Hi, I’m trying to find the best way to pull a subset of jars and metadata files into an internal repository (my company has very strict security requirements).
The most comprehensive way I’ve found to do this so far is to set up a proxy that relays HEAD/GET requests to repo.maven.apache.org and plugins.gradle.org and adding ‘maven { repositoryUrl = “my-repo” }’ to project.repositories and pluginManagement.repositories in settings.gradle – therefore both project dependencies and plugin dependencies go through my repo and I can cache the necessary jar and metadata files locally.
But I’m seeing something strange: for some reason I’m seeing a different set of dependencies when I do this versus omitting this customization and going to the default repositories directly. My dependencies end up being older than the ones computed from the default repos.
Does anyone have any thoughts on why this might be?
Also, more generally, I’m open to better solutions to this problem.