From 6d72233f3f09657ee4b1f06920c8257a4fed042d Mon Sep 17 00:00:00 2001 From: micronaut-build <65172877+micronaut-build@users.noreply.github.com> Date: Thu, 9 Jan 2025 12:37:23 +0100 Subject: [PATCH] Sonatype Scan Gradle Plugin (#602) https://github.com/sonatype-nexus-community/scan-gradle-plugin --- .github/renovate.json | 22 +++++++++++++------ .github/workflows/gradle.yml | 7 ++++++ buildSrc/build.gradle | 4 ++++ ...ronaut.build.internal.groovy-module.gradle | 10 +++++++++ gradle/libs.versions.toml | 2 ++ 5 files changed, 38 insertions(+), 7 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index 09c2a598..99eeec10 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,24 +1,32 @@ { "extends": [ - "config:base" + "config:recommended" + ], + "addLabels": [ + "type: dependency-upgrade" ], - "addLabels": ["type: dependency-upgrade"], "schedule": [ - "after 10pm every day" + "after 10pm" ], "prHourlyLimit": 1, "prConcurrentLimit": 20, "timezone": "Europe/Prague", "packageRules": [ { - "matchPackagePatterns": ["actions.*"], "dependencyDashboardApproval": true, - "matchUpdateTypes": ["patch"], + "matchUpdateTypes": [ + "patch" + ], "matchCurrentVersion": "!/^0/", - "automerge": true + "automerge": true, + "matchPackageNames": [ + "/actions.*/" + ] }, { - "matchUpdateTypes": ["patch"], + "matchUpdateTypes": [ + "patch" + ], "matchCurrentVersion": "!/^0/", "automerge": true } diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 571e79a2..32d879ad 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -30,6 +30,8 @@ jobs: PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}" SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }} + OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }} steps: # https://github.com/actions/virtual-environments/issues/709 - name: "🗑 Free disk space" @@ -58,6 +60,11 @@ jobs: run: | [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ] + - name: "🚔 Sonatype Scan" + id: sonatypescan + run: | + ./gradlew ossIndexAudit --no-parallel --info + - name: "🛠 Build with Gradle" id: gradle run: | diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index d358d40f..71956b2e 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -6,3 +6,7 @@ repositories { gradlePluginPortal() mavenCentral() } + +dependencies { + implementation(libs.sonatype.scan) +} diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.groovy-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.groovy-module.gradle index 7f81876f..92a09f56 100644 --- a/buildSrc/src/main/groovy/io.micronaut.build.internal.groovy-module.gradle +++ b/buildSrc/src/main/groovy/io.micronaut.build.internal.groovy-module.gradle @@ -1,6 +1,16 @@ plugins { id 'io.micronaut.build.internal.module' id 'io.micronaut.build.internal.groovy-base' + id("org.sonatype.gradle.plugins.scan") +} +String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"] +String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"] +boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null +if (sonatypePluginConfigured) { + ossIndexAudit { + username = ossIndexUsername + password = ossIndexPassword + } } micronautBuild { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 6d02a9a2..6aae719d 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -6,6 +6,7 @@ micronaut = "4.7.11" micronaut-test = "4.5.0" groovy = "4.0.18" spock = "2.3-groovy-4.0" +sonatype-scan = "3.0.0" [libraries] # Core @@ -14,3 +15,4 @@ micronaut-core = { module = 'io.micronaut:micronaut-core-bom', version.ref = 'mi javaparser = { module = 'com.github.javaparser:javaparser-core', version.ref = 'javaparser' } groovy-test = { module = 'org.apache.groovy:groovy-test', version = '' } +sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }