Hi,
In our project we publish several libraries into Azure Feed. Before we publish new library version we fetch the checksum for the latest version and compare it with the current checksum calculated by Gradle and stored in build/publications/library/module.json.
In our plugin we also set several parameters that guarantees deterministic jar building:
jar.setPreserveFileTimestamps(false);
jar.setReproducibleFileOrder(true);
jar.dirPermissions(p -> p.unix("rwxr-xr-x"));
jar.filePermissions(p -> p.unix("rw-r--r--"));
Everything was working great until I changed Azure pipeline Gradle task ‘build’ adding:
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
This small change initiated returning different checksum for the same binary (nothing changed in the code). Anyone knows why? and how to avoid it in a smart way ?