it possible to publish valid publications

when using the maven or ivy publish plugins. However, we detect

this problem early and warn the user that they should overwrite

the project identity in this case.

  1. … 14 more files in changeset.
Move BuildCacheCommandFactory to :build-cache

And its implementation to :core (though it should end up in some build-cache-related subproject eventually).

  1. … 16 more files in changeset.
Make dependency verification XSD more explicit

By using `dependency-verification` in the URL and file


  1. … 3 more files in changeset.
Revert some changes to artifact transform execution, as these changes introduce a performance regression.

  1. … 23 more files in changeset.
Push parallel execution of transforms down to the transformation step, so that this happens independently of whether the tranform is executed for a scheduled node or when visiting an `ArtifactCollection` or `FileCollection` contents.

  1. … 12 more files in changeset.
Merge some logic used for executing a chained scheduled artifact transform node and the other places artifact transforms are executed.

An implication of this change is that when a scheduled transform produces multiple output files, then a consuming scheduled transform will transform those output files in parallel.

  1. … 15 more files in changeset.
Merge some logic used for executing an initial scheduled artifact transform node and for visiting transform outputs included in the contents of an `ArtifactCollection` or `FileCollection`.

  1. … 9 more files in changeset.
Add a way to declare exclusive content for each repository

Before this change, if a repository declared contents using

`repository.content { include "...." }`, it was required to

also declare that the _other_ repositories excluded it in

order to be mutually exclusive.

There's now an API which allows to declare exclusive content:


repositories {

exclusiveContent {

forRepository {

maven { url "" }


filter { includeGroup("com.mycompany") }





  1. … 6 more files in changeset.
Treat single version ranges as "required"

This commit changes the way Gradle handles single version

ranges to treat them like Maven does: they are effectively

"exact" version selectors (not strictly).

Fixes #11185

  1. … 5 more files in changeset.
Add API to disable dependency verification

This commit adds an API to disable verification on a specific

configuration (using `resolutionStrategy.disableDependencyVerification`.

This would let tasks which perform special dependency resolution (like

checking newer versions of dependencies) to pass even if dependency

verification is enabled.

  1. … 11 more files in changeset.
Allow various Gradle services to be injected into artifact transform actions.

  1. … 14 more files in changeset.
Update the error message to link to the docs

  1. … 5 more files in changeset.
Add an XML schema for the verification file

  1. … 3 more files in changeset.
Regroup trusted keys for readability

If a single key is trusted multiple times for different artifacts, we

now regroup the artifact coordinates under the `trusted-key` tag.

  1. … 3 more files in changeset.
Improve grouper

in order to even reduce the size of verification files

  1. … 2 more files in changeset.
Allow signature verification file generation

This commit adds the ability to generate a verification file which relies

on PGP signature verification. With this mode, Gradle will download the

signatures and verify them. Depending on the result of verification,

Gradle will either:

- automatically add trusted keys if verification passed

- automatically ignore keys if they couldn't be downloaded

- automatically ignore keys if verification failed

If verification failed or that a key couldn't be downloaded, a

WARNING will be issued to encourage the user to verify what


In order to reduce the size of the verification file, Gradle will

also automatically perform "normalization" of verifications by

configuring globally trusted keys for artifacts which share the same

group or a common super group.

  1. … 22 more files in changeset.