From a7befb78caa01d9f9f2963bee82e52289f649a61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Oct 2025 19:01:10 +0000 Subject: [PATCH 1/6] Bump gradle/actions from 4 to 5 Bumps [gradle/actions](https://github.com/gradle/actions) from 4 to 5. - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/v4...v5) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d96e2a..f4de104 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,7 +38,7 @@ jobs: java-version: ${{ matrix.java }} - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Cache SonarQube packages uses: actions/cache@v4 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad4bb5d..85d5b93 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -32,7 +32,7 @@ jobs: java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68057dd..a9e68f0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,7 @@ jobs: java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Build run: ./gradlew build --warning-mode all From 6e6d4aa242daf17892054ea56bdaaf6df72b68d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Oct 2025 19:01:14 +0000 Subject: [PATCH 2/6] Bump actions/github-script from 7 to 8 Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68057dd..28159e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: - name: Fail if not running on main branch if: ${{ github.ref != 'refs/heads/main' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main') From 3b144d32b04b8184fc98e880c26acb7f9cd42710 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Sun, 26 Oct 2025 11:37:08 +0100 Subject: [PATCH 3/6] Configure credentials for ossindex --- .github/workflows/build.yml | 4 ++++ README.md | 9 +++++++++ build.gradle | 12 +++++++----- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d96e2a..3d5b831 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -49,6 +49,10 @@ jobs: - name: Build with Java ${{ matrix.java }} run: ./gradlew build --info --warning-mode all -PjavaVersion=${{ matrix.java }} + env: + ORG_GRADLE_PROJECT_ossIndexUsername: ${{ secrets.OSSINDEX_USERNAME }} + ORG_GRADLE_PROJECT_ossIndexToken: ${{ secrets.OSSINDEX_TOKEN }} + - name: Sonar analysis if: ${{ env.DEFAULT_JAVA == matrix.java && env.SONAR_TOKEN != null }} diff --git a/README.md b/README.md index cda1af5..ce1f740 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,15 @@ To use `openfasttrace` from source during development: ### Check dependencies for vulnerabilities +Get token for OssIndex from [ossindex.sonatype.org](https://ossindex.sonatype.org/user/settings) and add it to `~/.gradle/gradle.properties`: + +```properties +ossIndexUsername = +ossIndexToken = +``` + +Then run + ```sh ./gradlew ossIndexAudit ``` diff --git a/build.gradle b/build.gradle index ecabc97..e9b71c9 100644 --- a/build.gradle +++ b/build.gradle @@ -2,11 +2,11 @@ plugins { id 'java-gradle-plugin' id 'jacoco' id 'signing' - id 'com.gradle.plugin-publish' version '1.3.1' - id 'org.sonarqube' version '6.2.0.5505' + id 'com.gradle.plugin-publish' version '2.0.0' + id 'org.sonarqube' version '7.0.1.6134' id 'pl.droidsonroids.jacoco.testkit' version '1.0.12' - id 'com.github.ben-manes.versions' version '0.52.0' - id 'org.sonatype.gradle.plugins.scan' version '3.1.2' + id 'com.github.ben-manes.versions' version '0.53.0' + id 'org.sonatype.gradle.plugins.scan' version '3.1.4' } repositories { @@ -21,7 +21,7 @@ group = 'org.itsallcode' ext { gradlePluginId = 'org.itsallcode.openfasttrace' oftVersion = '4.2.0' - junitVersion = '5.13.4' + junitVersion = '6.0.0' if (project.hasProperty('oftSourceDir')) { oftSourceDir = file(project.oftSourceDir) useOftSources = oftSourceDir.exists() @@ -170,6 +170,8 @@ tasks.named("dependencyUpdates").configure { } ossIndexAudit { + username = findProperty("ossIndexUsername") + password = findProperty("ossIndexToken") allConfigurations = false useCache = true excludeVulnerabilityIds = [] From e917ace3a43828da2dd963a08c539424f4bdbae3 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Sun, 26 Oct 2025 11:38:38 +0100 Subject: [PATCH 4/6] Add changelog entry --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3d5bbf..21c2ab2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +- [PR #58](https://github.com/itsallcode/openfasttrace-gradle/pull/58) + - Upgrade dependencies + - Specify credentials for OssIndex + ## [3.1.0] - 2025-08-03 - [PR #51](https://github.com/itsallcode/openfasttrace-gradle/pull/51) (Thanks to [@koppor](https://github.com/koppor) for his contribution!) From 7ba5378ad5fb9126f4fe42d646758c2b4d9f1735 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Sun, 26 Oct 2025 11:39:24 +0100 Subject: [PATCH 5/6] Fix broken link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ce1f740..02d12be 100644 --- a/README.md +++ b/README.md @@ -183,7 +183,7 @@ To use `openfasttrace` from source during development: ### Check dependencies for vulnerabilities -Get token for OssIndex from [ossindex.sonatype.org](https://ossindex.sonatype.org/user/settings) and add it to `~/.gradle/gradle.properties`: +Get token for OssIndex from [ossindex.sonatype.org](https://ossindex.sonatype.org/) and add it to `~/.gradle/gradle.properties`: ```properties ossIndexUsername = From 56770a25267299a5d9f9cfeb329d48d995879c92 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Sun, 26 Oct 2025 13:46:11 +0100 Subject: [PATCH 6/6] Don't fail build for missing ossindex credentials --- build.gradle | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index e9b71c9..b6d6aa6 100644 --- a/build.gradle +++ b/build.gradle @@ -170,8 +170,10 @@ tasks.named("dependencyUpdates").configure { } ossIndexAudit { - username = findProperty("ossIndexUsername") - password = findProperty("ossIndexToken") + if(project.hasProperty("ossIndexUsername") && project.hasProperty("ossIndexToken")) { + username = findProperty("ossIndexUsername") + password = findProperty("ossIndexToken") + } allConfigurations = false useCache = true excludeVulnerabilityIds = []