-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sign artifacts for publishing #340
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left some comments.
@@ -37,3 +38,18 @@ fun Project.gradleInternalRepositoryUrl(): URI { | |||
val repositoryQualifier = if (isSnapshot) "snapshots" else "releases" | |||
return uri("https://repo.gradle.org/gradle/ext-$repositoryQualifier-local") | |||
} | |||
|
|||
val signArtifacts: Boolean = !System.getenv("PGP_SIGNING_KEY").isNullOrEmpty() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shall we use providers.environmentVariable("...").forUseAtConfigurationTime().orNull
?
@@ -22,6 +24,8 @@ object GradleProfilerPublishing : BuildType({ | |||
param("env.ORG_GRADLE_PROJECT_sdkmanToken", "%gradleprofiler.sdkman.token%") | |||
param("env.GRADLE_CACHE_REMOTE_USERNAME", "%gradle.cache.remote.username%") | |||
param("env.GRADLE_CACHE_REMOTE_PASSWORD", "%gradle.cache.remote.password%") | |||
param("env.PGP_SIGNING_KEY", "%pgpSigningKey%") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I like storing these credentials in TC parameters so that they can be updated without changing code, wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is a good point. I stored it for now like this, since I don't want to define the pgpSigning key in the root project, which would essentially allow all builds to access it. I did the same for native platform. Let's revisit this later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If pgp signing key is used only in gradle-profiler, why don't define it in gradle-profiler TC project?
@blindpirate PTAL! |
No description provided.