-
Notifications
You must be signed in to change notification settings - Fork 1
/
build.gradle
133 lines (110 loc) · 3.78 KB
/
build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask
plugins {
id 'org.springframework.boot' version "${springBootVersion}"
id 'java'
id 'idea'
id "org.cyclonedx.bom" version "1.7.4"
id "org.owasp.dependencycheck" version "8.4.0"
id "com.github.ben-manes.versions" version "0.49.0"
}
apply plugin: 'io.spring.dependency-management'
group = 'de.novatec'
version = '2.2'
java {
sourceCompatibility = '17'
}
repositories {
mavenCentral()
}
// We only use snakeyaml transitively, but we want to force the
// current version due to existing CVEs.
// According to https://github.com/spring-projects/spring-boot/issues/34405
// this is a safe
ext['snakeyaml.version'] = '2.0'
dependencies {
annotationProcessor(
"org.projectlombok:lombok"
)
compileOnly(
"org.projectlombok:lombok"
)
implementation(
'org.springframework.boot:spring-boot-starter-web',
'org.springframework.boot:spring-boot-starter-actuator',
'org.springframework.boot:spring-boot-starter-validation',
'org.apache.commons:commons-text:1.10.0',
// If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
// If there is a higher new version, remove the dependency override of okio-jvm
"org.influxdb:influxdb-java:${influxdbJavaVersion}",
// Override transitive dependency with newer version, due to security concerns
"com.squareup.okio:okio-jvm:${okioJvmVersion}",
)
}
dependencyCheck {
failBuildOnCVSS = 6
analyzers {
assemblyEnabled = false
ossIndex {
enabled = true
}
}
}
def isNonStable = { String candidate ->
def stableKeyword = ['RELEASE', 'FINAL', 'GA', 'JRE'].any { it -> candidate.toUpperCase().contains(it) }
def versionRegex = /^[0-9,.v-]+(-r)?$/
return !stableKeyword && !(candidate ==~ versionRegex)
}
def isNotSameMajorMinor = { String current, String candidate, boolean matchMinor ->
if(current.equals(candidate)) return false
def firstDot = current.indexOf('.')
def secondDot = current.indexOf('.', firstDot + 1)
def major = current.substring(0, firstDot)
def minor = current.substring(firstDot + 1, secondDot)
def majorRegex = /^$major\..*/
def minorRegex = /^$major\.${minor}\..*/
return !((candidate ==~ majorRegex) && (!matchMinor || (candidate ==~ minorRegex)))
}
tasks.named("dependencyUpdates").configure {
rejectVersionIf {
// only patch updates
isNonStable(it.candidate.version) || isNotSameMajorMinor(it.currentVersion, it.candidate.version, true)
}
}
tasks.register('dependencyUpdatesMinor', DependencyUpdatesTask) {
rejectVersionIf {
// only minor updates
isNonStable(it.candidate.version) || isNotSameMajorMinor(it.currentVersion, it.candidate.version, false)
}
}
tasks.register('dependencyUpdatesMajor', DependencyUpdatesTask) {
rejectVersionIf {
// all updates including major updates
isNonStable(it.candidate.version)
}
}
tasks.withType(DependencyUpdatesTask).configureEach {
// default settings
revision = 'milestone'
gradleReleaseChannel = "current"
checkConstraints = true
checkBuildEnvironmentConstraints = true
outputFormatter = 'json,plain'
outputDir = 'build/reports'
reportfileName = 'dependencyUpdates'
}
cyclonedxBom {
includeConfigs = ["runtimeClasspath"]
schemaVersion = "1.4"
}
tasks.register("packageBoms", Zip) {
archiveFileName.set("software-bill-of-materials.zip")
from(cyclonedxBom.outputs){
include ("bom.*")
}
}
tasks.register("release", Copy) {
dependsOn packageBoms
from(bootJar.outputs)
from(packageBoms.outputs)
into(layout.buildDirectory.dir("release"))
}