chore: update gradle & dependencies (#14)

* fix(ci): upgrade Gradle Build Action to v2.4.2 to prevent secret leakage - Updated Gradle Build Action to v2.4.2 in GitHub workflows to fix potential secret leakage issue. * chore: update gradle to 8.9 * chore: update dependencies * chore: remove @OptIn annotations for duration usage - This is no longer needed in the newest kotlin release --------- Co-authored-by: Patrick Mirwald <[email protected]>
Liftric · Aug 12, 2024 · 8f2bfa2 · 8f2bfa2
1 parent 2350f30
commit 8f2bfa2
Show file tree

Hide file tree

Showing 9 changed files with 18 additions and 27 deletions.
diff --git a/.github/workflows/pre-merge.yaml b/.github/workflows/pre-merge.yaml
@@ -18,7 +18,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Cache
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v2.4.2
       - name: Validate
         run: ./gradlew check validatePlugins --continue
       - name: Integration Test

diff --git a/.github/workflows/publish-plugin.yaml b/.github/workflows/publish-plugin.yaml
@@ -15,7 +15,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Cache
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v2.4.2
       - name: Validate
         run: ./gradlew check validatePlugins --continue
       - name: Integration Test

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -69,24 +69,20 @@ tasks.named("publishPlugins") {
 }
 
 gradlePlugin {
+    website.set("https://github.com/Liftric/dependency-track-companion-plugin")
+    vcsUrl.set("https://github.com/Liftric/dependency-track-companion-plugin")
     testSourceSets(integrationTest)
     plugins {
         create("dependency-track-companion-plugin") {
             id = "$group.$name"
             implementationClass = "$group.dtcp.DepTrackCompanionPlugin"
             displayName = name
             description = "Common tasks for Dependency Track interaction, like SBOM upload or VEX Generation"
+            tags.set(listOf("dependency", "track", "sbom", "vex", "upload", "generate"))
         }
     }
 }
 
-pluginBundle {
-    website = "https://github.com/Liftric/dependency-track-companion-plugin"
-    vcsUrl = "https://github.com/Liftric/dependency-track-companion-plugin"
-    description = "Common tasks for Dependency Track interaction, like SBOM upload or VEX Generation"
-    tags = listOf("dependency", "track", "sbom", "vex", "upload", "generate")
-}
-
 dependencies {
     implementation(platform(libs.kotlinBom))
     implementation(libs.kotlinStdlibJdk8)

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -4,17 +4,17 @@ pluginManagement {
     dependencyResolutionManagement {
         versionCatalogs {
             create("libs") {
-                version("kotlin", "1.8.21")
-                version("ktor", "2.3.0")
-                version("cyclonedx-core-java", "7.3.2")
-                version("cyclonedx-gradle-plugin", "1.7.4")
-                version("junit-bom", "5.9.3")
+                version("kotlin", "1.9.25")
+                version("ktor", "2.3.12")
+                version("cyclonedx-core-java", "9.0.5")
+                version("cyclonedx-gradle-plugin", "1.9.0")
+                version("junit-bom", "5.10.3")
 
-                plugin("versioning", "net.nemerosa.versioning").version("3.0.0")
-                plugin("dockerCompose", "com.avast.gradle.docker-compose").version("0.16.12")
+                plugin("versioning", "net.nemerosa.versioning").version("3.1.0")
+                plugin("dockerCompose", "com.avast.gradle.docker-compose").version("0.17.7")
                 plugin("kotlinJvm", "org.jetbrains.kotlin.jvm").versionRef("kotlin")
                 plugin("kotlinSerialization", "org.jetbrains.kotlin.plugin.serialization").versionRef("kotlin")
-                plugin("gradlePluginPublish", "com.gradle.plugin-publish").version("1.2.0")
+                plugin("gradlePluginPublish", "com.gradle.plugin-publish").version("1.2.1")
 
                 library("kotlinStdlibJdk8", "org.jetbrains.kotlin", "kotlin-stdlib-jdk8").versionRef("kotlin")
                 library("cyclonedxCoreJava", "org.cyclonedx", "cyclonedx-core-java").versionRef("cyclonedx-core-java")

diff --git a/src/main/kotlin/com/liftric/dtcp/extensions/RiskScore.kt b/src/main/kotlin/com/liftric/dtcp/extensions/RiskScore.kt
@@ -6,9 +6,8 @@ import org.gradle.api.tasks.Input
 import org.gradle.api.tasks.Internal
 import org.gradle.api.tasks.Optional
 import kotlin.time.Duration
-import kotlin.time.ExperimentalTime
 
-data class RiskScore @OptIn(ExperimentalTime::class) constructor(
+data class RiskScore constructor(
     val maxRiskScore: Double?,
     val timeout: Duration?,
 )
@@ -20,12 +19,10 @@ class RiskScoreBuilder(@get:Internal val proj: Project) {
     @get:Optional
     val maxRiskScore: Property<Double> = proj.objects.property(Double::class.java)
 
-    @OptIn(ExperimentalTime::class)
     @get:Input
     @get:Optional
     val timeout: Property<Duration> = proj.objects.property(Duration::class.java)
 
-    @OptIn(ExperimentalTime::class)
     fun build(): RiskScore = RiskScore(
         maxRiskScore = this.maxRiskScore.orNull,
         timeout = this.timeout.orNull,

diff --git a/src/main/kotlin/com/liftric/dtcp/tasks/GenerateVexTask.kt b/src/main/kotlin/com/liftric/dtcp/tasks/GenerateVexTask.kt
@@ -4,7 +4,8 @@ import com.liftric.dtcp.extensions.VexComponent
 import com.liftric.dtcp.extensions.VexComponentBuilder
 import com.liftric.dtcp.extensions.VexVulnerability
 import com.liftric.dtcp.extensions.VexVulnerabilityBuilder
-import org.cyclonedx.generators.json.BomJsonGenerator14
+import org.cyclonedx.Version
+import org.cyclonedx.generators.json.BomJsonGenerator
 import org.cyclonedx.model.Bom
 import org.cyclonedx.model.vulnerability.Vulnerability
 import org.cyclonedx.parsers.JsonParser
@@ -128,7 +129,7 @@ abstract class GenerateVexTask : DefaultTask() {
     private fun parseInputFile(file: File): Bom = JsonParser().parse(file)
 
     private fun writeVexFile(outputFile: File) {
-        val json = BomJsonGenerator14(vexFile).toJsonString()
+        val json = BomJsonGenerator(vexFile, Version.VERSION_14).toJsonString()
         Files.createDirectories(Paths.get(outputFile.parent))
         outputFile.writeText(json)
     }

diff --git a/src/main/kotlin/com/liftric/dtcp/tasks/GetOutdatedDependenciesTask.kt b/src/main/kotlin/com/liftric/dtcp/tasks/GetOutdatedDependenciesTask.kt
@@ -3,7 +3,6 @@ package com.liftric.dtcp.tasks
 import com.liftric.dtcp.model.Component
 import com.liftric.dtcp.model.DirectDependency
 import com.liftric.dtcp.service.DependencyTrack
-import kotlinx.serialization.decodeFromString
 import kotlinx.serialization.json.Json
 import org.gradle.api.DefaultTask
 import org.gradle.api.GradleException

diff --git a/src/main/kotlin/com/liftric/dtcp/tasks/RiskScoreTask.kt b/src/main/kotlin/com/liftric/dtcp/tasks/RiskScoreTask.kt
@@ -11,7 +11,6 @@ import org.gradle.api.tasks.TaskAction
 import org.gradle.api.tasks.Input
 import org.gradle.api.tasks.Nested
 import org.gradle.api.tasks.Optional
-import kotlin.time.ExperimentalTime
 
 abstract class RiskScoreTask : DefaultTask() {
     @get:Input
@@ -36,7 +35,6 @@ abstract class RiskScoreTask : DefaultTask() {
     @get:Optional
     abstract val riskScore: Property<RiskScoreBuilder>
 
-    @OptIn(ExperimentalTime::class)
     @TaskAction
     fun riskScoreTask() {
         val apiKeyValue = apiKey.get()