diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c71a673 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +version: 2 + +updates: + + # ================================ + # UPDATE GRADLE DEPENDENCIES + # ================================ + - package-ecosystem: gradle + directory: / + target-branch: develop + schedule: + interval: weekly + + # ================================ + # UPDATE GITHUB ACTIONS + # ================================ + - package-ecosystem: github-actions + directory: / + target-branch: develop + schedule: + interval: weekly diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3f86ff5..001e6a7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,6 +40,13 @@ jobs: # Fetch all history for all tags and branches (recommended by SonarQube) fetch-depth: 0 + # ================================ + # VALIDATE GRADLE WRAPPER + # ================================ + - name: Validate Gradle Wrapper files + if: ${{ matrix.jdk == 21 }} + uses: gradle/actions/wrapper-validation@v3 + # ================================ # SET UP JDK # ================================ @@ -51,56 +58,77 @@ jobs: java-version: ${{ matrix.jdk }} # ================================ - # CACHE SONARCLOUD PACKAGES + # SET UP GRADLE # ================================ - - name: Cache SonarCloud packages - uses: actions/cache@v4 + - name: Set up Gradle + uses: gradle/actions/setup-gradle@v3 with: - key: ${{ runner.os }}-sonar - path: | - ~/.sonar/cache - restore-keys: | - ${{ runner.os }}-sonar + build-scan-publish: true + build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use" + build-scan-terms-of-use-agree: "yes" + cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} # ================================ - # SETUP GRADLE + # EXPORT GRADLE PROPERTIES # ================================ - - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + - name: Export Gradle properties + id: properties + uses: guillermocalvo/gradle-properties@v3 with: - cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} + output_file: ${{ github.output }} + export: version,previousVersion # ================================ # BUILD # ================================ - - name: Build - uses: gradle/actions/setup-gradle@v3 - with: - arguments: build -x check --info --scan + - name: Build version ${{ steps.properties.outputs.version }} + run: ./gradlew build -x check --info # ================================ # CHECK # ================================ - name: Check - uses: gradle/actions/setup-gradle@v3 - with: - arguments: check --info --scan + run: ./gradlew check --info # ================================ # COMPATIBILITY REPORT # ================================ - - name: Compatibility report + - name: Compatibility with version ${{ steps.properties.outputs.previousVersion }} + if: ${{ matrix.jdk == 21 }} run: cat ./api-compatibility/build/report.txt >> $GITHUB_STEP_SUMMARY # ================================ - # ANALYZE + # CACHE SONARCLOUD PACKAGES + # ================================ + - name: Cache SonarCloud packages + if: ${{ matrix.jdk == 21 }} + uses: actions/cache@v4 + with: + key: ${{ runner.os }}-sonar + path: | + ~/.sonar/cache + restore-keys: | + ${{ runner.os }}-sonar + + # ================================ + # ANALYZE WITH SONARCLOUD # ================================ - - name: Analyze + - name: Analyze with SonarCloud if: ${{ matrix.jdk == 21 }} env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: https://sonarcloud.io SONAR_ORGANIZATION: leakyabstractions - uses: gradle/actions/setup-gradle@v3 - with: - arguments: sonarqube --info --scan + run: ./gradlew sonarqube --info + + # ================================ + # PUBLISH SNAPSHOT + # ================================ + - name: Publish snapshot version ${{ steps.properties.outputs.version }} + if: ${{ matrix.jdk == 21 && github.event_name == 'push' && github.ref_name == github.event.repository.default_branch && endsWith(steps.properties.outputs.version, '-SNAPSHOT') }} + env: + ORG_GRADLE_PROJECT_githubUsername: ${{ secrets.PUBLISH_USERNAME }} + ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.PUBLISH_PASSWORD }} + ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }} + ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} + run: ./gradlew publish -Psnapshot --info diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..bb53cbb --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,49 @@ + +# Discover vulnerabilities with CodeQL +name: CodeQL + +on: + push: + branches: + - main + - develop + pull_request: + branches: + - main + - develop + schedule: + - cron: '0 8 * * 0' + +jobs: + analyze: + + name: Analyze Java + runs-on: ubuntu-latest + timeout-minutes: 360 + permissions: + security-events: write + + steps: + + # ================================ + # SHALLOW CLONE + # ================================ + - name: Shallow clone + uses: actions/checkout@v4 + + # ================================ + # SET UP CODEQL + # ================================ + - name: Set up CodeQL + uses: github/codeql-action/init@v3 + with: + languages: java-kotlin + build-mode: none + + # ================================ + # ANALYZE + # ================================ + - name: Analyze with CodeQL + uses: github/codeql-action/analyze@v3 + with: + category: "/language:java-kotlin" diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml new file mode 100644 index 0000000..6f81579 --- /dev/null +++ b/.github/workflows/dependencies.yml @@ -0,0 +1,41 @@ + +# Submit dependencies +name: Dependencies + +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + dependencies: + + name: Submit dependencies + runs-on: ubuntu-latest + + steps: + + # ================================ + # SHALLOW CLONE + # ================================ + - name: Shallow clone + uses: actions/checkout@v4 + + # ================================ + # SET UP JDK + # ================================ + - name: Set up JDK + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-package: jdk + java-version: 21 + + # ================================ + # SUBMIT DEPENDENCIES + # ================================ + - name: Generate and submit dependency graph + uses: gradle/actions/dependency-submission@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5c3bfe2..3a9e17c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ on: tags: ['[0-9]+.[0-9]+.[0-9]+.[0-9]+*'] jobs: - build: + publish: name: Publish runs-on: ubuntu-latest @@ -31,10 +31,14 @@ jobs: java-version: 21 # ================================ - # CREATE RELEASE + # SET UP GRADLE # ================================ - - name: Create Release - uses: softprops/action-gh-release@v1 + - name: Set up Gradle + uses: gradle/actions/setup-gradle@v3 + with: + build-scan-publish: true + build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use" + build-scan-terms-of-use-agree: "yes" # ================================ # PUBLISH @@ -48,9 +52,7 @@ jobs: ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }} ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} ORG_GRADLE_PROJECT_sonatypeStagingProfileId: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} - uses: gradle/actions/setup-gradle@v3 - with: - arguments: publish -Prelease --info --scan + run: ./gradlew publish -Prelease --info # ================================ # PUBLISH JAVADOC @@ -65,3 +67,9 @@ jobs: git status git commit --message "Publish Javadoc to GitHub Pages" git push origin HEAD:main + + # ================================ + # CREATE RELEASE + # ================================ + - name: Create Release + uses: softprops/action-gh-release@v2 diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml deleted file mode 100644 index a3fd363..0000000 --- a/.github/workflows/snapshot.yml +++ /dev/null @@ -1,53 +0,0 @@ - -# Publish a Snapshot Release -name: Snapshot - -on: - push: - branches: - - 'main' - -jobs: - build: - - name: Publish snapshot - runs-on: ubuntu-latest - - steps: - - # ================================ - # SHALLOW CLONE - # ================================ - - name: Shallow clone - uses: actions/checkout@v4 - - # ================================ - # SET UP JDK - # ================================ - - name: Set up JDK - uses: actions/setup-java@v4 - with: - distribution: 'zulu' - java-package: jdk - java-version: 21 - - # ================================ - # GET CURRENT VERSION - # ================================ - - name: Get current version - id: properties - run: echo "version=`./gradlew -q printProperty -Pkey=version`" >> $GITHUB_OUTPUT - - # ================================ - # PUBLISH - # ================================ - - name: Publish snapshot - if: endsWith(steps.properties.outputs.version, '-SNAPSHOT') - env: - ORG_GRADLE_PROJECT_githubUsername: ${{ secrets.PUBLISH_USERNAME }} - ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.PUBLISH_PASSWORD }} - ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }} - ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} - uses: gradle/actions/setup-gradle@v3 - with: - arguments: publish -Psnapshot --info --scan diff --git a/.github/workflows/update-gradle-wrapper.yml b/.github/workflows/update-gradle-wrapper.yml new file mode 100644 index 0000000..bd17b96 --- /dev/null +++ b/.github/workflows/update-gradle-wrapper.yml @@ -0,0 +1,32 @@ + +# Schedule Gradle Wrapper updates +name: Update Gradle Wrapper + +on: + schedule: + - cron: "0 8 * * *" + workflow_dispatch: + +jobs: + update-gradle-wrapper: + + name: Update Gradle Wrapper + runs-on: ubuntu-latest + + steps: + + # ================================ + # SHALLOW CLONE + # ================================ + - name: Shallow clone + uses: actions/checkout@v4 + + # ================================ + # UPDATE GRADLE WRAPPER + # ================================ + - name: Update Gradle Wrapper + uses: gradle-update/update-gradle-wrapper-action@v1 + with: + release-channel: stable + base-branch: main + target-branch: develop diff --git a/build.gradle b/build.gradle index c912927..030dd85 100644 --- a/build.gradle +++ b/build.gradle @@ -19,20 +19,3 @@ if (project.hasProperty('sonatypeUsername') && project.hasProperty('sonatypePass } } } - -if (hasProperty('buildScan')) { - buildScan { - termsOfServiceUrl = 'https://gradle.com/terms-of-service' - termsOfServiceAgree = 'yes' - } -} - -/** - * Print project property by key - * - Usage: `./gradlew -q printProperty -Pkey=description` - */ -task printProperty { - doLast { - printf project[project.key] - } -} diff --git a/gradle.properties b/gradle.properties index e17d4a3..7ddb083 100644 --- a/gradle.properties +++ b/gradle.properties @@ -3,9 +3,9 @@ description = Result Library for Java group = com.leakyabstractions artifactName = Result Library artifactId = result -version = 0.15.0.1 +version = 0.15.1.0-SNAPSHOT -previousVersion = 0.15.0.0 +previousVersion = 0.15.0.1 homepage = https://dev.leakyabstractions.com/result/ githubId = leakyabstractions/result repository = https://github.com/leakyabstractions/result @@ -27,6 +27,3 @@ developerEmail = guillermo@guillermo.dev sonarProjectName= result sonarProjectKey = LeakyAbstractions_result - -# Suppress Sonar warning (this behavior will be removed in version 5.x) -systemProp.sonar.gradle.skipCompile=true diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index c2652de..34b1f95 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -4,9 +4,9 @@ google-java-format = "1.19.2" jacoco = "0.8.10" japicmp = "0.4.2" junit = "5.10.2" -nexus-publish = "2.0.0-rc-2" -result-api = "0.1.0.3" -sonarqube = "4.4.1.3373" +nexus-publish = "2.0.0" +result-api = "0.1.0.4" +sonarqube = "5.0.0.4638" spotless = "6.25.0" [libraries]