diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2ebff33f..6728c5c4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,6 +31,7 @@ jobs: - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - uses: actions/setup-java@v5 with: @@ -96,8 +97,31 @@ jobs: product/build/jpackage-checksums/* if-no-files-found: error - build: - needs: matrix-build + + ossindex: runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions/setup-java@v5 + with: + distribution: temurin + java-version: 25 + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v6 + - name: Ossindex + run: ./gradlew ossIndexAudit --no-parallel --warning-mode all --info + env: + ORG_GRADLE_PROJECT_ossIndexUsername: ${{ secrets.OSSINDEX_USERNAME }} + ORG_GRADLE_PROJECT_ossIndexToken: ${{ secrets.OSSINDEX_TOKEN }} + + build: + permissions: + contents: read + runs-on: ubuntu-slim + needs: + - matrix-build + - ossindex steps: - run: echo "Build successful" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 50095462..f3b1c4aa 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -36,6 +36,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v6 + with: + persist-credentials: false - uses: actions/setup-java@v5 with: distribution: 'temurin' diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index 53ca4b0c..6b07db41 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@v6 + with: + persist-credentials: false - name: Setup Java uses: actions/setup-java@v5 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b99da131..4e66e6f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Checkout the repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Fail if not running on main branch if: ${{ github.ref != 'refs/heads/main' }} @@ -79,6 +81,8 @@ jobs: steps: - name: Checkout the repository uses: actions/checkout@v6 + with: + persist-credentials: true - name: Set up Java uses: actions/setup-java@v5 with: @@ -99,8 +103,8 @@ jobs: if: ${{ ! inputs.skip-maven-central }} run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --info --warning-mode all env: - ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_USERNAME }} - ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_PASSWORD }} + ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.MAVEN_CENTRAL_PORTAL_USERNAME }} + ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN }} ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }} ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ec7f11a..627d64f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [1.10.0] - unreleased +## [1.11.0] - unreleased + +## [1.10.0] - 2026-05-25 See [Release](https://github.com/itsallcode/white-rabbit/releases/tag/v1.10.0) / [Milestone](https://github.com/itsallcode/white-rabbit/milestone/12?closed=1) +### Breaking Changes + This release requires Java 25. ## [1.9.0] - 2024-09-08 diff --git a/build.gradle b/build.gradle index c546482a..1c47eaf9 100644 --- a/build.gradle +++ b/build.gradle @@ -1,17 +1,17 @@ plugins { id 'eclipse' - id "org.sonarqube" version "7.2.3.7755" + id "org.sonarqube" version "7.3.0.8198" id "org.jetbrains.gradle.plugin.idea-ext" version "1.4.1" - id "io.codearte.nexus-staging" version "0.30.0" id 'com.gradleup.shadow' version '9.4.1' apply false id "com.moowork.node" version "1.3.1" apply false - id "com.github.ben-manes.versions" version "0.53.0" + id "com.github.ben-manes.versions" version "0.54.0" id "org.panteleyev.jpackageplugin" version "2.0.1" apply false id "org.gradle.crypto.checksum" version "1.4.0" apply false id "io.github.gradle-nexus.publish-plugin" version "2.0.0" + id 'org.sonatype.gradle.plugins.scan' version '3.1.5' } -version = "1.9.0" +version = "1.10.0" group = "org.itsallcode.whiterabbit" def javaVersion = project.hasProperty('javaVersion') ? project.getProperty('javaVersion') : 25 @@ -79,12 +79,6 @@ def getOptionalProperty(String name) { return null } -nexusStaging { - packageGroup = "org.itsallcode" - username = getOptionalProperty("ossrhUsername") - password = getOptionalProperty("ossrhPassword") -} - sonarqube { properties { property "sonar.host.url", "https://sonarcloud.io" @@ -109,7 +103,18 @@ nexusPublishing { packageGroup = project.group repositories { sonatype { - stagingProfileId = "546ea6ce74787e" + nexusUrl = uri("https://ossrh-staging-api.central.sonatype.com/service/local/") } } } + +ossIndexAudit { + if(project.hasProperty("ossIndexUsername") && project.hasProperty("ossIndexToken")) { + username = findProperty("ossIndexUsername") + password = findProperty("ossIndexToken") + } + allConfigurations = false + useCache = true + excludeVulnerabilityIds = [] + printBanner = false +} diff --git a/docs/developer_guide.md b/docs/developer_guide.md index 5ea899ce..d5301fd9 100644 --- a/docs/developer_guide.md +++ b/docs/developer_guide.md @@ -62,6 +62,21 @@ Run a single test: ./gradlew dependencyUpdates --no-parallel ``` +### Check for Vulnerable Dependencies + +Configure Sonatype Guide credentials in `~/.gradle/gradle.properties`: + +```properties +ossIndexUsername = email@example.com +ossIndexToken = sonatype_pat_abc123 +``` + +Then run + +```sh +./gradlew ossIndexAudit --no-parallel --info +``` + ### Build Native Packages Precondition for Windows: Install the [WiX Toolset](https://wixtoolset.org) and add it to the `PATH`. diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index d997cfc6..b1b8ef56 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index c61a118f..df6a6ad7 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,7 +1,9 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-9.5.1-bin.zip networkTimeout=10000 +retries=0 +retryBackOffMs=500 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 739907df..b9bb139f 100755 --- a/gradlew +++ b/gradlew @@ -57,7 +57,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/2d6327017519d23b96af35865dc997fcb544fb40/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/3d91ce3b8caaf77ad09f381f43615b715b53f72c/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. diff --git a/gradlew.bat b/gradlew.bat index e509b2dd..aa5f10b0 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -23,8 +23,8 @@ @rem @rem ########################################################################## -@rem Set local scope for the variables with windows NT shell -if "%OS%"=="Windows_NT" setlocal +@rem Set local scope for the variables, and ensure extensions are enabled +setlocal EnableExtensions set DIRNAME=%~dp0 if "%DIRNAME%"=="" set DIRNAME=. @@ -51,7 +51,7 @@ echo. 1>&2 echo Please set the JAVA_HOME variable in your environment to match the 1>&2 echo location of your Java installation. 1>&2 -goto fail +"%COMSPEC%" /c exit 1 :findJavaFromJavaHome set JAVA_HOME=%JAVA_HOME:"=% @@ -65,7 +65,7 @@ echo. 1>&2 echo Please set the JAVA_HOME variable in your environment to match the 1>&2 echo location of your Java installation. 1>&2 -goto fail +"%COMSPEC%" /c exit 1 :execute @rem Setup the command line @@ -73,21 +73,10 @@ goto fail @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %* +@rem endlocal doesn't take effect until after the line is parsed and variables are expanded +@rem which allows us to clear the local environment before executing the java command +endlocal & "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %* & call :exitWithErrorLevel -:end -@rem End local scope for the variables with windows NT shell -if %ERRORLEVEL% equ 0 goto mainEnd - -:fail -rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of -rem the _cmd.exe /c_ return code! -set EXIT_CODE=%ERRORLEVEL% -if %EXIT_CODE% equ 0 set EXIT_CODE=1 -if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% -exit /b %EXIT_CODE% - -:mainEnd -if "%OS%"=="Windows_NT" endlocal - -:omega +:exitWithErrorLevel +@rem Use "%COMSPEC%" /c exit to allow operators to work properly in scripts +"%COMSPEC%" /c exit %ERRORLEVEL% diff --git a/jfxui/build.gradle b/jfxui/build.gradle index d8286425..5bed85ba 100644 --- a/jfxui/build.gradle +++ b/jfxui/build.gradle @@ -97,4 +97,5 @@ task run(type: JavaExec, group: 'run') { mainClass = project.mainClass workingDir = rootProject.projectDir classpath = filterCurrentJavaFxRuntimeClasspath(sourceSets.main.runtimeClasspath) + jvmArguments = ['--enable-native-access=ALL-UNNAMED'] } diff --git a/product/build.gradle b/product/build.gradle index 0e8f3baf..d611197d 100644 --- a/product/build.gradle +++ b/product/build.gradle @@ -29,7 +29,9 @@ def filterCurrentJavaFxRuntimeClasspath = { classpath -> dependencies { runtimeOnly project(':jfxui') - runtimeOnly project(':plugins').subprojects + rootProject.project(':plugins').subprojects.each { pluginProject -> + runtimeOnly project(pluginProject.path) + } } shadowJar { @@ -69,6 +71,7 @@ task runProduct(type: JavaExec, dependsOn: [shadowJar], group: 'run') { classpath = shadowJar.outputs.files mainClass = project.mainClass workingDir = rootProject.projectDir + jvmArguments = ['--enable-native-access=ALL-UNNAMED'] } task runWithPlugins(type: JavaExec, group: 'run') { @@ -76,6 +79,7 @@ task runWithPlugins(type: JavaExec, group: 'run') { mainClass = project.mainClass workingDir = rootProject.projectDir classpath = filterCurrentJavaFxRuntimeClasspath(sourceSets.main.runtimeClasspath) + jvmArguments = ['--enable-native-access=ALL-UNNAMED'] } task copyJPackageDependencies(type: Copy, dependsOn: ["jar"]) { diff --git a/settings.gradle b/settings.gradle index 130f0bd6..b3fc4f5c 100644 --- a/settings.gradle +++ b/settings.gradle @@ -20,15 +20,15 @@ dependencyResolutionManagement { } versionCatalogs { libs { - version('junitJupiter', '6.0.3') + version('junitJupiter', '6.1.0') version('mockito', '5.23.0') - version('log4j', '2.25.4') - version('javafx', '27-ea+12') + version('log4j', '2.26.0') + version('javafx', '27-ea+17') library('junitParams', 'org.junit.jupiter', 'junit-jupiter-params').versionRef('junitJupiter') library('assertj', 'org.assertj:assertj-core:3.27.7') library('junitPioneer', 'org.junit-pioneer:junit-pioneer:2.3.0') - library('equalsverifier', 'nl.jqno.equalsverifier:equalsverifier:4.4.2') + library('equalsverifier', 'nl.jqno.equalsverifier:equalsverifier:4.5') library('tostringverifier', 'com.jparams:to-string-verifier:1.4.8') library('hamcrest', 'org.hamcrest:hamcrest:3.0') library('mockito', 'org.mockito', 'mockito-core').versionRef('mockito') @@ -48,7 +48,7 @@ dependencyResolutionManagement { library('log4j.jul', 'org.apache.logging.log4j', 'log4j-jul').versionRef('log4j') library('log4j.slf4j', 'org.apache.logging.log4j', 'log4j-slf4j-impl').versionRef('log4j') - library('holidaycalculator', 'org.itsallcode:holiday-calculator:0.2.1') + library('holidaycalculator', 'org.itsallcode:holiday-calculator:0.2.2') } } }