Sonatype Scan Gradle Plugin

https://github.com/sonatype-nexus-community/scan-gradle-plugin
micronaut-projects · Dec 23, 2024 · ef6d1a5 · ef6d1a5
1 parent 126dc30
commit ef6d1a5
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 0 deletions.
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -58,6 +58,11 @@ jobs:
         run: |
           [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
 
+      - name: "🚔 Sonatype Scan"
+        id: sonatypescan
+        run: |
+          ./gradlew ossIndexAudit --no-parallel
+
       - name: "🛠 Build with Gradle"
         id: gradle
         run: |

diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -9,4 +9,5 @@ repositories {
 
 dependencies {
     implementation libs.gradle.micronaut
+    implementation(libs.sonatype.scan)
 }
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.sql-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.sql-module.gradle
@@ -1,4 +1,17 @@
 plugins {
     id 'io.micronaut.build.internal.module'
     id 'io.micronaut.build.internal.sql-base'
+    id("org.sonatype.gradle.plugins.scan")
+}
+String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"]
+String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"]
+boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null
+if (sonatypePluginConfigured) {
+ossIndexAudit {
+    username = ossIndexUsername
+    password = ossIndexPassword
+    excludeCoordinates = [
+            "com.h2database:h2:2.3.232" // no version patched https://ossindex.sonatype.org/component/pkg:maven/com.h2database/h2
+    ]
+}
 }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -58,6 +58,7 @@ managed-h2 = "2.3.232"
 sfm-reflect = "9.0.2"
 # Needed for vertx pg client and micronaut-data hibernate reactive
 managed-ongres-scram = "2.1"
+sonatype-scan = "2.8.3"
 
 # Testing
 
@@ -150,6 +151,7 @@ managed-jakarta-transaction-api = { module = "jakarta.transaction:jakarta.transa
 
 sfm-reflect = { module = "org.simpleflatmapper:sfm-reflect", version.ref = "sfm-reflect" }
 managed-ongres-scram-client = { module = "com.ongres.scram:client", version.ref = "managed-ongres-scram" }
+sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }
 
 # Testresources