plugins { // Ordered alphabeticly id 'com.github.ben-manes.versions' version '0.33.0' id 'com.github.hierynomus.license' version '0.15.0' id 'com.github.johnrengelman.shadow' version '5.2.0' apply false id 'com.google.protobuf' version '0.8.13' apply false id 'com.jfrog.artifactory' version '4.21.0' id 'com.github.node-gradle.node' version '2.2.4' apply false id 'io.spring.dependency-management' version '1.0.10.RELEASE' id "com.asarkar.gradle.build-time-tracker" version "2.0.4" apply false id 'org.owasp.dependencycheck' version '6.1.6' id 'org.sonarqube' version '3.0' id "de.undercouch.download" version "4.1.1" apply false } // display a summary of task durations at the end of the build if (project.hasProperty('time-tracker')) { apply plugin: 'com.asarkar.gradle.build-time-tracker' buildTimeTracker { sort = true maxWidth = 80 minTaskDuration = Duration.ofSeconds(1) } } if (!JavaVersion.current().java11Compatible) { throw new GradleException("JDK 11+ is required to perform this build. It's currently " + System.getProperty("java.home") + ".") } apply plugin: 'org.owasp.dependencycheck' dependencyCheck { analyzers { assemblyEnabled = false autoconfEnabled = false bundleAuditEnabled = false cmakeEnabled = false cocoapodsEnabled = false composerEnabled = false cocoapodsEnabled = false golangDepEnabled = false golangModEnabled = false nodeAudit { skipDevDependencies = true } nuspecEnabled = false nugetconfEnabled = false rubygemsEnabled = false swiftEnabled = false } format = 'ALL' junitFailOnCVSS = 0 failBuildOnCVSS = 0 suppressionFiles = ["${project.rootDir}/private/owasp/suppressions.xml", "${project.rootDir}/private/owasp/vulnerabilities.xml"] skipProjects = project.subprojects .findAll {it.name.contains('testing') || it.name.startsWith('it-') || it.name.contains('-test') || it.name == 'sonar-ws-generator'} .collect { it.path } } allprojects { apply plugin: 'com.jfrog.artifactory' apply plugin: 'maven-publish' ext.versionInSources = version ext.buildNumber = System.getProperty("buildNumber") // when no buildNumber is provided, then project version must end with '-SNAPSHOT' if (ext.buildNumber == null) { version = "${version}-SNAPSHOT".toString() ext.versionWithoutBuildNumber = version } else { ext.versionWithoutBuildNumber = version version = (version.toString().count('.') == 1 ? "${version}.0.${ext.buildNumber}" : "${version}.${ext.buildNumber}").toString() } ext { release = project.hasProperty('release') && project.getProperty('release') official = project.hasProperty('official') && project.getProperty('official') } repositories { def repository = project.hasProperty('qa') ? 'sonarsource-qa' : 'sonarsource' maven { // The environment variables ARTIFACTORY_PRIVATE_USERNAME and ARTIFACTORY_PRIVATE_PASSWORD are used on QA env (Jenkins) // On local box, please add artifactoryUsername and artifactoryPassword to ~/.gradle/gradle.properties def artifactoryUsername = System.env.'ARTIFACTORY_PRIVATE_USERNAME' ?: (project.hasProperty('artifactoryUsername') ? project.getProperty('artifactoryUsername') : '') def artifactoryPassword = System.env.'ARTIFACTORY_PRIVATE_PASSWORD' ?: (project.hasProperty('artifactoryPassword') ? project.getProperty('artifactoryPassword') : '') if (artifactoryUsername && artifactoryPassword) { credentials { username artifactoryUsername password artifactoryPassword } } else { // Workaround for artifactory // https://www.jfrog.com/jira/browse/RTFACT-13797 repository = 'public' } url "https://repox.jfrog.io/repox/${repository}" } } task allDependencies { dependsOn 'dependencies' } artifactory { clientConfig.setIncludeEnvVars(true) clientConfig.setEnvVarsExcludePatterns('*password*,*PASSWORD*,*secret*,*MAVEN_CMD_LINE_ARGS*,sun.java.command,*token*,*TOKEN*,*LOGIN*,*login*,*key*,*KEY*,*signing*') contextUrl = System.getenv('ARTIFACTORY_URL') publish { repository { repoKey = System.getenv('ARTIFACTORY_DEPLOY_REPO') username = System.getenv('ARTIFACTORY_DEPLOY_USERNAME') ?: project.properties.artifactoryUsername password = System.getenv('ARTIFACTORY_DEPLOY_PASSWORD') ?: project.properties.artifactoryPaswword } defaults { properties = [ 'build.name': 'sonar-enterprise', 'build.number': System.getenv('BUILD_NUMBER'), 'pr.branch.target': System.getenv('GITHUB_BASE_BRANCH'), 'pr.number': System.getenv('PULL_REQUEST'), 'vcs.branch': System.getenv('GITHUB_BRANCH'), 'vcs.revision': System.getenv('GIT_SHA1'), 'version': version ] publications('mavenJava') publishPom = true publishIvy = false } } clientConfig.info.setBuildName('sonar-enterprise') clientConfig.info.setBuildNumber(System.getenv('BUILD_NUMBER')) // Define the artifacts to be deployed to https://binaries.sonarsource.com on releases clientConfig.info.addEnvironmentProperty('ARTIFACTS_TO_PUBLISH', "${project.group}:sonar-application:zip," + "com.sonarsource.sonarqube:sonarqube-developer:zip," + "com.sonarsource.sonarqube:sonarqube-datacenter:zip," + "com.sonarsource.sonarqube:sonarqube-enterprise:zip") // The name of this variable is important because it's used by the delivery process when extracting version from Artifactory build info. clientConfig.info.addEnvironmentProperty('PROJECT_VERSION', "${version}") } } apply plugin: 'org.sonarqube' sonarqube { properties { property 'sonar.projectName', projectTitle property 'sonar.projectVersion', "${versionInSources}-SNAPSHOT" property 'sonar.buildString', version } } tasks.named('wrapper') { distributionType = Wrapper.DistributionType.ALL } subprojects { apply plugin: 'com.github.hierynomus.license' apply plugin: 'io.spring.dependency-management' apply plugin: 'jacoco' apply plugin: 'java' apply plugin: 'idea' apply plugin: 'signing' // do not deploy to Artifactory by default artifactoryPublish.skip = true def testFixtureSrc = 'src/testFixtures' if (file(testFixtureSrc).exists()) { apply plugin: 'java-test-fixtures' } ext { protobufVersion = '3.11.4' // define a method which can be called by project to change Java version to compile to configureCompileJavaToVersion = { javaVersion -> if ( javaVersion != 11 & javaVersion != 8) { throw new InvalidUserDataException("Only Java 8 and 11 are supported") } if ( javaVersion == 8 ) { println "Configuring project ${project.name} to compile to Java ${javaVersion}" if (!project.hasProperty('skipJava8Checks')) { task ensureDependenciesRunOnJava8(dependsOn: [configurations.compileClasspath]) { ext.readJavaMajorVersion = { classFile -> classFile.withDataInputStream({ d -> if (d.skip(7) == 7) { // read the version of the class file d.read() } else { throw new GradleException("Could not read major version from $classFile") } }) } doLast { [configurations.compileClasspath].each { config -> config.resolvedConfiguration.files .findAll({ f -> f.name.endsWith("jar") }) .each { jarFile -> def onlyJava8 = true zipTree(jarFile) .matching({ include "**/*.class" // multi-release jar files were introduced with Java 9 => contains only classes targeting Java 9+ exclude "META-INF/versions/**" // ignore module-info existing in some archives for Java 9 forward compatibility exclude "module-info.class" }) .files .each { classFile -> int javaMajorVersion = readJavaMajorVersion(classFile) if (javaMajorVersion > 52) { println "$classFile has been compiled to a more recent version of Java than 8 (java8=52, java11=55, actual=$javaMajorVersion)" onlyJava8 = false } } if (!onlyJava8) { throw new GradleException("Dependency ${jarFile} in configuration ${config.name} contains class file(s) compiled to a Java version > Java 8 (see logs for details)") } } } } } compileJava.dependsOn ensureDependenciesRunOnJava8 } } sourceCompatibility = javaVersion targetCompatibility = javaVersion tasks.withType(JavaCompile) { options.compilerArgs.addAll(['--release', javaVersion + '']) options.encoding = 'UTF-8' } } } configureCompileJavaToVersion 11 sonarqube { properties { property 'sonar.moduleKey', project.group + ':' + project.name } } // Central place for definition dependency versions and exclusions. dependencyManagement { dependencies { // bundled plugin list -- keep it alphabetically ordered dependency 'com.sonarsource.abap:sonar-abap-plugin:3.9.1.3127' dependency 'com.sonarsource.cobol:sonar-cobol-plugin:4.6.2.4876' dependency 'com.sonarsource.cpp:sonar-cfamily-plugin:6.23.0.34138' dependency 'com.sonarsource.pli:sonar-pli-plugin:1.11.1.2727' dependency 'com.sonarsource.plsql:sonar-plsql-plugin:3.6.1.3873' dependency 'com.sonarsource.plugins.vb:sonar-vb-plugin:2.7.1.2721' dependency 'com.sonarsource.rpg:sonar-rpg-plugin:3.0.0.2738' dependency 'com.sonarsource.security:sonar-security-csharp-frontend-plugin:9.0.0.12669' dependency 'com.sonarsource.security:sonar-security-java-frontend-plugin:9.0.0.12669' dependency 'com.sonarsource.security:sonar-security-php-frontend-plugin:9.0.0.12669' dependency 'com.sonarsource.security:sonar-security-plugin:9.0.0.12669' dependency 'com.sonarsource.security:sonar-security-python-frontend-plugin:9.0.0.12669' dependency 'com.sonarsource.security:sonar-security-js-frontend-plugin:9.0.0.12669' dependency 'com.sonarsource.slang:sonar-apex-plugin:1.8.3.2219' dependency 'com.sonarsource.swift:sonar-swift-plugin:4.3.1.4892' dependency 'com.sonarsource.tsql:sonar-tsql-plugin:1.5.1.4340' dependency 'org.sonarsource.config:sonar-config-plugin:1.0.0.32' dependency 'org.sonarsource.css:sonar-css-plugin:1.4.2.2002' dependency 'org.sonarsource.dotnet:sonar-csharp-plugin:8.26.0.34506' dependency 'org.sonarsource.dotnet:sonar-vbnet-plugin:8.26.0.34506' dependency 'org.sonarsource.flex:sonar-flex-plugin:2.6.2.2641' dependency 'org.sonarsource.html:sonar-html-plugin:3.4.0.2754' dependency 'org.sonarsource.jacoco:sonar-jacoco-plugin:1.1.1.1157' dependency 'org.sonarsource.java:sonar-java-plugin:7.2.0.26923' dependency 'org.sonarsource.javascript:sonar-javascript-plugin:8.1.0.15788' dependency 'org.sonarsource.php:sonar-php-plugin:3.17.0.7439' dependency 'org.sonarsource.python:sonar-python-plugin:3.6.0.8488' dependency 'org.sonarsource.slang:sonar-go-plugin:1.8.3.2219' dependency 'org.sonarsource.kotlin:sonar-kotlin-plugin:2.0.1.110' dependency 'org.sonarsource.slang:sonar-ruby-plugin:1.8.3.2219' dependency 'org.sonarsource.slang:sonar-scala-plugin:1.8.3.2219' dependency 'org.sonarsource.xml:sonar-xml-plugin:2.2.0.2973' // please keep this list alphabetically ordered dependencySet(group: 'ch.qos.logback', version: '1.2.3') { entry 'logback-access' entry 'logback-classic' entry 'logback-core' } dependency('commons-beanutils:commons-beanutils:1.8.3') { exclude 'commons-logging:commons-logging' } dependency 'commons-codec:commons-codec:1.14' dependency 'commons-dbutils:commons-dbutils:1.7' dependency 'commons-io:commons-io:2.8.0' dependency 'commons-lang:commons-lang:2.6' imports { mavenBom 'com.fasterxml.jackson:jackson-bom:2.11.4' } dependencySet(group: 'com.fasterxml.jackson.dataformat', version: '2.11.4') { entry 'jackson-dataformat-cbor' entry 'jackson-dataformat-smile' entry 'jackson-dataformat-yaml' } dependency 'com.eclipsesource.minimal-json:minimal-json:0.9.5' dependencySet(group: 'com.github.scribejava', version: '6.9.0') { entry 'scribejava-apis' entry 'scribejava-core' } dependency 'com.github.everit-org.json-schema:org.everit.json.schema:1.12.2' // This project is no longer maintained and was forked // by https://github.com/java-diff-utils/java-diff-utils // (io.github.java-diff-utils:java-diff-utils). dependency 'com.googlecode.java-diff-utils:diffutils:1.2' dependency('com.googlecode.json-simple:json-simple:1.1.1') { exclude 'junit:junit' } dependency 'com.google.code.findbugs:jsr305:3.0.2' dependency 'com.google.code.gson:gson:2.8.6' dependency('com.google.guava:guava:28.2-jre') { exclude 'com.google.errorprone:error_prone_annotations' exclude 'com.google.guava:listenablefuture' exclude 'com.google.j2objc:j2objc-annotations' exclude 'org.checkerframework:checker-qual' exclude 'org.codehaus.mojo:animal-sniffer-annotations' } dependency "com.google.protobuf:protobuf-java:${protobufVersion}" // Do not upgrade H2 to 1.4.200 because of instability: https://github.com/h2database/h2database/issues/2205 dependency 'com.h2database:h2:1.4.199' dependencySet(group: 'com.hazelcast', version: '4.2') { entry 'hazelcast' } dependency 'com.hazelcast:hazelcast-kubernetes:2.2.3' dependency 'com.ibm.icu:icu4j:3.4.4' dependency 'com.microsoft.sqlserver:mssql-jdbc:9.2.0.jre11' dependency 'com.oracle.database.jdbc:ojdbc8:19.3.0.0' // upgrade okhttp3 dependency kotlin to get rid of not exploitable CVE-2020-29582 dependency 'org.jetbrains.kotlin:kotlin-stdlib-common:1.4.21' dependency 'org.jetbrains.kotlin:kotlin-stdlib:1.4.21' dependencySet(group: 'com.squareup.okhttp3', version: '4.9.0') { entry 'okhttp' entry 'mockwebserver' } dependency 'com.tngtech.java:junit-dataprovider:1.13.1' dependency 'info.picocli:picocli:3.6.1' dependencySet(group: 'io.jsonwebtoken', version: '0.11.2') { entry 'jjwt-api' entry 'jjwt-impl' entry 'jjwt-jackson' } dependency 'com.auth0:java-jwt:3.10.3' dependency 'io.netty:netty-all:4.1.65.Final' dependency 'com.sun.mail:javax.mail:1.5.6' dependency 'javax.annotation:javax.annotation-api:1.3.2' dependency 'javax.servlet:javax.servlet-api:3.1.0' dependency 'javax.xml.bind:jaxb-api:2.3.0' dependency 'junit:junit:4.13.1' dependency 'org.junit.jupiter:junit-jupiter-api:5.6.0' dependency 'org.xmlunit:xmlunit-core:2.6.4' dependency 'org.xmlunit:xmlunit-matchers:2.6.4' dependency 'net.jpountz.lz4:lz4:1.3.0' dependency 'net.lightbody.bmp:littleproxy:1.1.0-beta-bmp-17' dependency 'org.awaitility:awaitility:4.0.2' dependency 'org.apache.commons:commons-csv:1.7' dependency 'org.apache.commons:commons-email:1.5' dependency 'org.apache.commons:commons-dbcp2:2.7.0' dependency('org.apache.httpcomponents:httpclient:4.5.13'){ exclude 'commons-logging:commons-logging' } // Be aware that Log4j is used by Elasticsearch client dependencySet(group: 'org.apache.logging.log4j', version: '2.8.2') { entry 'log4j-api' entry 'log4j-to-slf4j' entry 'log4j-core' } dependencySet(group: 'org.apache.tomcat.embed', version: '8.5.68') { entry 'tomcat-embed-core' entry('tomcat-embed-jasper') { exclude 'org.eclipse.jdt.core.compiler:ecj' } } dependency 'org.assertj:assertj-core:3.15.0' dependency 'org.assertj:assertj-guava:3.3.0' dependency('org.codehaus.sonar:sonar-channel:4.2') { exclude 'org.slf4j:slf4j-api' } dependency 'org.codehaus.sonar:sonar-classloader:1.0' dependency 'com.fasterxml.staxmate:staxmate:2.4.0' dependencySet(group: 'org.eclipse.jetty', version: '9.4.6.v20170531') { entry 'jetty-proxy' entry 'jetty-server' entry 'jetty-servlet' } dependency('org.elasticsearch.client:elasticsearch-rest-high-level-client:7.13.3') { exclude 'commons-logging:commons-logging' } dependency 'org.elasticsearch.plugin:transport-netty4-client:7.13.3' dependency 'org.elasticsearch:mocksocket:1.0' //analysis-common need to stay at 7.10.2 as it hasn't been published to mvn central dependency 'org.codelibs.elasticsearch.module:analysis-common:7.10.2' dependency 'org.eclipse.jgit:org.eclipse.jgit:5.11.0.202103091610-r' dependency 'org.tmatesoft.svnkit:svnkit:1.10.1' dependency 'org.hamcrest:hamcrest-all:1.3' dependency 'org.jsoup:jsoup:1.13.1' dependency 'org.mindrot:jbcrypt:0.4' dependency('org.mockito:mockito-core:3.3.3') { exclude 'org.hamcrest:hamcrest-core' } dependency 'org.mybatis:mybatis:3.5.6' dependency 'org.nanohttpd:nanohttpd:2.3.1' dependency 'org.picocontainer:picocontainer:2.15' dependencySet(group: 'org.slf4j', version: '1.7.30') { entry 'jcl-over-slf4j' entry 'jul-to-slf4j' entry 'log4j-over-slf4j' entry 'slf4j-api' } dependency 'org.postgresql:postgresql:42.2.19' dependency 'org.reflections:reflections:0.9.12' dependency 'org.simpleframework:simple:4.1.21' dependency 'org.sonarsource.orchestrator:sonar-orchestrator:3.35.1.2719' dependency 'org.sonarsource.update-center:sonar-update-center-common:1.23.0.723' dependency 'org.subethamail:subethasmtp:3.1.7' dependency 'org.yaml:snakeyaml:1.26' dependency 'xml-apis:xml-apis:1.4.01' // please keep this list alphabetically ordered } } // global exclusions configurations.all { // do not conflict with com.sun.mail:javax.mail exclude group: 'javax.mail', module: 'mail' } tasks.withType(Javadoc) { options.addStringOption('Xdoclint:none', '-quiet') options.encoding = 'UTF-8' doFirst { options.addBooleanOption('-no-module-directories', true) } title = project.name + ' ' + versionWithoutBuildNumber } task sourcesJar(type: Jar, dependsOn: classes) { classifier = 'sources' from sourceSets.main.allSource } task javadocJar(type: Jar, dependsOn: javadoc) { classifier = 'javadoc' from javadoc.destinationDir } // generate code before opening project in IDE (Eclipse or Intellij) task ide() { // empty by default. Dependencies are added to the task // when needed (see protobuf modules for example) } jacocoTestReport { reports { xml.enabled true csv.enabled false html.enabled false } } normalization { runtimeClasspath { // Following classpath resources contain volatile data that changes in each CI build (build number, commit id, time), // so we exclude them from calculation of build cache key of test tasks: ignore 'META-INF/MANIFEST.MF' ignore 'sonar-api-version.txt' ignore 'sq-version.txt' } } ext.failedTests = [] test { jvmArgs '-Dfile.encoding=UTF8' maxHeapSize = '1G' systemProperty 'java.awt.headless', true testLogging { events "skipped", "failed" // verbose log for failed and skipped tests (by default the name of the tests are not logged) exceptionFormat 'full' // log the full stack trace (default is the 1st line of the stack trace) } jacoco { enabled = true // do not disable recording of code coverage, so that remote Gradle cache entry can be used locally includes = ['com.sonar.*', 'com.sonarsource.*', 'org.sonar.*', 'org.sonarqube.*', 'org.sonarsource.*'] } if (project.hasProperty('maxParallelTests')) { maxParallelForks = project.maxParallelTests as int } if (project.hasProperty('parallelTests')) { // See https://guides.gradle.org/performance/#parallel_test_execution maxParallelForks = Runtime.runtime.availableProcessors().intdiv(2) ?: 1 } afterTest { descriptor, result -> if (result.resultType == TestResult.ResultType.FAILURE) { String failedTest = " ${descriptor.className} > ${descriptor.name}" failedTests << failedTest } } } gradle.buildFinished { if (!failedTests.empty) { println "\nFailed tests:" failedTests.each { failedTest -> println failedTest } println "" } } def protoMainSrc = 'src/main/protobuf' def protoTestSrc = 'src/test/protobuf' if (file(protoMainSrc).exists() || file(protoTestSrc).exists()) { // protobuf must be applied after java apply plugin: 'com.google.protobuf' sourceSets.main.proto.srcDir protoMainSrc // in addition to the default 'src/main/proto' sourceSets.test.proto.srcDir protoTestSrc // in addition to the default 'src/test/proto' protobuf { protoc { artifact = "com.google.protobuf:protoc:${protobufVersion}" } } jar { exclude('**/*.proto') } idea { module { sourceDirs += file("${protobuf.generatedFilesBaseDir}/main/java") testSourceDirs += file("${protobuf.generatedFilesBaseDir}/test/java") generatedSourceDirs += file("${protobuf.generatedFilesBaseDir}/main/java") generatedSourceDirs += file("${protobuf.generatedFilesBaseDir}/test/java") } } ide.dependsOn(['generateProto', 'generateTestProto']) } if (file('package.json').exists()) { apply plugin: 'com.github.node-gradle.node' node { version = '10.22.1' yarnVersion = '1.22.0' download = true } // the OWASP tool does not support yarn, and its yarn.lock files, so node modules // should be explicitly installed (yarn task) before running the audit // See https://github.com/jeremylong/DependencyCheck/issues/2393 dependencyCheckAggregate.dependsOn(yarn) } if (official) { jar { // do not break incremental build on non official versions manifest { attributes( 'Version': "${version}", 'Implementation-Build': System.getenv('GIT_SHA1'), 'Build-Time': new Date().format("yyyy-MM-dd'T'HH:mm:ssZ") ) } } } license { header = rootProject.file('HEADER') strictCheck true mapping { java = 'SLASHSTAR_STYLE' js = 'SLASHSTAR_STYLE' ts = 'SLASHSTAR_STYLE' tsx = 'SLASHSTAR_STYLE' css = 'SLASHSTAR_STYLE' } includes(['**/*.java', '**/*.js', '**/*.ts', '**/*.tsx', '**/*.css']) } tasks.withType(GenerateModuleMetadata) { enabled = false } publishing { publications { mavenJava(MavenPublication) { pom { name = 'SonarQube' description = project.description url = 'http://www.sonarqube.org/' organization { name = 'SonarSource' url = 'http://www.sonarsource.com' } licenses { license { name = 'GNU LGPL 3' url = 'http://www.gnu.org/licenses/lgpl.txt' distribution = 'repo' } } scm { url = 'https://github.com/SonarSource/sonarqube' } developers { developer { id = 'sonarsource-team' name = 'SonarSource Team' } } } } } } signing { def signingKeyId = findProperty("signingKeyId") def signingKey = findProperty("signingKey") def signingPassword = findProperty("signingPassword") useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword) required { def branch = System.getenv()["CIRRUS_BRANCH"] return (branch in ['master', 'dogfood-on-next'] || branch ==~ 'branch-[\\d.]+') && gradle.taskGraph.hasTask(":artifactoryPublish") } sign publishing.publications } tasks.withType(Sign) { onlyIf { def branch = System.getenv()["CIRRUS_BRANCH"] return !artifactoryPublish.skip && (branch in ['master', 'dogfood-on-next'] || branch ==~ 'branch-[\\d.]+') && gradle.taskGraph.hasTask(":artifactoryPublish") } } } // Yarn doesn't support concurrent access to its global cache, // i.e. parallel execution of several "yarn install" tasks, // since these tasks are independent, we can establish arbitrary total order // to prevent their concurrent execution. // Note that "task1.mustRunAfter(task2)" ordering has an effect only when both // tasks are scheduled for execution, therefore should be established between // all pairs of "yarn install" tasks to define their total order and to prevent // their concurrent execution even in case when one or more of these tasks not // scheduled. def yarnInstallTasks = allprojects.findResults { it -> it.tasks.findByName('yarn') } yarnInstallTasks.drop(1).eachWithIndex { it, i -> it.mustRunAfter(yarnInstallTasks[0..i]) } // by default, Yarn will update lock file if it is not up to date with "package.json" // using option "--frozen-lockfile" will disable this behavior and "yarn install" will fail if lock file is out of date // all "yarn install" tasks should be executed with this option for reproducibility of builds // and to prevent developers from forgetting to update lock file when they update "package.json" yarnInstallTasks.each { it -> it.args = ['--frozen-lockfile'] } // https://github.com/ben-manes/gradle-versions-plugin apply plugin: 'com.github.ben-manes.versions' dependencyUpdates { rejectVersionIf { // Exclude dev versions from the list of dependency upgrades, for // example to replace: // org.slf4j:log4j-over-slf4j [1.7.25 -> 1.8.0-beta4] // by // org.slf4j:log4j-over-slf4j [1.7.25 -> 1.7.26] boolean rejected = ['alpha', 'beta', 'rc', 'cr', 'm', 'preview', 'jre12'].any { qualifier -> it.candidate.version ==~ /(?i).*[.-]${qualifier}[.\d-]*/ } // Exclude upgrades on new major versions : // com.hazelcast:hazelcast [3.12.3 -> 4.0.0] rejected |= !it.candidate.version.substring(0, 2).equals(it.currentVersion.substring(0, 2)) rejected } }