Merge branch 'develop'

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+
+updates:
+
+  # ================================
+  # UPDATE GRADLE DEPENDENCIES
+  # ================================
+  - package-ecosystem: gradle
+    directory: /
+    target-branch: develop
+    schedule:
+        interval: weekly
+
+  # ================================
+  # UPDATE GITHUB ACTIONS
+  # ================================
+  - package-ecosystem: github-actions
+    directory: /
+    target-branch: develop
+    schedule:
+        interval: weekly

.github/workflows/build.yml

@@ -40,6 +40,13 @@ jobs:
         # Fetch all history for all tags and branches (recommended by SonarQube)
         fetch-depth: 0
 
+    # ================================
+    # VALIDATE GRADLE WRAPPER
+    # ================================
+    - name: Validate Gradle Wrapper files
+      if: ${{ matrix.jdk == 21 }}
+      uses: gradle/actions/wrapper-validation@v3
+
     # ================================
     # SET UP JDK
     # ================================
@@ -51,56 +58,77 @@ jobs:
         java-version: ${{ matrix.jdk }}
 
     # ================================
-    # CACHE SONARCLOUD PACKAGES
+    # SET UP GRADLE
     # ================================
-    - name: Cache SonarCloud packages
-      uses: actions/cache@v4
+    - name: Set up Gradle
+      uses: gradle/actions/setup-gradle@v3
       with:
-        key: ${{ runner.os }}-sonar
-        path: |
-          ~/.sonar/cache
-        restore-keys: |
-          ${{ runner.os }}-sonar
+        build-scan-publish: true
+        build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
+        build-scan-terms-of-use-agree: "yes"
+        cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
 
     # ================================
-    # SETUP GRADLE
+    # EXPORT GRADLE PROPERTIES
     # ================================
-    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+    - name: Export Gradle properties
+      id: properties
+      uses: guillermocalvo/gradle-properties@v3
       with:
-        cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
+        output_file: ${{ github.output }}
+        export: version,previousVersion
 
     # ================================
     # BUILD
     # ================================
-    - name: Build
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        arguments: build -x check --info --scan
+    - name: Build version ${{ steps.properties.outputs.version }}
+      run: ./gradlew build -x check --info
 
     # ================================
     # CHECK
     # ================================
     - name: Check
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        arguments: check --info --scan
+      run: ./gradlew check --info
 
     # ================================
     # COMPATIBILITY REPORT
     # ================================
-    - name: Compatibility report
+    - name: Compatibility with version ${{ steps.properties.outputs.previousVersion }}
+      if: ${{ matrix.jdk == 21 }}
       run: cat ./api-compatibility/build/report.txt >> $GITHUB_STEP_SUMMARY
 
     # ================================
-    # ANALYZE
+    # CACHE SONARCLOUD PACKAGES
+    # ================================
+    - name: Cache SonarCloud packages
+      if: ${{ matrix.jdk == 21 }}
+      uses: actions/cache@v4
+      with:
+        key: ${{ runner.os }}-sonar
+        path: |
+          ~/.sonar/cache
+        restore-keys: |
+          ${{ runner.os }}-sonar
+
+    # ================================
+    # ANALYZE WITH SONARCLOUD
     # ================================
-    - name: Analyze
+    - name: Analyze with SonarCloud
       if: ${{ matrix.jdk == 21 }}
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         SONAR_HOST_URL: https://sonarcloud.io
         SONAR_ORGANIZATION: leakyabstractions
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        arguments: sonarqube --info --scan
+      run: ./gradlew sonarqube --info
+
+    # ================================
+    # PUBLISH SNAPSHOT
+    # ================================
+    - name: Publish snapshot version ${{ steps.properties.outputs.version }}
+      if: ${{ matrix.jdk == 21 && github.event_name == 'push' && github.ref_name == github.event.repository.default_branch && endsWith(steps.properties.outputs.version, '-SNAPSHOT') }}
+      env:
+        ORG_GRADLE_PROJECT_githubUsername: ${{ secrets.PUBLISH_USERNAME }}
+        ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.PUBLISH_PASSWORD }}
+        ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }}
+        ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
+      run: ./gradlew publish -Psnapshot --info

.github/workflows/codeql.yml

@@ -0,0 +1,49 @@
+
+# Discover vulnerabilities with CodeQL
+name: CodeQL
+
+on:
+  push:
+    branches:
+    - main
+    - develop
+  pull_request:
+    branches:
+    - main
+    - develop
+  schedule:
+    - cron: '0 8 * * 0'
+
+jobs:
+  analyze:
+
+    name: Analyze Java
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+
+    steps:
+
+    # ================================
+    # SHALLOW CLONE
+    # ================================
+    - name: Shallow clone
+      uses: actions/checkout@v4
+
+    # ================================
+    # SET UP CODEQL
+    # ================================
+    - name: Set up CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: java-kotlin
+        build-mode: none
+
+    # ================================
+    # ANALYZE
+    # ================================
+    - name: Analyze with CodeQL
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:java-kotlin"

.github/workflows/dependencies.yml

@@ -0,0 +1,41 @@
+
+# Submit dependencies
+name: Dependencies
+
+on:
+  push:
+    branches:
+    - main
+
+permissions:
+  contents: write
+
+jobs:
+  dependencies:
+
+    name: Submit dependencies
+    runs-on: ubuntu-latest
+
+    steps:
+
+    # ================================
+    # SHALLOW CLONE
+    # ================================
+    - name: Shallow clone
+      uses: actions/checkout@v4
+
+    # ================================
+    # SET UP JDK
+    # ================================
+    - name: Set up JDK
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'zulu'
+        java-package: jdk
+        java-version: 21
+
+    # ================================
+    # SUBMIT DEPENDENCIES
+    # ================================
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v3

.github/workflows/release.yml

@@ -7,7 +7,7 @@ on:
     tags: ['[0-9]+.[0-9]+.[0-9]+.[0-9]+*']
 
 jobs:
-  build:
+  publish:
 
     name: Publish
     runs-on: ubuntu-latest
@@ -31,10 +31,14 @@ jobs:
         java-version: 21
 
     # ================================
-    # CREATE RELEASE
+    # SET UP GRADLE
     # ================================
-    - name: Create Release
-      uses: softprops/action-gh-release@v1
+    - name: Set up Gradle
+      uses: gradle/actions/setup-gradle@v3
+      with:
+        build-scan-publish: true
+        build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
+        build-scan-terms-of-use-agree: "yes"
 
     # ================================
     # PUBLISH
@@ -48,9 +52,7 @@ jobs:
         ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }}
         ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
         ORG_GRADLE_PROJECT_sonatypeStagingProfileId: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }}
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        arguments: publish -Prelease --info --scan
+      run: ./gradlew publish -Prelease --info
 
     # ================================
     # PUBLISH JAVADOC
@@ -65,3 +67,9 @@ jobs:
         git status
         git commit --message "Publish Javadoc to GitHub Pages"
         git push origin HEAD:main
+
+    # ================================
+    # CREATE RELEASE
+    # ================================
+    - name: Create Release
+      uses: softprops/action-gh-release@v2

.github/workflows/update-gradle-wrapper.yml

@@ -0,0 +1,32 @@
+
+# Schedule Gradle Wrapper updates
+name: Update Gradle Wrapper
+
+on:
+  schedule:
+    - cron: "0 8 * * *"
+  workflow_dispatch:
+
+jobs:
+  update-gradle-wrapper:
+
+    name: Update Gradle Wrapper
+    runs-on: ubuntu-latest
+
+    steps:
+
+    # ================================
+    # SHALLOW CLONE
+    # ================================
+    - name: Shallow clone
+      uses: actions/checkout@v4
+
+    # ================================
+    # UPDATE GRADLE WRAPPER
+    # ================================
+    - name: Update Gradle Wrapper
+      uses: gradle-update/update-gradle-wrapper-action@v1
+      with:
+        release-channel: stable
+        base-branch: main
+        target-branch: develop

build.gradle

@@ -19,20 +19,3 @@ if (project.hasProperty('sonatypeUsername') && project.hasProperty('sonatypePass
         }
     }
 }
-
-if (hasProperty('buildScan')) {
-    buildScan {
-        termsOfServiceUrl = 'https://gradle.com/terms-of-service'
-        termsOfServiceAgree = 'yes'
-    }
-}
-
-/**
- * Print project property by key
- * - Usage: `./gradlew -q printProperty -Pkey=description`
- */
-task printProperty {
-    doLast {
-        printf project[project.key]
-    }
-}