I would like to add a method that is called before dependency resolution that checks the active repositories against a given whitelist
(e.g. I don’t want sub-projects that compile on the CI server to just add e.g. “http://untrusted.maven.repository” as a repository).
Is there any “extension point” where I could hook in something like this ?
Thx.
Hello, you can put something like the following snippet in a plugin or an init script:
// ONLY USE COPORATE REPO FOR DEPENDENCIES
def coporateRepoUrl = "http://repo.gradle.org/gradle/repo"
repositories {
all { ArtifactRepository repo ->
if (!(repo instanceof MavenArtifactRepository) || repo.url.toString() != coporateRepoUrl) {
project.logger.warn "Repository ${repo.url} removed. Only $coporateRepoUrl is allowed"
remove repo
}
}
maven { url coporateRepoUrl }
}
Having this in an init script that is just added to your CI machine would allow your devs to try some things out and define custom repositories in their working copy, but your CI would only use the trusted repository you defined in your init script
cheers, René