Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sonatype Scan Gradle Plugin #500

Merged
merged 2 commits into from
Jan 15, 2025
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Update common files
micronaut-build committed Jan 14, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 715e9617e74a130307680908cf8be7d06d3eac9a
22 changes: 15 additions & 7 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -1,24 +1,32 @@
{
"extends": [
"config:base"
"config:recommended"
],
"addLabels": [
"type: dependency-upgrade"
],
"addLabels": ["type: dependency-upgrade"],
"schedule": [
"after 10pm every day"
"after 10pm"
],
"prHourlyLimit": 1,
"prConcurrentLimit": 20,
"timezone": "Europe/Prague",
"packageRules": [
{
"matchPackagePatterns": ["actions.*"],
"dependencyDashboardApproval": true,
"matchUpdateTypes": ["patch"],
"matchUpdateTypes": [
"patch"
],
"matchCurrentVersion": "!/^0/",
"automerge": true
"automerge": true,
"matchPackageNames": [
"/actions.*/"
]
},
{
"matchUpdateTypes": ["patch"],
"matchUpdateTypes": [
"patch"
],
"matchCurrentVersion": "!/^0/",
"automerge": true
}
6 changes: 3 additions & 3 deletions .github/workflows/central-sync.yml
Original file line number Diff line number Diff line change
@@ -31,9 +31,9 @@ jobs:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
GPG_FILE: ${{ secrets.GPG_FILE }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
run: |
echo $GPG_FILE | base64 -d > secring.gpg
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
12 changes: 6 additions & 6 deletions .github/workflows/graalvm-dev.yml
Original file line number Diff line number Diff line change
@@ -12,9 +12,9 @@ jobs:
if: github.repository != 'micronaut-projects/micronaut-project-template'
runs-on: ubuntu-latest
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
steps:
@@ -38,9 +38,9 @@ jobs:
- java: 'latest-ea'
distribution: 'graalvm-community'
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Pre-Build Steps
12 changes: 6 additions & 6 deletions .github/workflows/graalvm-latest.yml
Original file line number Diff line number Diff line change
@@ -18,9 +18,9 @@ jobs:
if: github.repository != 'micronaut-projects/micronaut-project-template'
runs-on: ubuntu-latest
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
steps:
@@ -38,9 +38,9 @@ jobs:
java: ['17', '21']
native_test_task: ${{ fromJson(needs.build_matrix.outputs.matrix).native_test_task }}
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Pre-Build Steps
17 changes: 12 additions & 5 deletions .github/workflows/gradle.yml
Original file line number Diff line number Diff line change
@@ -21,15 +21,17 @@ jobs:
matrix:
java: ['17', '21']
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
GH_USERNAME: ${{ secrets.GH_USERNAME }}
TESTCONTAINERS_RYUK_DISABLED: true
PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}
steps:
# https://github.com/actions/virtual-environments/issues/709
- name: "🗑 Free disk space"
@@ -58,6 +60,11 @@ jobs:
run: |
[ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]

- name: "🚔 Sonatype Scan"
id: sonatypescan
run: |
./gradlew ossIndexAudit --no-parallel --info

- name: "🛠 Build with Gradle"
id: gradle
run: |
@@ -70,15 +77,15 @@ jobs:

- name: "📊 Publish Test Report"
if: always()
uses: mikepenz/action-junit-report@v4
uses: mikepenz/action-junit-report@v5
with:
check_name: Java CI / Test Report (${{ matrix.java }})
report_paths: '**/build/test-results/test/TEST-*.xml'
check_retries: 'true'

- name: "📜 Upload binary compatibility check results"
if: matrix.java == '17'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: binary-compatibility-reports
path: "**/build/reports/binary-compatibility-*.html"
6 changes: 3 additions & 3 deletions .github/workflows/publish-snapshot.yml
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ jobs:
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
run: ./gradlew publishToSonatype --no-daemon
26 changes: 13 additions & 13 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -40,9 +40,9 @@ jobs:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
GPG_FILE: ${{ secrets.GPG_FILE }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
run: |
echo $GPG_FILE | base64 -d > secring.gpg
# Publish both locally and to Sonatype.
@@ -66,23 +66,23 @@ jobs:
# Store the hash in a file, which is uploaded as a workflow artifact.
sha256sum $ARTIFACTS | base64 -w0 > artifacts-sha256
- name: Upload build artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: gradle-build-outputs
path: build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/*
retention-days: 5
- name: Upload artifacts-sha256
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: artifacts-sha256
path: artifacts-sha256
retention-days: 5
- name: Generate docs
run: ./gradlew docs
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
GH_USERNAME: ${{ secrets.GH_USERNAME }}
- name: Export Gradle Properties
@@ -97,9 +97,9 @@ jobs:
FOLDER: build/docs
VERSION: ${{ steps.release_version.outputs.release_version }}
TARGET_REPOSITORY: ${{ github.repository == 'micronaut-projects/micronaut-core' && env.docsRepository || github.repository }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
- name: Run post-release
if: success()
uses: micronaut-projects/github-actions/post-release@master
@@ -146,7 +146,7 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
@@ -160,6 +160,6 @@ jobs:
- name: Upload assets
# Upload the artifacts to the existing release. Note that the SLSA provenance will
# attest to each artifact file and not the aggregated ZIP file.
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
with:
files: artifacts.zip
2 changes: 1 addition & 1 deletion gradle/wrapper/gradle-wrapper.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
3 changes: 1 addition & 2 deletions gradlew
Original file line number Diff line number Diff line change
@@ -86,8 +86,7 @@ done
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
' "$PWD" ) || exit
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum