Sign artifacts and publish checksums #2883
Description
Expected Behavior
We should use the Gradle signing plugin to sign our artifacts with gpg and generate and publish checksums next to our artifacts.
This will increase reliability for our users.
Current Behavior
We let Bintray autosign our artifacts and do not publish any checksums.
Context
https://docs.gradle.org/current/userguide/signing_plugin.html
https://github.com/gradle/gradle-checksum
From 57894cd67ff5fffec4b2a8c6c15b9beeb5dc267f Mon Sep 17 00:00:00 2001
From: Artur Bosch <arturbosch@gmx.de>
Date: Mon, 20 Jul 2020 12:06:57 +0200
Subject: [PATCH] Publish sha256 checksums
---
buildSrc/src/main/kotlin/packaging.gradle.kts | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/buildSrc/src/main/kotlin/packaging.gradle.kts b/buildSrc/src/main/kotlin/packaging.gradle.kts
index b07f38a04..b5629ee74 100644
--- a/buildSrc/src/main/kotlin/packaging.gradle.kts
+++ b/buildSrc/src/main/kotlin/packaging.gradle.kts
@@ -145,3 +145,17 @@ configure(subprojects.filter { it.name != "detekt-bom" }) {
}
}
}
+
+subprojects {
+
+ tasks.withType<Zip>().configureEach {
+ doLast {
+ ant.withGroovyBuilder {
+ "checksum"(
+ "file" to this@configureEach.archiveFile.get().asFile,
+ "algorithm" to "SHA-256"
+ )
+ }
+ }
+ }
+}
--
2.27.0