mkobit
commented
5 years ago Chiming in to also consider the "enterprise" style use case, where all repositories must be internal.
Open Tapchicoma opened 5 years ago
mkobit
commented
5 years ago Chiming in to also consider the "enterprise" style use case, where all repositories must be internal.
JLLeitschuh
commented
5 years ago Yea, I've thought about this pinning as well. There are security reasons why you'd want to do this. I agree it's a noble desire, but I agree with @mkobit here.
I can't think of any good way of doing this for the "enterprise" use case which I have to support for myself as well.
Tapchicoma
commented
5 years ago We can introduce extenstion property pinRepository with default value true. In case of "enterprise" - consumers should set it to false.
Starting Gradle 5.1 it is possible to pin repository to specific artefact. Plugin should check Gradle version and add a repository configuration for ktlint. This should simplify plugin setup.
Docs to look into: https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/repositories/MavenArtifactRepository.html#mavenContent-org.gradle.api.Action-