diff options
| -rw-r--r-- | README.md | 27 | ||||
| -rw-r--r-- | build.gradle | 35 |
2 files changed, 35 insertions, 27 deletions
diff --git a/README.md b/README.md index 1ef2f1f7c1c..b874365af63 100644 --- a/README.md +++ b/README.md @@ -61,26 +61,17 @@ If the project has never been built, then build it as usual (see previous sectio ./gradlew ide -Then simply open the root file `build.gradle` as a project in Intellij or Eclipse. +Then open the root file `build.gradle` as a project in Intellij or Eclipse. -### Find available updates of dependencies +### Gradle Hints -Execute from project base directory: - - ./gradlew dependencyUpdates - -### Update the files missing the license header - -Execute from project base directory: - - ./gradlew licenseFormat --rerun-tasks - -### List all dependencies - -Execute from project base directory: - - ./gradlew printDependencies - +| ./gradlew command | Description | +|---|---| +| `dependencies`| list dependencies | +| `dependencyCheckAnalyze` | list vulnerable dependencies | +| `dependencyUpdates` | list the dependencies that could be updated | +| `licenseFormat --rerun-tasks` | fix source headers by applying HEADER.txt | +| `wrapper --gradle-version 5.2.1` | upgrade wrapper | License ------- diff --git a/build.gradle b/build.gradle index 8a6e42d37ae..4be44556c85 100644 --- a/build.gradle +++ b/build.gradle @@ -6,15 +6,16 @@ buildscript { } dependencies { // Ordered alphabeticly to avoid duplication - classpath 'com.github.ben-manes:gradle-versions-plugin:0.17.0' + classpath 'com.github.ben-manes:gradle-versions-plugin:0.21.0' classpath 'com.github.jengelman.gradle.plugins:shadow:2.0.4' classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.6' classpath 'com.moowork.gradle:gradle-node-plugin:1.2.0' - classpath "gradle.plugin.nl.javadude.gradle.plugins:license-gradle-plugin:0.14.0" + classpath 'gradle.plugin.nl.javadude.gradle.plugins:license-gradle-plugin:0.14.0' classpath 'io.spring.gradle:dependency-management-plugin:1.0.4.RELEASE' classpath 'net.rdrei.android.buildtimetracker:gradle-plugin:0.11.0' classpath 'org.jfrog.buildinfo:build-info-extractor-gradle:4.7.5' - classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.2' + classpath "org.owasp:dependency-check-gradle:4.0.2" + classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7' } } @@ -43,7 +44,6 @@ sonarqube { } allprojects { - apply plugin: 'com.github.ben-manes.versions' apply plugin: 'com.jfrog.artifactory' apply plugin: 'maven-publish' @@ -75,18 +75,15 @@ allprojects { } } } - - task printDependencies { - dependsOn 'dependencies' - } } subprojects { - apply plugin: "com.github.hierynomus.license" + apply plugin: 'com.github.hierynomus.license' apply plugin: 'io.spring.dependency-management' apply plugin: 'java' apply plugin: 'jacoco' apply plugin: 'idea' + apply plugin: 'org.owasp.dependencycheck' // do not deploy to Artifactory by default artifactoryPublish.skip = true @@ -421,3 +418,23 @@ artifactory { // The name of this variable is important because it's used by the delivery process when extracting version from Artifactory build info. clientConfig.info.addEnvironmentProperty('PROJECT_VERSION', "${version}") } + +// https://github.com/ben-manes/gradle-versions-plugin +apply plugin: 'com.github.ben-manes.versions' +// Exclude dev versions from the list of dependency upgrades, for +// example to replace: +// org.slf4j:log4j-over-slf4j [1.7.25 -> 1.8.0-beta4] +// by +// org.slf4j:log4j-over-slf4j [1.7.25 -> 1.7.26] +dependencyUpdates.resolutionStrategy { + componentSelection { rules -> + rules.all { ComponentSelection selection -> + boolean rejected = ['alpha', 'beta', 'rc', 'cr', 'm', 'preview'].any { qualifier -> + selection.candidate.version ==~ /(?i).*[.-]${qualifier}[.\d-]*/ + } + if (rejected) { + selection.reject('Development version') + } + } + } +} |