From ef6d1a515ad66d3192500b42e396493ddaee04b5 Mon Sep 17 00:00:00 2001
From: Sergio del Amo <sergio.delamo@softamo.com>
Date: Mon, 23 Dec 2024 13:01:19 +0100
Subject: [PATCH] Sonatype Scan Gradle Plugin

https://github.com/sonatype-nexus-community/scan-gradle-plugin
---
 .github/workflows/gradle.yml                        |  5 +++++
 buildSrc/build.gradle                               |  1 +
 .../io.micronaut.build.internal.sql-module.gradle   | 13 +++++++++++++
 gradle/libs.versions.toml                           |  2 ++
 4 files changed, 21 insertions(+)

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 571e79a24..93e9389da 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -58,6 +58,11 @@ jobs:
         run: |
           [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
 
+      - name: "🚔 Sonatype Scan"
+        id: sonatypescan
+        run: |
+          ./gradlew ossIndexAudit --no-parallel
+
       - name: "🛠 Build with Gradle"
         id: gradle
         run: |
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 21e3c4541..2fdd54a09 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -9,4 +9,5 @@ repositories {
 
 dependencies {
     implementation libs.gradle.micronaut
+    implementation(libs.sonatype.scan)
 }
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.sql-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.sql-module.gradle
index 60ed265fe..8c6ff6c86 100644
--- a/buildSrc/src/main/groovy/io.micronaut.build.internal.sql-module.gradle
+++ b/buildSrc/src/main/groovy/io.micronaut.build.internal.sql-module.gradle
@@ -1,4 +1,17 @@
 plugins {
     id 'io.micronaut.build.internal.module'
     id 'io.micronaut.build.internal.sql-base'
+    id("org.sonatype.gradle.plugins.scan")
+}
+String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"]
+String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"]
+boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null
+if (sonatypePluginConfigured) {
+ossIndexAudit {
+    username = ossIndexUsername
+    password = ossIndexPassword
+    excludeCoordinates = [
+            "com.h2database:h2:2.3.232" // no version patched https://ossindex.sonatype.org/component/pkg:maven/com.h2database/h2
+    ]
+}
 }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9baa8c644..4c00e6af6 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -58,6 +58,7 @@ managed-h2 = "2.3.232"
 sfm-reflect = "9.0.2"
 # Needed for vertx pg client and micronaut-data hibernate reactive
 managed-ongres-scram = "2.1"
+sonatype-scan = "2.8.3"
 
 # Testing
 
@@ -150,6 +151,7 @@ managed-jakarta-transaction-api = { module = "jakarta.transaction:jakarta.transa
 
 sfm-reflect = { module = "org.simpleflatmapper:sfm-reflect", version.ref = "sfm-reflect" }
 managed-ongres-scram-client = { module = "com.ongres.scram:client", version.ref = "managed-ongres-scram" }
+sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }
 
 # Testresources