diff --git a/.osv-scanner/.cache/v1.8.2/osv-scanner_linux_amd64 b/.osv-scanner/.cache/v1.8.2/osv-scanner_linux_amd64 new file mode 100755 index 0000000..2f8d670 Binary files /dev/null and b/.osv-scanner/.cache/v1.8.2/osv-scanner_linux_amd64 differ diff --git a/.osv-scanner/osv-scanner.version b/.osv-scanner/osv-scanner.version new file mode 100644 index 0000000..e1fbb88 --- /dev/null +++ b/.osv-scanner/osv-scanner.version @@ -0,0 +1 @@ +v1.8.2 \ No newline at end of file diff --git a/.osv-scanner/osv-scanner_linux_amd64 b/.osv-scanner/osv-scanner_linux_amd64 new file mode 100755 index 0000000..2f8d670 Binary files /dev/null and b/.osv-scanner/osv-scanner_linux_amd64 differ diff --git a/build.gradle b/build.gradle index 8fc282a..59c3201 100644 --- a/build.gradle +++ b/build.gradle @@ -4,6 +4,9 @@ plugins { id 'maven-publish' id 'signing' id "io.github.gradle-nexus.publish-plugin" version "2.0.0-rc-1" + id "com.jfrog.artifactory" version "5.2.3" + id "org.cyclonedx.bom" version "1.8.2" + id 'com.fizzpod.osv-scanner' version '3.0.9' } wrapper { @@ -27,11 +30,15 @@ ext { } subprojects { - apply from: rootProject.file('gradle/repositories/maven.gradle') + apply from: rootProject.file('gradle/repositories/artifactory.gradle') + apply from: rootProject.file('gradle/repositories/forgejo.gradle') apply from: rootProject.file('gradle/compile/java.gradle') apply from: rootProject.file('gradle/test/junit5.gradle') - apply from: rootProject.file('gradle/publish/maven.gradle') apply from: rootProject.file('gradle/quality/pmd.gradle') + apply from: rootProject.file('gradle/publish/maven.gradle') } -apply from: rootProject.file('gradle/publish/sonatype.gradle') -apply from: rootProject.file('gradle/publish/forgejo.gradle') +apply from: rootProject.file('gradle/quality/cyclonedx.gradle') +apply from: rootProject.file('gradle/quality/osv-scanner.gradle') +apply from: rootProject.file('gradle/publish/xbib/forgejo.gradle') +apply from: rootProject.file('gradle/publish/hbz/artifactory.gradle') +//apply from: rootProject.file('gradle/publish/maven-central/sonatype.gradle') diff --git a/gradle/publish/hbz/artifactory.gradle b/gradle/publish/hbz/artifactory.gradle new file mode 100644 index 0000000..1873483 --- /dev/null +++ b/gradle/publish/hbz/artifactory.gradle @@ -0,0 +1,27 @@ +if (project.hasProperty('artifactoryUser')) { + artifactory { + publish { + contextUrl = project.property('artifactoryUrl') + repository { + repoKey = project.property('artifactoryRepoKey') + username = project.property('artifactoryUser') + password = project.property('artifactoryPassword') + } + defaults { + publications("${project.name}") + publishBuildInfo = false + publishArtifacts = true + publishPom = true + } + } + } +} + +if (project.hasProperty("signing.keyId")) { + pluginManager.withPlugin('maven-publish') { + apply plugin: 'signing' + signing { + sign publishing.publications."${project.name}" + } + } +} diff --git a/gradle/publish/ivy.gradle b/gradle/publish/ivy.gradle deleted file mode 100644 index fe0a848..0000000 --- a/gradle/publish/ivy.gradle +++ /dev/null @@ -1,27 +0,0 @@ -apply plugin: 'ivy-publish' - -publishing { - repositories { - ivy { - url = "https://xbib.org/repo" - } - } - publications { - ivy(IvyPublication) { - from components.java - descriptor { - license { - name = 'The Apache License, Version 2.0' - url = 'http://www.apache.org/licenses/LICENSE-2.0.txt' - } - author { - name = 'Jörg Prante' - url = 'http://example.com/users/jane' - } - descriptor.description { - text = rootProject.ext.description - } - } - } - } -} \ No newline at end of file diff --git a/gradle/publish/sonatype.gradle b/gradle/publish/maven-central/sonatype.gradle similarity index 69% rename from gradle/publish/sonatype.gradle rename to gradle/publish/maven-central/sonatype.gradle index 5d739de..3bdf85a 100644 --- a/gradle/publish/sonatype.gradle +++ b/gradle/publish/maven-central/sonatype.gradle @@ -1,3 +1,11 @@ + +if (project.hasProperty("signing.keyId")) { + apply plugin: 'signing' + signing { + sign publishing.publications."${project.name}" + } +} + if (project.hasProperty('ossrhUsername') && project.hasProperty('ossrhPassword')) { nexusPublishing { repositories { diff --git a/gradle/publish/maven.gradle b/gradle/publish/maven.gradle index ce6a26f..219c8ff 100644 --- a/gradle/publish/maven.gradle +++ b/gradle/publish/maven.gradle @@ -42,10 +42,3 @@ publishing { } } } - -if (project.hasProperty("signing.keyId")) { - apply plugin: 'signing' - signing { - sign publishing.publications."${project.name}" - } -} diff --git a/gradle/publish/forgejo.gradle b/gradle/publish/xbib/forgejo.gradle similarity index 100% rename from gradle/publish/forgejo.gradle rename to gradle/publish/xbib/forgejo.gradle diff --git a/gradle/quality/cyclonedx.gradle b/gradle/quality/cyclonedx.gradle index a6bf41b..c0e0ba1 100644 --- a/gradle/quality/cyclonedx.gradle +++ b/gradle/quality/cyclonedx.gradle @@ -2,7 +2,7 @@ cyclonedxBom { includeConfigs = [ 'runtimeClasspath' ] skipConfigs = [ 'compileClasspath', 'testCompileClasspath' ] projectType = "library" - schemaVersion = "1.4" + schemaVersion = "1.5" destination = file("build/reports") outputName = "bom" outputFormat = "json" diff --git a/gradle/quality/osv-scanner.gradle b/gradle/quality/osv-scanner.gradle new file mode 100644 index 0000000..a88658c --- /dev/null +++ b/gradle/quality/osv-scanner.gradle @@ -0,0 +1,6 @@ +apply plugin: 'com.fizzpod.osv-scanner' + +osvScanner { + format = "json" + sbom = rootProject.file('build/reports/bom.json') +} diff --git a/gradle/repositories/artifactory.gradle b/gradle/repositories/artifactory.gradle new file mode 100644 index 0000000..c9558a2 --- /dev/null +++ b/gradle/repositories/artifactory.gradle @@ -0,0 +1,5 @@ +repositories { + maven { + url = 'https://repo.hbz-nrw.de/artifactory/gradle-dev/' + } +} diff --git a/gradle/repositories/forgejo.gradle b/gradle/repositories/forgejo.gradle new file mode 100644 index 0000000..7bafb58 --- /dev/null +++ b/gradle/repositories/forgejo.gradle @@ -0,0 +1,5 @@ +repositories { + maven { + url = 'https://xbib.org/api/packages/joerg/maven' + } +}