Add sbt-vspp for publishing the SBT plug-in in a Maven-consistent format #449
Conversation
This is to enable usage of sbt-scoverage in Enterprise environments where only the valid-POM format is accepted for JAR downloads, enabling it for many teams to move from Gradle/Maven to SBT for their Scala (and even non-Scala projects) More background here: https://github.com/esbeetee/sbt-vspp/blob/main/README.md
|
Thanks for the pr @ScalaWilliam! I consult at a fairly large company that also hit on this when we first started publishing an internal sbt plugin as our Sonatype OSS didn't have permissive set. We were able to get that changed to solve our publishing issue. However we actually never had an issue syncing with sbt plugins published to maven central even before this change. In your README you have
I understanding the mismatch, but could you explain this a bit more? What exact security scanning services are blocking this? |
|
@ckipp01 so glad to hear this is familiar! I will improve the prose on the doc but as a general principle, vulnerability scanning + expecting valid POM. Thank you for the great question, i updated the README with a new section to add a bit more explanation and detail :-) - hope that suffices. |
There was a problem hiding this comment.
Let's give this a try, thanks @ScalaWilliam. I hope this lands in sbt 2.x.
Hi @ckipp01 - I hope it would not be too much trouble to include this to your plug-in!
This is to enable usage of sbt-scoverage in Enterprise environments where only the valid-POM format is accepted for JAR downloads, enabling it for many teams to move from Gradle/Maven to SBT for their Scala (and even non-Scala projects).
The only change this does is to add extra JAR and POM to the artifact (while keeping the old structure -- and also enabling listing of this project on e.g. mvnrepository.com)
More background here: https://github.com/esbeetee/sbt-vspp/blob/main/README.md