today I met the following situation:
- Publish artifact with non-snapshot version to artifactory maven repository
- When I publish it again using maven-publish gradle plugin it gives me 403 back which is ok, but
- When I publish the same artifact to same repo using
id("com.jfrog.artifactory") version "4.24.20"gradle plugin it overwrites an artifact (and I can see updated last-modified time for it)
User's permissions for this repository are
- Read
- Annotate
- Deploy/Cache
Am I missing something, or it really shouldn't work this way?
CodePudding user response:
Seems due to a known issue RTFACT-26398 where plugin uses same rest call.
CodePudding user response:
Adding to @sankar-dunga's answer:
The plugin uses a Checksum Deploy mechanism. This feature allows accelerating uploads by skipping uploading files that already exist in Artifactory. The artifact does not really getting overridden, but only its timestamp changes - you can't change or delete an artifact without overwrite/delete permissions.
If you want to disable this feature you can set minChecksumDeploySizeKb to 0:
artifactoryPublish {
clientConfig.publisher.minChecksumDeploySizeKb = 0
}
For more information: