chore: harden Gradle dependency reproducibility
feat: enable Gradle dependency locking for all configurations feat: enforce strict lock-state usage in the build feat: centralize repository declaration in settings.gradle feat: enable strict Gradle dependency verification via gradle.properties feat: add committed dependency lock state and verification metadata fix: defer mockito agent resolution to test execution phase for locked builds ci: validate reproducibility inputs before workflow builds ci: include lock and verification inputs in workflow change detection docs: establish explicit dependency update workflow for locks and verification metadata
This commit is contained in:
10
.github/workflows/pages.yml
vendored
10
.github/workflows/pages.yml
vendored
@@ -9,6 +9,8 @@ on:
|
||||
- 'src/test/**'
|
||||
- 'src/jmh/**'
|
||||
- 'build.gradle'
|
||||
- 'gradle.properties'
|
||||
- 'gradle.lockfile'
|
||||
- 'settings.gradle'
|
||||
- 'gradle/**'
|
||||
- 'dependency-suppression.xml'
|
||||
@@ -46,6 +48,14 @@ jobs:
|
||||
|
||||
- name: Set up Gradle caching and instrumentation
|
||||
uses: gradle/actions/setup-gradle@v4
|
||||
|
||||
- name: Verify reproducibility inputs
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
test -f gradle.lockfile
|
||||
test -f gradle.properties
|
||||
test -f gradle/verification-metadata.xml
|
||||
|
||||
- name: Build reports for publication
|
||||
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport pitest jmh cyclonedxBom
|
||||
|
||||
Reference in New Issue
Block a user