for example for sbt-reproducible-builds itself, our packaged artifacts include sbt-reproducible-builds-0.32+10-1c096efd-SNAPSHOT.pom and sbt-reproducible-builds_2.12_1.0-0.32+10-1c096efd-SNAPSHOT.pom, and our reproducibleBuildsCheck currently doesn't support that.
This is probably as simple as filtering on the filename. In theory that might break when the certifications are published using a different filename pattern than the 'real' artifacts... but perhaps that's an acceptable loss?
i.e. multiple jars or poms.
for example for sbt-reproducible-builds itself, our packaged artifacts include
sbt-reproducible-builds-0.32+10-1c096efd-SNAPSHOT.pomandsbt-reproducible-builds_2.12_1.0-0.32+10-1c096efd-SNAPSHOT.pom, and ourreproducibleBuildsCheckcurrently doesn't support that.This is probably as simple as filtering on the filename. In theory that might break when the certifications are published using a different filename pattern than the 'real' artifacts... but perhaps that's an acceptable loss?