Bad interaction with gradle pgp signing plugin.

[covers1624]

Gradle's built-in signing plugin allows you to sign your entire publication with a pgp key. This generates .asc companion files for every file in your publication, these also get published.

When marking an access transformer, or interface injection manifest to be published, these files are added to the base java publication.

As a result, the signing plugin creates its companion files directly next to where ever these files exist in your project, src/main/resources/META-INF, in the case of access transformers.

I have created a smol build script to reproduce the issue, Place into the MDK.

This interaction is likely not an issue for most people where their pgp key is only available in CI, however, all my local builds published to mavenLocal, etc, are signed with my pgp key, resulting in nuisance files I have to ignore/gloss over/exclude from jars.

It seems most appropriate if these files are instead copied into the build/libs folder and registered as artifacts from there, somehow.