enable built-in gradle dependency verification
This fully replaces gradle-witness and goes far beyond what it offered. As far as I can tell, this actually will verify every single artifact that gradle downloads and uses. This was generated in two passes to get both the PGP and the SHA256 info: ``` ./gradlew --write-verification-metadata pgp,sha256 build connectedFullDebugAndroidTest --export-keys ./gradlew --write-verification-metadata sha256 build connectedFullDebugAndroidTest ``` Thanks to @vlsi who made me aware of this, and helped make it possible. closes !837
This commit is contained in:
parent
dc93686926
commit
be5bdf3219
|
@ -0,0 +1 @@
|
|||
*.gpg binary
|
|
@ -53,7 +53,7 @@ errorprone:
|
|||
stage: test
|
||||
script:
|
||||
- cat config/errorprone.gradle >> app/build.gradle
|
||||
- ./gradlew assembleDebug
|
||||
- ./gradlew -Dorg.gradle.dependency.verification=lenient assembleDebug
|
||||
|
||||
# once these prove stable, the task should be switched to
|
||||
# connectedCheck to test all the build flavors
|
||||
|
|
Binary file not shown.
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue