diff --git a/.github/actions/maven-publish/action.yml b/.github/actions/maven-publish/action.yml index dbcd3b22..e75cefd8 100644 --- a/.github/actions/maven-publish/action.yml +++ b/.github/actions/maven-publish/action.yml @@ -1,20 +1,19 @@ name: Publish release to Java inputs: + java-version: + required: true + +secrets: ossr-username: required: true - ossr-password: + ossr-token: required: true signing-key: required: true signing-password: required: true - java-version: - required: true - is-android: - required: true - version: - required: true + runs: using: composite @@ -33,12 +32,11 @@ runs: - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@1.1.0 - - name: Publish Java - shell: bash - if: inputs.is-android == 'false' - run: ./gradlew clean assemble sign publishMavenJavaPublicationToMavenRepository -PisSnapshot=false -Pversion="${{ inputs.version }}" -PossrhUsername="${{ inputs.ossr-username }}" -PossrhPassword="${{ inputs.ossr-password }}" -PsigningKey="${{ inputs.signing-key }}" -PsigningPassword="${{ inputs.signing-password }}" + - name: Publish Android/Java Packages to Maven + run: ./gradlew publish -PisSnapshot=false + env: + MAVEN_USERNAME: ${{ secrets.ossr-username }} + MAVEN_PASSWORD: ${{ secrets.ossr-token }} + SIGNING_KEY: ${{ secrets.signing-key}} + SIGNING_PASSWORD: ${{ secrets.signing-password}} - - name: Publish Android - shell: bash - if: inputs.is-android == 'true' - run: ./gradlew clean assemble publishAndroidLibraryPublicationToMavenRepository -PisSnapshot=false -Pversion="${{ inputs.version }}" -PossrhUsername="${{ inputs.ossr-username }}" -PossrhPassword="${{ inputs.ossr-password }}" -PsigningKey="${{ inputs.signing-key }}" -PsigningPassword="${{ inputs.signing-password }}" diff --git a/.github/workflows/java-release.yml b/.github/workflows/java-release.yml index 3f81eb14..d707a12f 100644 --- a/.github/workflows/java-release.yml +++ b/.github/workflows/java-release.yml @@ -6,13 +6,11 @@ on: java-version: required: true type: string - is-android: - required: true - type: string + secrets: ossr-username: required: true - ossr-password: + ossr-token: required: true signing-key: required: true @@ -67,15 +65,13 @@ jobs: run: exit 1 # Publish the release to Maven + - name: Publish package to Maven - uses: ./.github/actions/maven-publish - with: - java-version: ${{ inputs.java-version }} - is-android: ${{ inputs.is-android }} - version: ${{ steps.get_version.outputs.version }} + secrets: ossr-username: ${{ secrets.ossr-username }} - ossr-password: ${{ secrets.ossr-password }} - signing-key: ${{ secrets.signing-key }} - signing-password: ${{ secrets.signing-password }} + ossr-token: ${{ secrets.ossr-token }} + signing-key: ${{ secrets.signing-key}} + signing-password: ${{ secrets.signing-password}} # Create a release for the tag - uses: ./.github/actions/release-create diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 21057e6e..130a0e76 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,10 +18,9 @@ jobs: uses: ./.github/workflows/java-release.yml with: java-version: 8.0.402-zulu - is-android: true secrets: ossr-username: ${{ secrets.OSSR_USERNAME }} - ossr-password: ${{ secrets.OSSR_PASSWORD }} + ossr-token: ${{ secrets.OSSR_TOKEN }} signing-key: ${{ secrets.SIGNING_KEY }} signing-password: ${{ secrets.SIGNING_PASSWORD }} github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..1935e798 --- /dev/null +++ b/.snyk @@ -0,0 +1,15 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: + SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135: + - '*': + reason: Latest version of dokka has this vulnerability + expires: 2024-06-27T07:00:56.333Z + created: 2024-05-28T07:00:56.334Z + SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744: + - '*': + reason: Latest version of dokka has this vulnerability + expires: 2024-06-27T07:01:24.820Z + created: 2024-05-28T07:01:24.825Z +patch: {} diff --git a/auth0/build.gradle b/auth0/build.gradle index c395523e..6b1f8c02 100644 --- a/auth0/build.gradle +++ b/auth0/build.gradle @@ -23,38 +23,15 @@ */ plugins { + id 'com.android.library' id 'kotlin-android' - id "com.auth0.gradle.oss-library.android" version "0.18.0" - id "org.jetbrains.dokka" version "1.4.20" } -logger.lifecycle("Using version ${version} for ${name}") - -def signingKey = findProperty('signingKey') -def signingKeyPwd = findProperty('signingPassword') - -oss { - name 'Auth0.Android' - repository 'Auth0.Android' - organization 'auth0' - description 'Android toolkit for Auth0 API' - skipAssertSigningConfiguration true +apply from: rootProject.file('gradle/versioning.gradle') - developers { - auth0 { - displayName = 'Auth0' - email = 'oss@auth0.com' - } - lbalmaceda { - displayName = 'Luciano Balmaceda' - email = 'luciano.balmaceda@auth0.com' - } - } -} +version = getVersionFromFile() -signing { - useInMemoryPgpKeys(signingKey, signingKeyPwd) -} +logger.lifecycle("Using version ${version} for ${name}") android { compileSdkVersion 31 @@ -101,12 +78,6 @@ ext { coroutinesVersion = '1.6.2' } -// Configure javadoc jar to use dokka output -// TODO update oss-plugin to use dokka instead of doing it here -javadocJar { - dependsOn "dokkaJavadoc" - from "$buildDir/dokka/javadoc" -} dependencies { implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version" @@ -134,4 +105,7 @@ dependencies { testImplementation 'org.robolectric:robolectric:4.6.1' testImplementation 'androidx.test.espresso:espresso-intents:3.5.1' testImplementation "org.jetbrains.kotlinx:kotlinx-coroutines-test:$coroutinesVersion" -} \ No newline at end of file +} + +apply from: rootProject.file('gradle/jacoco.gradle') +apply from: rootProject.file('gradle/maven-publish.gradle') \ No newline at end of file diff --git a/build.gradle b/build.gradle index 7f1655e1..d432f1c9 100644 --- a/build.gradle +++ b/build.gradle @@ -15,9 +15,18 @@ buildscript { dependencies { classpath 'com.android.tools.build:gradle:4.2.2' classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version" + classpath "org.jacoco:org.jacoco.core:0.8.5" } } +plugins { + id 'org.jetbrains.dokka' version '1.9.20' +} + +subprojects { + apply plugin: 'org.jetbrains.dokka' +} + allprojects { group = 'com.auth0.android' diff --git a/gradle.properties b/gradle.properties index dbc95062..7dd5d571 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,19 +1,25 @@ -# Project-wide Gradle settings. -# IDE (e.g. Android Studio) users: -# Gradle settings configured through the IDE *will override* -# any settings specified in this file. -# For more details on how to configure your build environment visit -# http://www.gradle.org/docs/current/userguide/build_environment.html -# Specifies the JVM arguments used for the daemon process. -# The setting is particularly useful for tweaking memory settings. +GROUP=com.auth0.android +POM_ARTIFACT_ID=auth0 + +POM_NAME=Auth0.Android +POM_DESCRIPTION=Android toolkit for Auth0 API +POM_PACKAGING=aar + +POM_URL=https://github.com/auth0/Auth0.Android +POM_SCM_URL=https://github.com/auth0/Auth0.Android +POM_SCM_CONNECTION=scm:git@github.com:auth0/Auth0.Android.git +POM_SCM_DEV_CONNECTION=scm:git@github.com:auth0/Auth0.Android.git + +POM_LICENCE_NAME=The MIT License (MIT) +POM_LICENCE_URL=https://raw.githubusercontent.com/auth0/Auth0.Android/master/LICENSE +POM_LICENCE_DIST=repo + +POM_DEVELOPER_ID=auth0 +POM_DEVELOPER_NAME=Auth0 +POM_DEVELOPER_EMAIL=oss@auth0.com + + org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8 -# When configured, Gradle will run in incubating parallel mode. -# This option should only be used with decoupled projects. More details, visit -# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects -# org.gradle.parallel=true -# AndroidX package structure to make it clearer which packages are bundled with the -# Android operating system, and which are packaged with your app"s APK -# https://developer.android.com/topic/libraries/support-library/androidx-rn android.useAndroidX=true # Automatically convert third-party libraries to use AndroidX android.enableJetifier=false diff --git a/gradle/jacoco.gradle b/gradle/jacoco.gradle new file mode 100644 index 00000000..5a1e3c32 --- /dev/null +++ b/gradle/jacoco.gradle @@ -0,0 +1,55 @@ +apply plugin: 'jacoco' + +jacoco { + toolVersion = "0.8.5" +} + +android { + testOptions { + unitTests.all { + jacoco { + includeNoLocationClasses = true + jacoco.excludes = ['jdk.internal.*'] + } + } + } +} + +afterEvaluate { + def jacocoTestReportTask = tasks.findByName("jacocoTestReport") + if (!jacocoTestReportTask) { + jacocoTestReportTask = tasks.create("jacocoTestReport") + jacocoTestReportTask.group = "Reporting" + jacocoTestReportTask.description = "Generate Jacoco coverage reports for all builds." + } + + android.libraryVariants.all { variant -> + def name = variant.name + def testTaskName = "test${name.capitalize()}UnitTest" + + def reportTask = tasks.create(name: "jacocoTest${name.capitalize()}UnitTestReport", type: JacocoReport, dependsOn: testTaskName) { + group = "Reporting" + description = "Generate Jacoco coverage reports for the ${name.capitalize()} build." + + classDirectories.from = fileTree( + dir: "${buildDir}/intermediates/javac/${name}", + excludes: ['**/R.class', + '**/R$*.class', + '**/*$ViewInjector*.*', + '**/*$ViewBinder*.*', + '**/BuildConfig.*', + '**/Manifest*.*'] + ) + + sourceDirectories.from = ['src/main/java'].plus(android.sourceSets[name].java.srcDirs) + executionData.from = "${buildDir}/jacoco/${testTaskName}.exec" + + reports { + xml.enabled = true + html.enabled = true + } + } + jacocoTestReportTask.dependsOn reportTask + } +} + diff --git a/gradle/maven-publish.gradle b/gradle/maven-publish.gradle new file mode 100644 index 00000000..567e224c --- /dev/null +++ b/gradle/maven-publish.gradle @@ -0,0 +1,97 @@ +apply plugin: 'maven-publish' +apply plugin: 'signing' + + +apply from: rootProject.file('gradle/versioning.gradle') + +task javadocJar(type: Jar, dependsOn: dokkaHtml) { + archiveClassifier = "javadoc" + from dokkaHtml.outputDirectory +} + +task sourcesJar(type: Jar) { + archiveClassifier = 'sources' + from android.sourceSets.main.java.source +} + +final releaseRepositoryUrl = "https://oss.sonatype.org/service/local/staging/deploy/maven2/" +final snapshotRepositoryUrl = "https://oss.sonatype.org/content/repositories/snapshots/" + +publishing { + publications { + release(MavenPublication) { + groupId = GROUP + artifactId = POM_ARTIFACT_ID + version = getVersionName() + + artifact("$buildDir/outputs/aar/${project.getName()}-release.aar") + artifact sourcesJar + artifact javadocJar + + pom { + name = POM_NAME + packaging = POM_PACKAGING + description = POM_DESCRIPTION + url = POM_URL + + licenses { + license { + name = POM_LICENCE_NAME + url = POM_LICENCE_URL + distribution = POM_LICENCE_DIST + } + } + + developers { + developer { + id = POM_DEVELOPER_ID + name = POM_DEVELOPER_NAME + email = POM_DEVELOPER_EMAIL + } + } + + scm { + url = POM_SCM_URL + connection = POM_SCM_CONNECTION + developerConnection = POM_SCM_DEV_CONNECTION + } + + withXml { + def dependenciesNode = asNode().appendNode('dependencies') + + project.configurations.implementation.allDependencies.each { + def dependencyNode = dependenciesNode.appendNode('dependency') + dependencyNode.appendNode('groupId', it.group) + dependencyNode.appendNode('artifactId', it.name) + dependencyNode.appendNode('version', it.version) + } + } + } + } + } + repositories { + maven { + name = "sonatype" + url = version.endsWith('SNAPSHOT') ? snapshotRepositoryUrl : releaseRepositoryUrl + credentials { + username = System.getenv("MAVEN_USERNAME") + password = System.getenv("MAVEN_PASSWORD") + } + } + } +} + + +signing { + def signingKey = System.getenv("SIGNING_KEY") + def signingPassword = System.getenv("SIGNING_PASSWORD") + useInMemoryPgpKeys(signingKey, signingPassword) + sign publishing.publications +} + + +publish.dependsOn build +tasks.named('signReleasePublication').configure { + dependsOn 'bundleReleaseAar' +} + diff --git a/gradle/versioning.gradle b/gradle/versioning.gradle new file mode 100644 index 00000000..3441ae11 --- /dev/null +++ b/gradle/versioning.gradle @@ -0,0 +1,17 @@ +def getVersionFromFile() { + def versionFile = rootProject.file('.version') + return versionFile.text.readLines().first().trim() +} + +def isSnapshot() { + return hasProperty('isSnapshot') ? isSnapshot.toBoolean() : true +} + +def getVersionName() { + return isSnapshot() ? project.version+"-SNAPSHOT" : project.version +} + +ext { + getVersionName = this.&getVersionName + getVersionFromFile = this.&getVersionFromFile +} \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index d355f4c4..669386b8 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-all.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists