artifactoryPublish not uploading checksum files like gradle publish

Question

artifactoryPublish not uploading checksum files like gradle publish

Opened this issue 2 years ago · 1 comments

Describe the bug

I am currently using gradle publish to publish files to Artifactory

./gradlew --refresh-dependencies publish -i -s --no-watch-fs

Example project uploads the following files

basic-java-1.0.0-SNAPSHOT.jar
basic-java-1.0.0-SNAPSHOT.jar.sha512
basic-java-1.0.0-SNAPSHOT.module
basic-java-1.0.0-SNAPSHOT.module.sha512
basic-java-1.0.0-SNAPSHOT.pom
basic-java-1.0.0-SNAPSHOT.pom.sha512

Moving to Artifactory publish to include build properties. When I publish with artifactoryPublish the checksum files are missing.

./gradlew --refresh-dependencies artifactoryPublish -i -s --no-watch-fs

basic-java-1.0.0-SNAPSHOT.jar
basic-java-1.0.0-SNAPSHOT.module
basic-java-1.0.0-SNAPSHOT.pom

To Reproduce

publishing {
    publications {
        create<MavenPublication>("javaLib") {
            from(components["java"])
        }
    }
    repositories {
        maven {
            name = "Artifactory"
            url = uri(artifactoryUrl)
            credentials {
                username = artifactoryUsername
                password = artifactoryPassword
            }
        }
    }
}

artifactory {
    setContextUrl(uri(artifactoryContextUrl))
    publish {
        repository {
            setProperty("repoKey", artifactoryRepoName)
            setProperty("username", artifactoryUsername)
            setProperty("password", artifactoryPassword)
        }
        defaults{
            publications("javaLib")
            // Properties to be attached to the published artifacts.
            setProperties(mapOf(
                "git.branch.name" to gitBranchName,
                "git.commit.id" to gitCommit
            ))
        }
    }
}

Expected behavior

Artifactory publications should be producing the same files. Or maybe I am missing something

Screenshots
If applicable, add screenshots to help explain your problem.

Versions

Gradle Artifactory plugin version: 4.28.1
Operating system: Fedora 35
Artifactory Version: Enterprise Plus 7.33.12 rev

Additional context
Add any other context about the problem here.

Answer 1 · 2024-03-19T13:43:04.000Z

While JFrog Artifactory automatically handles SHA-256, SHA-1, and MD5 checksums, providing SHA-512 checksums can offer enhanced security, but I am not sure if we should upload separate files as Gradle does, instead of storing the checksum as Artifactory metadata, just like with the other checksum types.