Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Add test fixture to generate JARs that are JPMS modules

    • -0
    • +156
    ./fixtures/jpms/ModuleJarFixture.groovy
    • -4
    • +10
    ./fixtures/maven/AbstractMavenModule.groovy
Added integration tests to make sure retries happen for maven and ivy publication

Signed-off-by: Roberto Perez Alcolea <rperezalcolea@netflix.com>

    • -0
    • +11
    ./fixtures/server/http/HttpServer.groovy
  1. … 6 more files in changeset.
Revert having unique timestamp inside metadata

The attempt at having the unique timestamp inside the metadata file is

busted as it has too many issues and corner cases.

Instead we leave the -SNAPSHOT in there and let Gradle handle the

finding of the file at resolution time.

Issue #12070

    • -3
    • +11
    ./fixtures/maven/AbstractMavenModule.groovy
  1. … 3 more files in changeset.
Fix module metadata for Maven snapshot

In the context of Maven snapshots, the name of the artifact is the GAV

without replacing the -SNAPSHOT, while the file is indeed the unique

timestamped version.

    • -1
    • +11
    ./fixtures/maven/AbstractMavenModule.groovy
    • -0
    • +4
    ./fixtures/maven/DefaultRootMavenMetaData.groovy
    • -0
    • +4
    ./fixtures/maven/DefaultSnapshotMavenMetaData.groovy
    • -0
    • +5
    ./fixtures/server/http/IvyHttpModule.groovy
    • -0
    • +5
    ./fixtures/server/http/MavenHttpArtifact.groovy
    • -0
    • +6
    ./fixtures/server/http/MetaDataArtifact.groovy
    • -0
    • +5
    ./fixtures/server/http/PomHttpArtifact.groovy
    • -0
    • +4
    ./fixtures/server/sftp/SftpResource.groovy
  1. … 2 more files in changeset.
Add test case for read-only cache with containers

This commit introduces a test case to check that it's actually

possible to run concurrent docker containers using the same

shared, read-only, dependency cache. It acts both as a test

case and documentation, as mounting the cache as a read-only

volume in Docker is the recommended behavior.

    • -29
    • +66
    ./fixtures/gradle/GradleFileModuleAdapter.groovy
    • -1
    • +10
    ./fixtures/server/http/BlockingHttpServer.java
  1. … 14 more files in changeset.
Fix test flakiness

Sometimes the `.sha1` for module files wasn't fetched because the

HTTP test fixture server would report a `LastModified` timestamp

unchanged even if the underlying file did. That's because we're

just relying on the file last modified timestamp which unfortunately

isn't reliable.

    • -2
    • +11
    ./fixtures/gradle/GradleFileModuleAdapter.groovy
  1. … 1 more file in changeset.
Initial implementation of verification of signatures

This commit introduces _signature_ verification. Signature verification

is stronger than checksum verification and must be enabled explicitly,

by adding `<signature-verification>true</signature-verification>` to the

dependency verification configuration file.

Once such verification is enabled, Gradle will do its best to verify

the signature of artifacts. This means:

- it will try to download the .asc file associated with an artifact

- if it's present, it will automatically download the public keys

of the signature and verify that the file matches the signatures

- if _any_ of the signature verification fails, fails the build

- if a public key is not trusted explicitly, fails the build

- if signature verification succeeds, no checksum verification is

performed

Currently it's not possible to perform checksum verification for some

modules and signature verification for others. All modules must declare

all trusted keys.

If a key cannot be downloaded, verification will fail. It's not possible

to ignore a key for now. It's not possible to fallback to checksum

verification.

    • -0
    • +1
    ./fixtures/maven/MavenFileModule.groovy
    • -0
    • +8
    ./fixtures/server/http/DelegatingIvyModule.java
    • -7
    • +27
    ./fixtures/server/http/HttpServer.groovy
    • -1
    • +1
    ./fixtures/server/http/HttpServerFixture.groovy
  1. … 53 more files in changeset.
Allow a capability request without version to be published (#11691)

If a capability is required by a dependency, the request can be made

without specifying a version. This was not fully supported:

- At publishing time, we published 'version: null' (instead of nothing)

- At consuming time, we failed for a missing version (although this is fine)

Both cases are fixed in this commit and test coverage was added.

The test fixtures are extended to work with dependencies published

with a capability requests.

Fixes #11616

    • -2
    • +18
    ./fixtures/GradleModuleMetadata.groovy
    • -1
    • +5
    ./fixtures/gradle/DependencySpec.groovy
  1. … 7 more files in changeset.
Restore accidentally deleted code

  1. … 2 more files in changeset.
Bump layout format

  1. … 5 more files in changeset.
Generate checksum file for dependency verification

This commit introduces the generation of a dependency

verification metadata file from the CLI. If the user

calls `--write-verification-metadata`, then an XML

file is generated (`gradle/verification-metadata.xml`).

This file will contain the checksums for all artifacts

required by a build, which includes:

- plugin artifacts

- jars and other artifacts requested via a `configuration`

- secondary artifacts (javadocs, classifiers, ...)

It does NOT include metadata of those artifacts (pom files,

ivy files, Gradle Module metadata).

It isn't required to resolve any configuration to get this

behavior: the build will automatically process all resolvable

configurations and _try_ to resolve them automatically. All

artifacts resolved during this process are going to be automatically

downloaded (if not already). Then SHA-1 and SHA-512 checksums

are computed for all those artifacts.

The current format is an XML file planned to support more than

just artifacts: module metadata AND signature information is

planned.

See #11398

  1. … 32 more files in changeset.
Move the functional tests for concurrent usage of build services into a separate test class, and fix for instant execution.

  1. … 10 more files in changeset.
Add a system property to disable publishing of SHA-256

This commit adds an internal system property which can be used as

a workaround whenever the remote repository doesn't accept SHA-256

and SHA-512 checksums. Gradle is fail-safe when it cannot upload

those files, however, in some situations, the remote repository may

not allow promoting the release if it finds such files. This is the

case in older repositories, or currently with Maven Central.

To disable publication of both SHA-256 and SHA-512 checksums, either:

- add `-Dorg.gradle.internal.publish.checksums.insecure` to the CLI or

- add `org.gradle.internal.publish.checksums.insecure=true` to your

`gradle.properties` file

Fixes #11308

    • -1
    • +17
    ./fixtures/ivy/IvyFileModule.groovy
    • -0
    • +12
    ./fixtures/server/http/DelegatingIvyModule.java
  1. … 5 more files in changeset.
Introduce new metadata marker for Gradle 6 (#11109)

See: https://github.com/gradle/gradle/issues/11105

    • -3
    • +3
    ./fixtures/maven/MavenFileModule.groovy
  1. … 12 more files in changeset.
Fix TAPI tests

  1. … 2 more files in changeset.
Add support for sha256/sha512 to ivy publishing

Publication of SHA256 and SHA512 checksums is now enabled

on both the legacy `ivy` and `ivy-publish` plugins.

  1. … 9 more files in changeset.
Add sha-256 and sha-512 checksums to `maven-publish`

This commit adds the SHA-256 and SHA-512 checksums in:

- Gradle Module Metadata

- uploads to Maven repositories using the `maven-publish` plugin

The upload of those additional files is failsafe, just in case some

repositories don't support those checksum files.

    • -3
    • +7
    ./fixtures/GradleModuleMetadata.groovy
    • -11
    • +47
    ./fixtures/maven/AbstractMavenModule.groovy
    • -0
    • +12
    ./fixtures/maven/DelegatingMavenModule.java
    • -0
    • +4
    ./fixtures/resource/RemoteArtifact.java
    • -1
    • +20
    ./fixtures/server/http/HttpArtifact.groovy
    • -0
    • +10
    ./fixtures/server/http/IvyHttpModule.groovy
    • -0
    • +10
    ./fixtures/server/http/MavenHttpArtifact.groovy
    • -0
    • +9
    ./fixtures/server/http/MetaDataArtifact.groovy
    • -0
    • +10
    ./fixtures/server/http/PomHttpArtifact.groovy
    • -0
    • +10
    ./fixtures/server/sftp/SftpArtifact.java
  1. … 22 more files in changeset.
Backport test fixture improvements from 6.0 branch

    • -0
    • +4
    ./fixtures/server/http/MavenHttpModule.groovy
  1. … 1 more file in changeset.
Make http server fixture's handle() thread safe

As stated in the here implemented 'ServerWithExpectations' fixture:

"handlers, as well as failures, need to be thread-safe"

This concrete case was working most of the time since usually there are

not more than one expectations for the same request. But if the

same request is expected several times, and the requests are received

in parallel (as it is the case for metadata download), the handle()

method behaved flaky - by not doing reading and updating of the 'run'

flag as an atomic operation.

    • -2
    • +1
    ./fixtures/server/http/HttpServer.groovy
    • -1
    • +1
    ./fixtures/server/sftp/SFTPServer.groovy
  1. … 2 more files in changeset.
Make http server fixture's handle() thread safe

As stated in the here implemented 'ServerWithExpectations' fixture:

"handlers, as well as failures, need to be thread-safe"

This concrete case was working most of the time since usually there are

not more than one expectations for the same request. But if the

same request is expected several times, and the requests are received

in parallel (as it is the case for metadata download), the handle()

method behaved flaky - by not doing reading and updating of the 'run'

flag as an atomic operation.

    • -2
    • +1
    ./fixtures/server/http/HttpServer.groovy
    • -1
    • +1
    ./fixtures/server/sftp/SFTPServer.groovy
  1. … 2 more files in changeset.
Support artifacts with different names in maven module fixture

Such artifacts can actually be addressed by 'dependency artifacts'

through the 'artifact { }' notation inside a dependency declaration;

or in Gradle Module Metadata.

Support artifacts with different names in maven module fixture

Such artifacts can actually be addressed by 'dependency artifacts'

through the 'artifact { }' notation inside a dependency declaration;

or in Gradle Module Metadata.

Fix snapshot handling with Gradle Module Metadata

This commit fixes a couple of bugs:

1. if Gradle Module Metadata was published and consumed, then

the `changing` flag for the resolved component metadata wouldn't

be set to `true`, which means that snapshot would effectively be

considered as persistent

2. the publish test fixtures were not using the right, timestamped,

version id for the metadata and artifacts in case of unique snapshots,

which caused the resolution to fallback to the POM file

In addition, this fixes the generated module metadata file which

was uploaded _without_ substution the the SNAPSHOT version with

the timestamped version when published on external repositories.

Finally, this highlighted a couple of issues with test fixtures

which were still using Gradle Module Metadata when they shouldn't.

Fixes #10916

    • -2
    • +4
    ./fixtures/gradle/GradleFileModuleAdapter.groovy
  1. … 8 more files in changeset.
Make injected plugins resolvable from included builds and not just buildSrc

    • -18
    • +25
    ./fixtures/plugin/PluginBuilder.groovy
  1. … 4 more files in changeset.
Merge branch 'release' into ldaley/settings-plugins-block

    • -2
    • +2
    ./fixtures/plugin/PluginBuilder.groovy
  1. … 1 more file in changeset.
Improve advice for dealing with insecure HTTP script plugins

    • -0
    • +4
    ./fixtures/server/http/HttpServerFixture.groovy
  1. … 6 more files in changeset.
Remove duplicate method

    • -13
    • +1
    ./fixtures/plugin/PluginBuilder.groovy
  1. … 2 more files in changeset.
Fix mapping of default scope in MavenPom

* Dependencies default to compile, not runtime

* Dependency management has no default, so mapped to no_scope

  1. … 1 more file in changeset.
Remove use of deprecated API

Remove use of deprecated APIs in PluginBuilder

Replace use of archiveName with archiveFileName

Avoid more deprecated APIs

    • -2
    • +2
    ./fixtures/plugin/PluginBuilder.groovy
  1. … 64 more files in changeset.
Add support for plugins {} in Kotlin settings scripts.

    • -0
    • +13
    ./fixtures/plugin/PluginBuilder.groovy
  1. … 17 more files in changeset.