search

s4u / pgpverify-maven-plugin

Verify Open PGP / GPG signatures plugin
https://www.simplify4u.org/pgpverify-maven-plugin/
Apache License 2.0
49 stars 20 forks source link

With `verifyPlugins=true` plugins are resolved from *Project*Repositories instead of *Plugin*Repositories #537

Closed pzygielo closed 4 months ago

pzygielo commented 6 months ago

Describe the bug With verifyPlugins/verifyPluginDependencies set to true plugins (and plugin dependencies) are being resolved with

session.getCurrentProject().getRemoteProjectRepositories() // *Project*Repositories

This makes the pgpverify-maven-plugin to fail if verified plugin (or its dependencies) is not available in non-plugin repository.

To Reproduce This change of removing plugin repository from non-plugin repositories (added as workaround in master there) shows that it is ok for build without pgpverify:check, and is problematic for pgpverify plugin to carry on.

Expected behavior Plugins and plugin dependencies are being resolved with

session.getCurrentProject().getRemotePluginRepositories() // *Plugin*Repositories

Additional context