diff options
| author | Albin <albin@mullvad.net> | 2022-12-16 11:33:04 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-12-16 13:07:26 +0100 |
| commit | 4cb9f49b1091c5faac501330a8c3574da8b044e6 (patch) | |
| tree | eb856a7934a37c9deb88ab5a5ebe46a095b07c55 | |
| parent | d9c778db587600c955fe2a107d67ddc74b26ef9f (diff) | |
| download | mullvadvpn-4cb9f49b1091c5faac501330a8c3574da8b044e6.tar.xz mullvadvpn-4cb9f49b1091c5faac501330a8c3574da8b044e6.zip | |
Improve lockfile documentation
| -rw-r--r-- | android/gradle/verification-metadata.xml | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/android/gradle/verification-metadata.xml b/android/gradle/verification-metadata.xml index 569431df83..7c84f1cd17 100644 --- a/android/gradle/verification-metadata.xml +++ b/android/gradle/verification-metadata.xml @@ -1,22 +1,31 @@ <?xml version="1.0" encoding="UTF-8"?> +<!-- + This is a lockfile for gradle dependencies. See the following page for more information: + https://docs.gradle.org/current/userguide/dependency_verification.html + + The easiest way to update this file is to run the following script: + <repository-root>/android/scripts/update-lockfile.sh + + The following trust group is only used for GitHub Actions: com.github.burrunan.multicache + + NOTE: + - In order to properly generate the components, no gradle caches should be present + (for example junit-bom-*). This is automatically handled by using the mentioned script. + For more information see: https://github.com/gradle/gradle/issues/19228 + - Comments after the verification-metadata opening tag will automatically be removed by gradle + when generating components. +--> <verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.1.xsd"> <configuration> <verify-metadata>true</verify-metadata> <verify-signatures>false</verify-signatures> <trusted-artifacts> + <trust group="com.github.burrunan.multicache"/> <trust file=".*-javadoc[.]jar" regex="true"/> <trust file=".*-sources[.]jar" regex="true"/> <trust file=".*[.]pom" regex="true"/> - <!-- Only used for GitHub Actions --> - <trust group="com.github.burrunan.multicache"/> </trusted-artifacts> </configuration> - <!-- - Below can be generated by running: ./gradlew -M sha256 help - NOTE: The command must be run without any gradle caches, otherwise some dependencies are not - properly included, for example junit-bom-*. For more information see: - https://github.com/gradle/gradle/issues/19228 - --> <components> <component group="androidx.activity" name="activity" version="1.2.0"> <artifact name="activity-1.2.0.aar"> |