Open Tapchicoma opened 5 years ago
Chiming in to also consider the "enterprise" style use case, where all repositories
must be internal.
Yea, I've thought about this pinning as well. There are security reasons why you'd want to do this. I agree it's a noble desire, but I agree with @mkobit here.
I can't think of any good way of doing this for the "enterprise" use case which I have to support for myself as well.
We can introduce extenstion property pinRepository
with default value true
. In case of "enterprise" - consumers should set it to false
.
Starting Gradle 5.1 it is possible to pin repository to specific artefact. Plugin should check Gradle version and add a repository configuration for ktlint. This should simplify plugin setup.
Docs to look into: https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/repositories/MavenArtifactRepository.html#mavenContent-org.gradle.api.Action-