From mobile apps to microservices, from small startups to big enterprises, Gradle helps teams build, automate and deliver better software, faster.

Gradle Community

Hello, I am trying to integrate codecov into a Gradle build. It seems codecov don’t provide a gradle plugin to do so. They have a binary that is signed with a gpg key. Is there a gradle plugin I can use to download and verify the signature of the codecov binary before I execute it? This seems very similar to what gradle already does with the `--write-verification-metadata` cli parameter so I would expect this to be possible out of the box.

<@URQ797WRW> sorry to message you directly, but do you have thoughts on this question?

I'm on vacation without computer at hand. But I don't think there is something out of the box. And maybe typically it is run in CI as extra step because typically the build will fail when tests failed but you still want coverage to recorded?

Sorry to have bothered you on your holiday. For us coverage is not so important when tests fail and it would be beneficial to run the upload in parallel with other tasks that gradle runs. How does gradle verify the signatures of dependencies whenever there is a `verification-metadata.xml` file? Hopefully that code can be re-used for this use case?

I have no idea, but I would bet it is internal code.