@ToBeFixedForConfigurationCache
    def "does not remove vcs checkout on every build"() {
        succeeds("assertVersion", "-PrepoVersion=1.0")
        def checkout = checkoutDir("dep", commits.initial.id.name, repo.id)

        // Put new file in the checkout directory that would be deleted if Gradle
        // deletes the checkout directory
        def trashFile = checkout.file("trash")
        trashFile.text = "junk"

        when:

        Map<ChecksumAlgorithmService.ChecksumAlgorithm, String> checksums = service.calculate(
                "test".getBytes(StandardCharsets.UTF_8), service.select(Arrays.asList("SHA-1", "MD5")));
        assertNotNull(checksums);
        assertEquals(2, checksums.size());
        assertEquals("a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", checksums.get(service.select("SHA-1")));

    /**
     * Calculates checksums for specified data.
     *
     * @param data        The content for which to calculate checksums, must not be {@code null}.
     * @param algorithms  The checksum algorithms to use, must not be {@code null}.
     * @return The calculated checksums, indexed by algorithms, never {@code null}.

    private final List<Checksum> checksums;
    private final Set<String> trustedPgpKeys;
    private final Set<IgnoredKey> ignoredPgpKeys;
    private final int hashCode;

    public ImmutableArtifactVerificationMetadata(String artifactName, List<Checksum> checksums, Set<String> trustedPgpKeys, Set<IgnoredKey> ignoredPgpKeys) {
        this.artifactName = artifactName;
        this.checksums = ImmutableList.copyOf(checksums);

      - name: Checkout repository for nightly (skipped for releases)
        if: ${{ github.event_name == 'schedule' }}
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          ref: 'nightly'
      - name: Checkout repository
        if: ${{ github.event_name == 'push' }}
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # If this run was triggered by a pull request event, then checkout
    # the head of the pull request instead of the merge commit.

      - name: Checkout repository for nightly (skipped for releases)
        if: ${{ github.event_name == 'schedule' }}
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          ref: 'nightly'
      - name: Checkout repository
        if: ${{ github.event_name == 'push' }}
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

def tests

try {

def osNode = jenkinsEnv.labelForOS(buildOs)
node(jenkinsEnv.nodeSelection(osNode)) {
    dir('build') {
        stage('Checkout') {
            checkout scm
        }

        def WORK_DIR=pwd()
        def MAVEN_GOAL='verify'

        stage('Configure deploy') {
           if (env.BRANCH_NAME in ['master', 'maven-3.8.x', 'maven-3.9.x']){

      - master

  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.22.4

      - name: Checkout repository for nightly (skipped for releases)
        if: ${{ github.event_name == 'schedule' }}
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          ref: 'nightly'
      - name: Checkout repository for releases (skipped for nightly)
        if: ${{ github.event_name == 'push' }}