This is an automated email from the ASF dual-hosted git repository. jdaugherty pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/grails-core.git
commit c9af64cc3c8dca4be01a707463bcd1eefdb83553 Author: James Daugherty <[email protected]> AuthorDate: Sun Jun 1 03:30:05 2025 -0400 [skip ci] disable signing when verifying build is reproducible --- etc/bin/verify-reproducible.sh | 1 + gradle/publish-config.gradle | 8 ++++++++ grails-gradle/gradle/checksum-config.gradle | 9 +++++++++ 3 files changed, 18 insertions(+) diff --git a/etc/bin/verify-reproducible.sh b/etc/bin/verify-reproducible.sh index 4c914bb6d4..298ed8821c 100755 --- a/etc/bin/verify-reproducible.sh +++ b/etc/bin/verify-reproducible.sh @@ -48,6 +48,7 @@ else exit 1 fi export SOURCE_DATE_EPOCH=$(cat "${DOWNLOAD_LOCATION}/grails/BUILD_DATE") +export TEST_BUILD_REPRODUCIBLE='true' if [[ -d "${DOWNLOAD_LOCATION}/grails/etc/bin/results/first" ]]; then echo "✅ Directory 'first' exists." diff --git a/gradle/publish-config.gradle b/gradle/publish-config.gradle index 7a59d95422..4ff213ade6 100644 --- a/gradle/publish-config.gradle +++ b/gradle/publish-config.gradle @@ -35,6 +35,14 @@ extensions.configure(GrailsPublishExtension) { apply plugin: 'org.gradle.crypto.checksum' afterEvaluate { + if (project.plugins.hasPlugin('signing')) { + if(System.getenv('TEST_BUILD_REPRODUCIBLE')) { + project.logger.lifecycle("Signing is disabled for this build to test build reproducibility.") + project.tasks.withType(Sign).configureEach { + it.enabled = false + } + } + } if (project.plugins.hasPlugin("maven-publish")) { def checksumTask = tasks.register("publishedChecksums", Checksum) checksumTask.configure { Checksum check -> diff --git a/grails-gradle/gradle/checksum-config.gradle b/grails-gradle/gradle/checksum-config.gradle index 066bd4091b..875d0f56e7 100644 --- a/grails-gradle/gradle/checksum-config.gradle +++ b/grails-gradle/gradle/checksum-config.gradle @@ -21,6 +21,15 @@ import org.gradle.crypto.checksum.Checksum apply plugin: 'org.gradle.crypto.checksum' afterEvaluate { + if (project.plugins.hasPlugin('signing')) { + if(System.getenv('TEST_BUILD_REPRODUCIBLE')) { + project.logger.lifecycle("Signing is disabled for this build to test build reproducibility.") + project.tasks.withType(Sign).configureEach { + it.enabled = false + } + } + } + if (project.plugins.hasPlugin("maven-publish")) { def checksumTask = tasks.register("publishedChecksums", Checksum) checksumTask.configure { Checksum check ->
