You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The `--write-verification-metadata` Gradle option is generally able to resolve reachable configurations,
@@ -92,10 +92,10 @@ uses the changed dependencies. In most cases, `precommit` or `check` are good ca
92
92
We prefer sha256 checksums as md5 and sha1 are not considered safe anymore these days. The generated entry
93
93
will have the `origin` attribute been set to `Generated by Gradle`.
94
94
95
-
>A manual confirmation of the Gradle generated checksums is currently not mandatory.
96
-
>If you want to add a level of verification you can manually confirm the checksum (e.g. by looking it up on the website of the library)
97
-
>Please replace the content of the `origin` attribute by `official site` in that case.
98
-
>
95
+
>[!Tip]
96
+
>A manual confirmation of the Gradle generated checksums is currently not mandatory.
97
+
>If you want to add a level of verification you can manually confirm the checksum (e.g. by looking it up on the website of the library)
98
+
>Please replace the content of the `origin` attribute by `official site` in that case.
99
99
100
100
#### Custom plugin and task implementations
101
101
@@ -229,13 +229,9 @@ In addition to snapshot builds JitPack supports building Pull Requests. Simply u
229
229
3. Run the Gradle build as needed. Keep in mind the initial resolution might take a bit longer as this needs to be built
230
230
by JitPack in the background before we can resolve the adhoc built dependency.
231
231
232
-
---
233
-
234
-
**NOTE**
235
-
236
-
You should only use that approach locally or on a developer branch for production dependencies as we do
232
+
> [!Note]
233
+
> You should only use that approach locally or on a developer branch for production dependencies as we do
237
234
not want to ship unreleased libraries into our releases.
238
-
---
239
235
240
236
#### How to use a custom third party artifact?
241
237
@@ -265,12 +261,9 @@ allprojects {
265
261
```
266
262
4. Run the Gradle build as needed with `--write-verification-metadata` to ensure the Gradle dependency verification does not fail on your custom dependency.
267
263
268
-
---
269
-
**NOTE**
270
-
271
-
As Gradle prefers to use modules whose descriptor has been created from real meta-data rather than being generated,
264
+
> [!Note]
265
+
> As Gradle prefers to use modules whose descriptor has been created from real meta-data rather than being generated,
272
266
flat directory repositories cannot be used to override artifacts with real meta-data from other repositories declared in the build.
273
-
For example, if Gradle finds only `jmxri-1.2.1.jar` in a flat directory repository, but `jmxri-1.2.1.pom` in another repository
267
+
> For example, if Gradle finds only `jmxri-1.2.1.jar` in a flat directory repository, but `jmxri-1.2.1.pom` in another repository
274
268
that supports meta-data, it will use the second repository to provide the module.
275
-
Therefore, it is recommended to declare a version that is not resolvable from public repositories we use (e.g. Maven Central)
276
-
---
269
+
> Therefore, it is recommended to declare a version that is not resolvable from public repositories we use (e.g. Maven Central)
0 commit comments