build-info icon indicating copy to clipboard operation
build-info copied to clipboard
verified publisher icon jfrog

artifactoryPublish not uploading checksum files like gradle publish

Open plofty opened this issue 3 years ago • 1 comments

Describe the bug

I am currently using gradle publish to publish files to Artifactory

./gradlew --refresh-dependencies publish -i -s --no-watch-fs

Example project uploads the following files

basic-java-1.0.0-SNAPSHOT.jar basic-java-1.0.0-SNAPSHOT.jar.sha512 basic-java-1.0.0-SNAPSHOT.module basic-java-1.0.0-SNAPSHOT.module.sha512 basic-java-1.0.0-SNAPSHOT.pom basic-java-1.0.0-SNAPSHOT.pom.sha512

Moving to Artifactory publish to include build properties. When I publish with artifactoryPublish the checksum files are missing.

./gradlew --refresh-dependencies artifactoryPublish -i -s --no-watch-fs

basic-java-1.0.0-SNAPSHOT.jar basic-java-1.0.0-SNAPSHOT.module basic-java-1.0.0-SNAPSHOT.pom

To Reproduce

publishing {
    publications {
        create<MavenPublication>("javaLib") {
            from(components["java"])
        }
    }
    repositories {
        maven {
            name = "Artifactory"
            url = uri(artifactoryUrl)
            credentials {
                username = artifactoryUsername
                password = artifactoryPassword
            }
        }
    }
}

artifactory {
    setContextUrl(uri(artifactoryContextUrl))
    publish {
        repository {
            setProperty("repoKey", artifactoryRepoName)
            setProperty("username", artifactoryUsername)
            setProperty("password", artifactoryPassword)
        }
        defaults{
            publications("javaLib")
            // Properties to be attached to the published artifacts.
            setProperties(mapOf(
                "git.branch.name" to gitBranchName,
                "git.commit.id" to gitCommit
            ))
        }
    }
}

Expected behavior

Artifactory publications should be producing the same files. Or maybe I am missing something

Screenshots If applicable, add screenshots to help explain your problem.

Versions

  • Gradle Artifactory plugin version: 4.28.1
  • Operating system: Fedora 35
  • Artifactory Version: Enterprise Plus 7.33.12 rev

Additional context Add any other context about the problem here.

plofty avatar May 10 '22 11:05 plofty

While JFrog Artifactory automatically handles SHA-256, SHA-1, and MD5 checksums, providing SHA-512 checksums can offer enhanced security, but I am not sure if we should upload separate files as Gradle does, instead of storing the checksum as Artifactory metadata, just like with the other checksum types.

rkrisztian avatar Mar 19 '24 13:03 rkrisztian