with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

      # Upload the results to GitHub's code scanning dashboard (optional).
      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
        with:

name: "Code scanning - action"

on:
  push:
    branches: [ main, master, release ]
  schedule:
    - cron: '0 5 * * *'

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

tasks.withType<Sign>().configureEach { isEnabled = signArtifacts }

signing {
    useInMemoryPgpKeys(
        project.providers.environmentVariable("PGP_SIGNING_KEY").orNull,
        project.providers.environmentVariable("PGP_SIGNING_KEY_PASSPHRASE").orNull
    )
    publishing.publications.configureEach {
        if (signArtifacts) {
            signing.sign(this)
        }
    }
}

fun configureJavadocVariant() {

			di.UsedSpace = info.Used
			di.AvailableSpace = info.Free
			di.UUID = info.ID
			di.Major = info.Major
			di.Minor = info.Minor
			di.RootDisk = info.RootDisk
			di.Healing = info.Healing
			di.Scanning = info.Scanning
			di.State = diskErrToDriveState(err)
			di.FreeInodes = info.FreeInodes
			di.UsedInodes = info.UsedInodes
			if hi := disks[index].Healing(); hi != nil {
				hd := hi.toHealingDisk()

	jwtgo "github.com/golang-jwt/jwt/v4"
	jsoniter "github.com/json-iterator/go"
	"github.com/minio/minio/internal/bpool"
)

// SigningMethodHMAC - Implements the HMAC-SHA family of signing methods signing methods
// Expects key type of []byte for both signing and validation
type SigningMethodHMAC struct {
	Name       string
	Hash       crypto.Hash
	HasherPool bpool.Pool[hash.Hash]
}

// Specific instances for HS256, HS384, HS512

        Files.writeString(userExtensions, userExtensionsXml);

        assertThrows(InvokerException.class, () -> invoke(cwd, userHome, List.of("validate"), List.of()));
    }

    /**
     * In case of conflict spanning different sources, precedence is applied: project > user > installation.
     */
    @Test
    void conflictingExtensionsFromDifferentSource(
            @TempDir(cleanup = CleanupMode.ON_SUCCESS) Path cwd,

	stringToSign := alg +
		cr.seedDate.Format(iso8601Format) + "\n" +
		getScope(cr.seedDate, cr.region) + "\n" +
		cr.seedSignature + "\n" +
		emptySHA256 + "\n" +
		hashedChunk

	// Get hmac signing key.
	signingKey := getSigningKey(cr.cred.SecretKey, cr.seedDate, cr.region, serviceS3)

	// Calculate signature.
	newSignature := getSignature(signingKey, stringToSign)

	return newSignature
}

# Signing key for Gradle artifacts

Below is the public PGP key used to sign all Gradle artifacts.

The key ID is `E2F38302C8075E3D` and its fingerprint is `1BD97A6A154E7810EE0BC832E2F38302C8075E3D`.
You can also find the key in the [Gradle website](https://gradle.org/keys/) and on [public key servers](https://keys.openpgp.org/search?q=maven-publishing%40gradle.com).

## Verification instructions

### Importing the key

### Fixing DCO failures/Signing Off Commits After Submitting a Pull Request

    "path": "platforms/core-runtime/service-registry-impl",
    "unitTests": true,
    "functionalTests": false,
    "crossVersionTests": false
  },
  {
    "name": "signing",
    "path": "platforms/software/signing",
    "unitTests": true,
    "functionalTests": true,
    "crossVersionTests": false
  },
  {
    "name": "smoke-ide-test",
    "path": "testing/smoke-ide-test",