Custom signing task to ignore sigstore sigs

Signed-off-by: Appu Goundan <[email protected]>
sigstore · Jan 10, 2024 · 7f42e6d · 7f42e6d
1 parent 38e59f4
commit 7f42e6d
Showing 1 changed file with 39 additions and 1 deletion.
diff --git a/build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts b/build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts
@@ -1,3 +1,8 @@
+import org.codehaus.groovy.runtime.StringGroovyMethods
+import org.gradle.api.publish.internal.PublicationInternal
+import org.gradle.api.publish.internal.PublicationInternal.DerivedArtifact
+import org.gradle.api.publish.maven.internal.publication.MavenPublicationInternal
+
 plugins {
     id("build-logic.repositories")
     id("build-logic.java-library")
@@ -19,4 +24,37 @@ publishing {
     }
 }
 
-signing.sign(publishing.publications["mavenJava"])
+createSignTask(publishing.publications["mavenJava"])
+
+fun createSignTask(publicationToSign: Publication) {
+    val signTaskName = "sign" + StringGroovyMethods.capitalize(publicationToSign.name) + "Publication"
+    if (project.tasks.names.contains(signTaskName)) {
+        throw GradleException("can't create custom sign task (it already exists): $signTaskName")
+    } else {
+        project.tasks.create<Sign>(signTaskName) { // must be create (not register)
+            val task = this
+            task.description = "Signs all artifacts in the 'mavenJava' publication."
+            if (publicationToSign !is MavenPublicationInternal) {
+                throw GradleException("can't configure signing for non-MavenPublication")
+            }
+            publicationToSign.allPublishableArtifacts {
+                if (task.signatureFiles.contains(this.file) || this.file.name.endsWith(".sigstore")) { // or .sigstore.json eventually
+                    return@allPublishableArtifacts
+                }
+                task.dependsOn(this)
+                val signature = Signature(this::getFile, null, task as SignatureSpec, this)
+                task.signatures.add(signature)
+                val derivedArtifact = object : DerivedArtifact {
+                    override fun shouldBePublished(): Boolean {
+                        return task.isEnabled && task.onlyIf.isSatisfiedBy(task)
+                    }
+
+                    override fun create(): File {
+                        return signature.file
+                    }
+                }
+                publicationToSign.addDerivedArtifact(this, derivedArtifact)
+            }
+        }
+    }
+}