[ https://issues.apache.org/jira/browse/SOLR-17657 ]
Christos Malliaridis deleted comment on SOLR-17657:
---------------------------------------------
was (Author: JIRAUSER305622):
I believe it should be sufficient to simply add
{code:groovy}
spotless {
// ...
kotlin {
ktlint()
}
kotlinGradle {
target('*.gradle.kts')
ktlint()
}
}
{code}
> Evaluate and Update checksum and signature verification
> -------------------------------------------------------
>
> Key: SOLR-17657
> URL: https://issues.apache.org/jira/browse/SOLR-17657
> Project: Solr
> Issue Type: Improvement
> Components: Gradle
> Reporter: Christos Malliaridis
> Priority: Major
> Labels: checksum, gradle, integrity, verification
>
> Dependency verification is an important step that is used when we want to
> verify the integrity of third-party libraries. Right now, we have custom
> gradle tasks for generating and verifying the gradle checksums.
> These custom gradle tasks seem to be limited in their dependency resolution
> and do not check dependencies from plugins, buildSrc or integrated builds.
> Gradle comes with dependency verification options that also support signature
> checks, whereever available. It is also capable of taking plugins and
> configurations from buildSrc and integrated builds into account. See [Gradle
> dependency
> verification|https://docs.gradle.org/current/userguide/dependency_verification.html]
> for more information.
> h2. Task
> Evaluate the output and the capabilities available of the Gradle-native
> features from the above link and update the gradle tasks and development
> flows if they are preferred.
> You can use the gradle task
> {{.\gradlew \-\-write-verification-metadata sha256 help}}
> for generating your first output at {{gradle/verification-metadata.xml}}.
> h2. Acceptance Criteria
> - The GitHub workflows continue verifying checksums and optionally signatures
> If updated to the Gradle-native tasks:
> - The steps in our developer guide are updated accordingly
> - redundant custom gradle tasks related to the checksum generation and
> verification are removed
> - Checksum files from {{solr/licenses}} are removed
> If not upated to Gradle-native tasks:
> - The existing tasks are updated so that checksums from the new UI module
> (Kotlin multiplatform module) are also generated
> h2. Additional Information
> The new UI module introduced in #2605 is a Kotlin multiplatform module, which
> does not use the JavaPlugin that is used for resolving jar information (see
> jarValidation task). This means that it is not covered by our custom tasks.
> We should try to address this issue before Solr 10 is released, because we
> have already changed a lot of things related to dependency management.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
