# An edited file is shown as uncommitted, even if it isn't part of the build.
cp ../../outside/empty.txt ../README
go install
go version -m $GOBIN/a$GOEXE
stdout '^\tbuild\tvcs.modified=true$'
exec git checkout ../README
rm $GOBIN/a$GOEXE

# If the build doesn't include any packages from the repository,
# there should be no VCS info.
go install example.com/cmd/a@v1.0.0
go version -m $GOBIN/a$GOEXE
! stdout vcs.revision

name: Java CI with Maven

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        java-version: '11'
        distribution: 'temurin'
    - name: Build with Maven

 * A checksum consists of a kind (md5, sha1, ...), a value, but also
 * provides <i>alternatives</i>. Alternatives are checksums which are
 * deemed trusted, because sometimes in a single build we can see different
 * checksums for the same module, because they are sourced from different
 * repositories.
 *
 * In theory, this shouldn't be allowed. However, it's often the case that

    - "*.x"
  pull_request:
    branches:
    - master
    - "*.x"
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'temurin'
    - uses: actions/cache@v4
      with:
        path: ~/.m2/repository

          - fastapi
          - fastapi-slim
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.10"
      - name: Install build dependencies
        run: pip install build

            "        <p>You should check if the key is valid, and if so, provide a key server where to download it.</p>");
        registerModal("missing-checksums", "Checksums are missing",
            "        <p>This indicates that the dependency verification file doesn't contain at least one checksum for this artifact.</p>",

# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

FROM coqorg/coq:8.13.2

RUN git clone https://github.com/mit-plv/fiat-crypto && cd fiat-crypto && \
    git checkout 23d2dbc4ab897d14bde4404f70cd6991635f9c01 && \
    git submodule update --init --recursive
RUN cd fiat-crypto && eval $(opam env) && make -j4 standalone-ocaml SKIP_BEDROCK2=1

# https://golang.org/issue/46141: 'go mod tidy' for a Go 1.17 module should by
# default preserve enough checksums for the module to be used by Go 1.16.
#
# We don't have a copy of Go 1.16 handy, but we can simulate it by editing the
# 'go' version in the go.mod file to 1.16, without actually updating the
# requirements to match.

[short] skip

env MODFMT='{{with .Module}}{{.Path}} {{.Version}}{{end}}'

name: reviewdog
on: [pull_request]
jobs:
  golangci-lint:
    name: runner / golangci-lint
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: golangci-lint
        uses: reviewdog/action-golangci-lint@v2

      - name: Setup reviewdog
        uses: reviewdog/action-setup@v1

      - name: gofumpt -s with reviewdog
        env:

   - some signature verification failed. Checksums were generated for those artifacts but you MUST check if there's an actual problem. Look for entries with the following comment: PGP verification failed
"""
    }

    // plugins do not publish signatures so we expect the checksums to be present
    def "writes checksums of plugins using plugins block"() {
        given:
        addPlugin()