Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ updates:
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "monthly"
interval: "weekly"
open-pull-requests-limit: 10
groups:
test:
Expand Down
23 changes: 15 additions & 8 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:

jobs:
build-and-release:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions:
contents: write

Expand All @@ -26,8 +26,9 @@ jobs:
env:
VERSION: ${{ steps.get_version.outputs.VERSION }}
run: |
echo "version=$VERSION" > gradle.properties
echo "gradle.properties criado:"
# Version an bestehendes gradle.properties anhängen (nicht überschreiben)
echo "version=$VERSION" >> gradle.properties
echo "gradle.properties updated:"
cat gradle.properties

- name: Set up JDK 17
Expand All @@ -44,7 +45,7 @@ jobs:
run: ./gradlew specsValidation

- name: Build with Gradle
run: ./gradlew build
run: ./gradlew build --write-verification-metadata sha256

- name: Validate Maven Central credentials
run: |
Expand All @@ -60,23 +61,26 @@ jobs:
run: curl --version

- name: Publish to Maven Central
run: ./gradlew publishToMavenCentral
run: ./gradlew publishToMavenCentral --write-verification-metadata sha256
env:
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

- name: Generate SBOM
run: ./gradlew cyclonedxBom

- name: Update README version
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
sed -i "s/jtoon:[0-9]\+\.[0-9]\+\.[0-9]\+/jtoon:$VERSION/g" README.md
sed -i "s/<version>[0-9]\+\.[0-9]\+\.[0-9]\+<\/version>/<version>$VERSION<\/version>/g" README.md

- name: Commit README changes
- name: Commit README and verification metadata changes
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add README.md build.gradle
git add README.md build.gradle gradle/verification-metadata.xml
git diff --staged --quiet || git commit -m "docs: update version to ${{ steps.get_version.outputs.VERSION }} in README"
git push origin main
env:
Expand All @@ -85,7 +89,9 @@ jobs:
- name: Create GitHub Release
uses: softprops/action-gh-release@v3.0.1
with:
files: build/libs/*.jar
files: |
build/libs/*.jar
build/reports/jtoon-bom.json
generate_release_notes: true
draft: false
prerelease: ${{ contains(steps.get_version.outputs.VERSION, '-') }}
Expand Down Expand Up @@ -113,4 +119,5 @@ jobs:
path: |
build/libs/*.jar
build/reports/tests/test/
build/reports/jtoon-bom.json
retention-days: 30
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,9 @@ bin/
### Mac OS ###
.DS_Store
/.idea/

### Secrets & Logs ###
*.log
*.pem
*.key
*.env
16 changes: 16 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ plugins {
id 'com.github.spotbugs' version '6.5.8'
id 'pmd'
id 'checkstyle'
id 'org.owasp.dependencycheck' version '12.2.2'
id 'org.cyclonedx.bom' version '3.2.4'
id 'info.solidsoft.pitest' version '1.19.0'
}

Expand Down Expand Up @@ -57,6 +59,7 @@ spotbugs {
}

tasks.spotbugsMain {
ignoreFailures = false
reports {
html {
required = true
Expand Down Expand Up @@ -114,6 +117,19 @@ checkstyle {
ignoreFailures = true
}

dependencyCheck {
skip = System.getenv('CI') == 'true'
formats = ['HTML', 'XML']
suppressionFile = file('dependency-check-suppressions.xml')
skipTestGroups = false // include test dependencies in analysis
}

tasks.cyclonedxBom {
projectType = 'library'
jsonOutput.set(file("build/reports/jtoon-bom.json"))
xmlOutput.unsetConvention()
}

tasks.checkstyleMain {
reports {
xml.required = true
Expand Down
3 changes: 3 additions & 0 deletions dependency-check-suppressions.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
</suppressions>
10 changes: 10 additions & 0 deletions gradle.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# ---- Build Performance ----
org.gradle.configuration-cache=true
org.gradle.caching=true
org.gradle.parallel=true
org.gradle.daemon=true
org.gradle.jvmargs=-Xmx2048m -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8

# ---- Reproducible Builds ----
# Remove build time from JAR manifests for bit-identical outputs
systemProp.org.gradle.internal.launcher.welcomeMessageEnabled=false
5 changes: 1 addition & 4 deletions gradle/publishing.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,7 @@ tasks.register('publishToMavenCentral') {

println "Uploading bundle to Maven Central Portal..."
println "Bundle file: ${bundleFile.absolutePath} (${bundleFile.length()} bytes)"
println "Token length: ${token.length()} characters"
println "Token starts with: ${token.take(15)}..."
println "Token ends with: ...${token.takeRight(15)}"


// Create a temporary file to capture the response
def responseFile = File.createTempFile("maven-central-response", ".json")
responseFile.deleteOnExit()
Expand Down
Loading
Loading