diff --git a/README.md b/README.md index 469ee31..07cf03a 100644 --- a/README.md +++ b/README.md @@ -143,3 +143,8 @@ however the `http_status` will not be used for differentiation. To generate a software bill of materials (SBOM), execute the gradle task `cyclonedxBom`. It will save the BOM into the folder build/reports. + +##### How to Release + +Important tasks to check first are `dependencyUpdates` and `dependencyUpdates[Major|Minor]` for newer (patch, minor, major) +versions and `dependencyCheckAnalyze` for security issues in the used dependencies. diff --git a/build.gradle b/build.gradle index 5fbb869..20d16ce 100644 --- a/build.gradle +++ b/build.gradle @@ -1,14 +1,20 @@ +import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask + plugins { id 'org.springframework.boot' version "${springBootVersion}" id 'java' id "org.cyclonedx.bom" version "1.7.4" id "org.owasp.dependencycheck" version "8.4.0" + id "com.github.ben-manes.versions" version "0.49.0" } apply plugin: 'io.spring.dependency-management' group 'de.novatec' version '2.2' -sourceCompatibility = '17' + +java { + sourceCompatibility = '17' +} repositories { mavenCentral() @@ -52,6 +58,66 @@ dependencies { ) } +dependencyCheck { + failBuildOnCVSS = 6 + analyzers { + assemblyEnabled = false + ossIndex { + enabled = true + } + } +} + +def isNonStable = { String candidate -> + def stableKeyword = ['RELEASE', 'FINAL', 'GA', 'JRE'].any { it -> candidate.toUpperCase().contains(it) } + def versionRegex = /^[0-9,.v-]+(-r)?$/ + return !stableKeyword && !(candidate ==~ versionRegex) +} + +def isNotSameMajorMinor = { String current, String candidate, boolean matchMinor -> + if(current.equals(candidate)) return false + + def firstDot = current.indexOf('.') + def secondDot = current.indexOf('.', firstDot + 1) + def major = current.substring(0, firstDot) + def minor = current.substring(firstDot + 1, secondDot) + def majorRegex = /^$major\..*/ + def minorRegex = /^$major\.${minor}\..*/ + return !((candidate ==~ majorRegex) && (!matchMinor || (candidate ==~ minorRegex))) +} + +tasks.named("dependencyUpdates").configure { + rejectVersionIf { + // only patch updates + isNonStable(it.candidate.version) || isNotSameMajorMinor(it.currentVersion, it.candidate.version, true) + } +} + +tasks.register('dependencyUpdatesMinor', DependencyUpdatesTask) { + rejectVersionIf { + // only minor updates + isNonStable(it.candidate.version) || isNotSameMajorMinor(it.currentVersion, it.candidate.version, false) + } +} + +tasks.register('dependencyUpdatesMajor', DependencyUpdatesTask) { + rejectVersionIf { + // all updates including major updates + isNonStable(it.candidate.version) + } +} + +tasks.withType(DependencyUpdatesTask).configureEach { + // default settings + revision = 'milestone' + gradleReleaseChannel = "current" + checkConstraints = true + checkBuildEnvironmentConstraints = true + outputFormatter = 'json,plain' + outputDir = 'build/reports' + reportfileName = 'dependencyUpdates' +} + cyclonedxBom { includeConfigs = ["runtimeClasspath"] schemaVersion = "1.4" diff --git a/gradle.properties b/gradle.properties index b3118d0..46670f4 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,5 +1,5 @@ # Spring Boot -springBootVersion=3.1.3 +springBootVersion=3.1.4 # If indluxdb-java is updated, check new version of the transitive dependency okio-jvm # If there is a higher new version, remove the dependency override of okio-jvm diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 7454180..ccebba7 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index e1bef7e..744c64d 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.0.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 1b6c787..79a61d4 100755 --- a/gradlew +++ b/gradlew @@ -55,7 +55,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. @@ -80,10 +80,10 @@ do esac done -APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit - -APP_NAME="Gradle" +# This is normally unused +# shellcheck disable=SC2034 APP_BASE_NAME=${0##*/} +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' @@ -143,12 +143,16 @@ fi if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then case $MAX_FD in #( max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 MAX_FD=$( ulimit -H -n ) || warn "Could not query maximum file descriptor limit" esac case $MAX_FD in #( '' | soft) :;; #( *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 ulimit -n "$MAX_FD" || warn "Could not set maximum file descriptor limit to $MAX_FD" esac @@ -205,6 +209,12 @@ set -- \ org.gradle.wrapper.GradleWrapperMain \ "$@" +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + # Use "xargs" to parse quoted args. # # With -n1 it outputs one arg per line, with the quotes and backslashes removed. diff --git a/gradlew.bat b/gradlew.bat index ac1b06f..6689b85 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -14,7 +14,7 @@ @rem limitations under the License. @rem -@if "%DEBUG%" == "" @echo off +@if "%DEBUG%"=="" @echo off @rem ########################################################################## @rem @rem Gradle startup script for Windows @@ -25,7 +25,8 @@ if "%OS%"=="Windows_NT" setlocal set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% @@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto execute +if %ERRORLEVEL% equ 0 goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar :end @rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd +if %ERRORLEVEL% equ 0 goto mainEnd :fail rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% :mainEnd if "%OS%"=="Windows_NT" endlocal