Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce gradle dependency verification #6443

Merged
merged 3 commits into from
Dec 6, 2022
Merged

Enforce gradle dependency verification #6443

merged 3 commits into from
Dec 6, 2022

Commits on Dec 6, 2022

  1. Fix broken Gradle Dependency Verification 

    The following artifacts failed verification:
  - javafx-base-16-linux.jar (org.openjfx:javafx-base:16) from repository MavenRepo
  - javafx-controls-16-linux.jar (org.openjfx:javafx-controls:16) from repository MavenRepo
  - javafx-fxml-16-linux.jar (org.openjfx:javafx-fxml:16) from repository MavenRepo
  - javafx-graphics-16-linux.jar (org.openjfx:javafx-graphics:16) from repository MavenRepo
  - protoc-3.19.1-linux-x86_64.exe (com.google.protobuf:protoc:3.19.1) from repository MavenRepo
  - protoc-gen-grpc-java-1.42.1-linux-x86_64.exe (io.grpc:protoc-gen-grpc-java:1.42.1) from repository MavenRepo
  - jackson-base-2.12.1.pom
  - protoc-3.19.1-windows-x86_64.exe
  - protoc-gen-grpc-java-1.42.1-windows-x86_64.exe
  - junit-bom-5.7.0.pom
  - javafx-base-16-win.jar
  - javafx-controls-16-win.jar
  - javafx-fxml-16-win.jar
  - javafx-graphics-16-win.jar
    @alvasw
    alvasw committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    90070c8 View commit details
    Browse the repository at this point in the history

  2. Reenable verbose dependency verification (failure report) 

    The built-in Gradle dependency verification XML writer does not find all
our libraries for some unknown reason. I had to compute and add multiple
hashes manually. It seems like it is OS related and the CI output helped
to fix the problem. The console output makes it hard to fix issues
because we cannot access the generated HTML file. This change reenables
the verbose failure report.
    @alvasw
    alvasw committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    2dc4072 View commit details
    Browse the repository at this point in the history

  3. Enforce Gradle Dependency Verification 

    We had some issues with the Gradle Dependency Verification and nobody
noticed it because it was not enforced by Gradle. Supply chain attack
are sadly a real threat that should not be underestimated.
    @alvasw
    alvasw committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    d637517 View commit details
    Browse the repository at this point in the history