Signing plugin add to configuration even if it's not being run


(Justin Ryan) #1

The “Conditional Signing” section of the User Guide uses the “required” flag of the SigningExtension, but this doesn’t seem to be a complete solution. SigningExtension will add the signature artifacts even if the signing task is not being run, because addSignaturesToConfiguration is always run. This method should internally be conditional on required or related to the actually running of a task.

The problem is that for the artifactory gradle plugin, I disable signing (because the users doing this don’t have signatories and we don’t need signatures for our local repo), via the required flag. This does skip the signArchives task, BUT the signatures are still in the configuration, so the artifactory plugin tries to publish them and they don’t exist. It doesn’t help that the working isn’t pretty:

gradle.taskGraph.whenReady {taskGraph ->
    if (taskGraph.hasTask("uploadMavenCentral")) {
        signing {
            required true
            sign configurations.archives
        }
    }
}

I would have much preferred (and so would the User Guide):

signing {
            required { project.taskGraph.hasTask("uploadMavenCentral") }
            sign configurations.archives
        }

(Luke Daley) #2

This method should internally be conditional on required or related to the actually running of a task.

There are some ordering problems with this. The publications need to be part of the model for dependency inference to work. A general solution may be better, more on this below.

It doesn’t help that the working isn’t pretty

That (your solution) is not without its own problems. It should work for simple cases, but adding tasks so late in the lifecycle leads to inflexibility. That said, to solve this problem today it’s your best bet that I can see. BTW, the ‘required true’ is redundant there.

so the artifactory plugin tries to publish them and they don’t exist

This is likely the missing piece. We don’t have a way of modelling a publication that may be produced but isn’t going to be produced in this build. If we had that, the Artifactory plugin could ignore those that aren’t being produced.

I would have much preferred (and so would the User Guide):

I’m not sure if this could ever work. We can’t delay the creation of the publications to execution time as that would break dependency inference.

I’ll look into expanding our publication model to encompass “not produced” and see about getting the Artifactory plugin updated.