This message was deleted.
# community-supports
Slackbot
08/23/2023, 3:06 PMThis message was deleted.
v
Vampire
08/23/2023, 3:11 PMNot 100% but I doubt it.
What would be the use-case to upload to repo A signed but to repo B unsigned?
s
Sebastian Schuberth
08/23/2023, 3:13 PMI basically only have one "real" remote repo, and Maven local. For the latter I want to skip signing. Going forward, I might also skip signing for artifacts published to a private snapshot repository.
v
Vampire
08/23/2023, 3:15 PMBut what is the problem to sign if you actually can sign? Does it break something if you upload signed?
j
Javi
08/23/2023, 3:16 PMI am skipping signing the artifacts when publishing
-SNAPSHOTpublishToMavenLocals
Sebastian Schuberth
08/23/2023, 3:17 PMNo, but I'd like to 1) limit the sharing of signing secrets in a team, and 2) avoid forcing devs to set up "fake" signing just because they want to publish to Maven local.
v
Vampire
08/23/2023, 3:17 PMAh, ok, now we come to it. 🙂
j
Javi
08/23/2023, 3:18 PMSimplified setup of what I have:
Copy code
configure<SigningExtension> {
val hasPublishToMavenLocalTasks: Boolean =
allTasks.any { task ->
task == "publishToMavenLocal" ||
task == "publishToMavenLocalTest" ||
task == "publishToMavenLocalBuildTest" ||
task == "publishAllPublicationsToMavenLocalTestRepository" ||
task == "publishAllPublicationsToMavenLocalBuildTestRepository"
}
isRequired = hasPublishToMavenLocalTasks
}v
Vampire
08/23/2023, 3:19 PMHow about setting "signing required" only if some project property is set, so you can set it to true where you need to sign, e. g. CI that publishes. In all other cases it will then skip signing if no signatory is configured and do the signing if it is present anyway.
j
Javi
08/23/2023, 3:19 PMI really miss a lot
isRequiredProviderJavi
08/23/2023, 3:20 PMYep, indeed the whole approach I have, it is doing that at the end, where
shouldSign Copy code
isRequired = (hasTaskCondition && hasSemverCondition) || shouldSign.get()s
Sebastian Schuberth
08/23/2023, 3:23 PMIn my case, I'll try
Copy code
setRequired({
val mavenPublishingTasks = tasks.withType<PublishToMavenRepository>()
mavenPublishingTasks.any { gradle.taskGraph.hasTask(it) }
})j
Javi
08/23/2023, 3:24 PMBut that would avoid signing in all cases, right?
s
Sebastian Schuberth
08/23/2023, 3:25 PMI don't think so... publishing to Maven local uses a different task type if I'm not mistaken.
v
Vampire
08/23/2023, 3:25 PMThis is what I have:
Copy code
signing {
setRequired {
// signing is required if this is a release version and the artifacts are to be published
// do not use hasTask() as this require realization of the tasks that maybe are not necessary
releaseVersion && gradle.taskGraph.allTasks.any { it is PublishToMavenRepository }
}
sign(publishing.publications)
}s
Sebastian Schuberth
08/23/2023, 3:27 PMYes, that's nicer, thanks!
j
Javi
08/23/2023, 3:30 PM@Vampire
setRequireds
Sebastian Schuberth
08/23/2023, 3:30 PMIt's lazy if you pass a lambda to it 🙂
Sebastian Schuberth
08/23/2023, 3:31 PMSee the remark at https://docs.gradle.org/current/userguide/signing_plugin.html#sec:conditional_signing
thank you 1
☝️ 1
v
Vampire
08/23/2023, 3:36 PMChances are it becomes a proper
Propertythank you 1
9 Views