Duplicate key Signature gradle-code-quality-tools-plugin:jar.asc:asc: with Gradle 5.1 & Java Gradle Plugin

[vanniktech]

For publishing Jvm artifacts there has been the canonical script from Chris Banes - https://github.com/chrisbanes/gradle-mvn-push
I've wrapped that into a Gradle Plugin https://github.com/vanniktech/gradle-maven-publish-plugin

For both scripts starting with Gradle 5.1 and a module which has the Java Gradle Plugin applied apply plugin: 'java-gradle-plugin' the signArchives task fails:

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':signArchives'.
> Duplicate key Signature gradle-code-quality-tools-plugin:jar.asc:asc:

* Try:
Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Exception is:
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':signArchives'.
        at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:38)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:67)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:49)
        at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:315)
        at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:305)
        at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:175)
        at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:101)
        at org.gradle.internal.operations.DelegatingBuildOperationExecutor.call(DelegatingBuildOperationExecutor.java:36)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:49)
        at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:43)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:355)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:343)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:336)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:322)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker$1.execute(DefaultPlanExecutor.java:134)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker$1.execute(DefaultPlanExecutor.java:129)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:202)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.executeNextNode(DefaultPlanExecutor.java:193)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:129)
        at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
        at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:46)
        at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:55)
Caused by: java.lang.IllegalStateException: Duplicate key Signature gradle-code-quality-tools-plugin:jar.asc:asc:
        at org.gradle.plugins.signing.Sign.getSignaturesByKey(Sign.java:249)
        at org.gradle.plugins.signing.Sign_Decorated.getSignaturesByKey(Unknown Source)
        at org.gradle.api.internal.tasks.properties.bean.AbstractNestedRuntimeBeanNode$DefaultPropertyValue$1$1.create(AbstractNestedRuntimeBeanNode.java:82)
        at org.gradle.util.SingleMessageLogger.whileDisabled(SingleMessageLogger.java:341)
        at org.gradle.api.internal.tasks.properties.bean.AbstractNestedRuntimeBeanNode$DefaultPropertyValue$1.get(AbstractNestedRuntimeBeanNode.java:79)
        at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:167)
        at org.gradle.api.internal.tasks.properties.bean.AbstractNestedRuntimeBeanNode$DefaultPropertyValue.getValue(AbstractNestedRuntimeBeanNode.java:145)
        at org.gradle.api.internal.tasks.properties.annotations.NestedBeanAnnotationHandler.visitPropertyValue(NestedBeanAnnotationHandler.java:50)
        at org.gradle.api.internal.tasks.properties.bean.AbstractNestedRuntimeBeanNode.visitProperties(AbstractNestedRuntimeBeanNode.java:61)
        at org.gradle.api.internal.tasks.properties.bean.RootRuntimeBeanNode.visitNode(RootRuntimeBeanNode.java:32)
        at org.gradle.api.internal.tasks.properties.DefaultPropertyWalker.visitProperties(DefaultPropertyWalker.java:41)
        at org.gradle.api.internal.tasks.TaskPropertyUtils.visitProperties(TaskPropertyUtils.java:39)
        at org.gradle.api.internal.tasks.execution.DefaultTaskProperties.resolve(DefaultTaskProperties.java:76)
        at org.gradle.api.internal.tasks.execution.ResolveTaskArtifactStateTaskExecuter.execute(ResolveTaskArtifactStateTaskExecuter.java:64)
        at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:56)
        at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:55)
        at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36)
        ... 22 more

Are we somehow misusing the API or is this a regression between Gradle 5.1 and Gradle 5.0?

Every recent version before Gradle 5.1 (including Gradle 5.0 & Gradle 4.x) works fine without any problems. Additionally, plain Android/Java/Kotlin modules also work fine.

As for a reproduction sample you can use https://github.com/vanniktech/gradle-maven-publish-plugin bump the Gradle version to 5.1 and execute the signArchives task.

[big-guy]

I tried upgrading 5.1 in both https://github.com/vanniktech/gradle-maven-publish-plugin and https://github.com/vanniktech/gradle-code-quality-tools-plugin and running signArchives and neither failed because the task was skipped.

I also tried whittling down your example with just the java-gradle-plugin and the signing plugins applied and it doesn't fail. Do you have a smaller example that fails?

[vanniktech]

Weird. Maybe it's a machine specific problem? Just checking out https://github.com/vanniktech/gradle-maven-publish-plugin/tree/5.1-failing and executing ./gradlew signArchives at the root level yields the failure:

➜  gradle-maven-publish-plugin git:(5.1-failing) ./gradlew signArchives
> Task :signArchives FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':signArchives'.
> Duplicate key Signature gradle-maven-publish-plugin:jar.asc:asc:

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 6.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/5.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 0s
13 actionable tasks: 7 executed, 6 up-to-date

[big-guy]

Is there maybe something user specific that needs to be configured on my side?

[vanniktech]

Oh yes. Totally forgot. You need to configure signing:

signing.keyId=foo
signing.password=bar
signing.secretKeyRingFile=/home/user/.gnupg/secring.gpg

Put these either inside ~/.gradle/gradle.properties or into a project Gradle property file. If I don't have these configured signArchives suceeds for me as well.

[ndw]

It's true that if you don't have those items configured, signArchives succeeds. Unfortunately, the archives aren't actually...signed.

[ndw]

I can also confirm that this a Gradle 5.1 regression; it works if I back down to 5.0.

[marcphilipp]

There seem to be two problems:

1. The com.vanniktech.maven.publish unconditionally adds the jar task to configurations.archives.artifacts where it has already been added by the java plugin thus causing the duplicate.
2. The com.gradle.plugin-publish plugin adds additional tasks for sources, javadoc, and groovydoc with the same classifiers.

The latter issue can be solved by applying the com.gradle.plugin-publish plugin last (because it will then detect that archives has already been configured and will not generate additional tasks/archives). For the former I've submitted vanniktech/gradle-maven-publish-plugin#39.

[koral--]

2. The com.gradle.plugin-publish plugin adds additional tasks for sources, javadoc, and groovydoc with the same classifiers.
   The latter issue can be solved by applying the com.gradle.plugin-publish plugin last (because it will then detect that archives has already been configured and will not generate additional tasks/archives).

So, regardless of vanniktech/gradle-maven-publish-plugin#39 if com.gradle.plugin-publish is applied before com.vanniktech.maven.publish then exception will still be thrown?
If so, maybe com.vanniktech.maven.publish should also detect that archives has already been configured and don't do it twice. WDYT?

[marcphilipp]

So, regardless of vanniktech/gradle-maven-publish-plugin#39 if com.gradle.plugin-publish is applied before com.vanniktech.maven.publish then exception will still be thrown?

Correct.

If so, maybe com.vanniktech.maven.publish should also detect that archives has already been configured and don't do it twice. WDYT?

I think that's a good idea. The easiest would be to detect the plugin-publish plugin and, if so, don't create additional tasks.