Skip to content

Commit

Permalink
Sonatype Scan Gradle Plugin (#456)
Browse files Browse the repository at this point in the history
  • Loading branch information
@micronaut-build
micronaut-build authored Jan 15, 2025
1 parent c7792b6 commit 9bc9852
Show file tree
Hide file tree
Showing 11 changed files with 69 additions and 39 deletions.
22 changes: 15 additions & 7 deletions .github/renovate.json
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,32 @@
{
"extends": [
"config:base"
"config:recommended"
],
"addLabels": [
"type: dependency-upgrade"
],
"addLabels": ["type: dependency-upgrade"],
"schedule": [
"after 10pm every day"
"after 10pm"
],
"prHourlyLimit": 1,
"prConcurrentLimit": 20,
"timezone": "Europe/Prague",
"packageRules": [
{
"matchPackagePatterns": ["actions.*"],
"dependencyDashboardApproval": true,
"matchUpdateTypes": ["patch"],
"matchUpdateTypes": [
"patch"
],
"matchCurrentVersion": "!/^0/",
"automerge": true
"automerge": true,
"matchPackageNames": [
"/actions.*/"
]
},
{
"matchUpdateTypes": ["patch"],
"matchUpdateTypes": [
"patch"
],
"matchCurrentVersion": "!/^0/",
"automerge": true
}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/central-sync.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ jobs:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
GPG_FILE: ${{ secrets.GPG_FILE }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
run: |
echo $GPG_FILE | base64 -d > secring.gpg
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
12 changes: 6 additions & 6 deletions .github/workflows/graalvm-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ jobs:
if: github.repository != 'micronaut-projects/micronaut-project-template'
runs-on: ubuntu-latest
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
steps:
Expand All @@ -38,9 +38,9 @@ jobs:
- java: 'latest-ea'
distribution: 'graalvm-community'
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Pre-Build Steps
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/graalvm-latest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ jobs:
if: github.repository != 'micronaut-projects/micronaut-project-template'
runs-on: ubuntu-latest
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
steps:
Expand All @@ -38,9 +38,9 @@ jobs:
java: ['17', '21']
native_test_task: ${{ fromJson(needs.build_matrix.outputs.matrix).native_test_task }}
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Pre-Build Steps
Expand Down
13 changes: 10 additions & 3 deletions .github/workflows/gradle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,17 @@ jobs:
matrix:
java: ['17', '21']
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
GH_USERNAME: ${{ secrets.GH_USERNAME }}
TESTCONTAINERS_RYUK_DISABLED: true
PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}
steps:
# https://github.com/actions/virtual-environments/issues/709
- name: "🗑 Free disk space"
Expand Down Expand Up @@ -58,6 +60,11 @@ jobs:
run: |
[ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
- name: "🚔 Sonatype Scan"
id: sonatypescan
run: |
./gradlew ossIndexAudit --no-parallel --info
- name: "🛠 Build with Gradle"
id: gradle
run: |
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/publish-snapshot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
run: ./gradlew publishToSonatype --no-daemon
18 changes: 9 additions & 9 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ jobs:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
GPG_FILE: ${{ secrets.GPG_FILE }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
run: |
echo $GPG_FILE | base64 -d > secring.gpg
# Publish both locally and to Sonatype.
Expand Down Expand Up @@ -80,9 +80,9 @@ jobs:
- name: Generate docs
run: ./gradlew docs
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
GH_USERNAME: ${{ secrets.GH_USERNAME }}
- name: Export Gradle Properties
Expand All @@ -97,9 +97,9 @@ jobs:
FOLDER: build/docs
VERSION: ${{ steps.release_version.outputs.release_version }}
TARGET_REPOSITORY: ${{ github.repository == 'micronaut-projects/micronaut-core' && env.docsRepository || github.repository }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
- name: Run post-release
if: success()
uses: micronaut-projects/github-actions/post-release@master
Expand Down
1 change: 1 addition & 0 deletions buildSrc/build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,5 @@ dependencies {
implementation (libs.gradle.kotlin.allopen)
implementation (libs.gradle.kotlin.noarg)
implementation (libs.micronaut.gradle.plugin)
implementation(libs.sonatype.scan)
}
13 changes: 13 additions & 0 deletions buildSrc/src/main/groovy/io.micronaut.build.internal.mqtt-module.gradle
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
plugins {
id "io.micronaut.build.internal.mqtt-base"
id "io.micronaut.build.internal.module"
id("org.sonatype.gradle.plugins.scan")
}
String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"]
String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"]
boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null
if (sonatypePluginConfigured) {
ossIndexAudit {
username = ossIndexUsername
password = ossIndexPassword
excludeCoordinates = [
"org.bouncycastle:bcprov-jdk15on:1.70" // no version patched https://ossindex.sonatype.org/component/pkg:maven/org.bouncycastle/bcprov-jdk15on
]
}
}

dependencies {
Expand Down
2 changes: 2 additions & 0 deletions gradle/libs.versions.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ micronaut-serde = "2.13.0"
micronaut-test = "4.4.0"
micronaut-test-resources="2.7.2"
micronaut-validation = "4.8.0"
sonatype-scan = "3.0.0"

[libraries]
# Core
Expand All @@ -43,4 +44,5 @@ gradle-kotlin-allopen = { module = "org.jetbrains.kotlin:kotlin-allopen", versio
gradle-kotlin-noarg = { module = "org.jetbrains.kotlin:kotlin-noarg", version.ref = "kotlin" }

micronaut-gradle-plugin = { module = "io.micronaut.gradle:micronaut-gradle-plugin", version.ref="micronaut-gradle-plugin" }
sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }

3 changes: 1 addition & 2 deletions gradlew
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,7 @@ done
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
' "$PWD" ) || exit
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
Expand Down

0 comments on commit 9bc9852

Please sign in to comment.