Skip to content

Commit

Permalink
SED-3153 Update dependency management (#42)
Browse files Browse the repository at this point in the history
  • Loading branch information
cl-exense authored Sep 3, 2024
1 parent 91305f6 commit 3b26733
Show file tree
Hide file tree
Showing 7 changed files with 128 additions and 185 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ bower_components/
.DS_Store
*.nupkg
*.iml
.idea/
2 changes: 1 addition & 1 deletion build_parameters.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
{
"NAME": "PRODUCTION",
"URL": "sonatype::https://oss.sonatype.org/service/local/staging/deploy/maven2",
"CONFIG": "DefaultBuild"
"CONFIG": "SignedBuild"
}
]
},
Expand Down
195 changes: 119 additions & 76 deletions step-api/pom.xml
Original file line number Diff line number Diff line change
@@ -1,65 +1,59 @@
<!--
Copyright (C) 2020, exense GmbH
This file is part of STEP
STEP is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
STEP is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with STEP. If not, see <http://www.gnu.org/licenses/>.
-->
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright (c) exense GmbH -->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>ch.exense.step</groupId>
<artifactId>step-api</artifactId>
<version>1.2.0-SNAPSHOT</version>
<version>0.0.0-SNAPSHOT</version>
<packaging>pom</packaging>

<name>Step API</name>
<description>
Step API
</description>
<url>http://exense.ch/</url>
<!-- required metadata for maven central -->
<name>${project.groupId}:${project.artifactId}</name>
<description>Step API</description>
<url>https://github.com/exense/step-api</url>

<licenses>
<license>
<name>The GNU Affero General Public License 3.0</name>
<url>http://www.gnu.org/licenses/</url>
<name>The GNU Affero General Public License, Version 3</name>
<url>https://www.gnu.org/licenses/#AGPL</url>
</license>
</licenses>

<developers>
<developer>
<name>exense Team</name>
<email>[email protected]</email>
<organization>exense GmbH</organization>
<organizationUrl>http://www.exense.ch</organizationUrl>
<url>http://step.exense.ch</url>
<name>Exense GmbH</name>
<organization>Exense GmbH</organization>
<organizationUrl>https://exense.ch</organizationUrl>
<email>[email protected]</email>
</developer>
</developers>

<scm>
<connection>scm:git:https://github.com/exense/step-api/</connection>
<connection>scm:git:https://github.com/exense/step-api.git</connection>
<developerConnection>scm:git:https://github.com/exense/step-api.git</developerConnection>
<url>https://github.com/exense/step-api/</url>
<url>https://github.com/exense/step-api</url>
</scm>
<!-- metadata end -->

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<!-- external dependencies -->
<slf4j.version>2.0.9</slf4j.version>
<junit.version>4.13.1</junit.version>
<jackson.version>2.13.3</jackson.version>

<dependencies.version>2024.8.27</dependencies.version>

<!-- maven build dependencies -->
<dep.mvn.jacoco.version>0.8.12</dep.mvn.jacoco.version>
<dep.mvn.compiler.version>3.8.0</dep.mvn.compiler.version>
<dep.mvn.dependency-check.version>10.0.3</dep.mvn.dependency-check.version>
<dep.mvn.deploy.version>3.0.0-M1</dep.mvn.deploy.version>
<dep.mvn.gpg.version>1.6</dep.mvn.gpg.version>
<dep.mvn.javadoc.version>3.3.2</dep.mvn.javadoc.version>
<dep.mvn.source.version>3.0.1</dep.mvn.source.version>
<dep.mvn.surefire.version>2.19.1</dep.mvn.surefire.version>
</properties>

<repositories>
Expand All @@ -75,33 +69,77 @@
</repository>
</repositories>

<!-- Reminder: don't forget to add all modules to the end of the dependencyManagement section just below -->
<modules>
<module>step-api-function</module>
<module>step-api-keyword</module>
<module>step-api-reporting</module>
<module>step-api-json-schema</module>
</modules>

<!-- available dependencies, can be used in dependent projects WITHOUT specifying a version number -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>${slf4j.version}</version>
<groupId>ch.exense.dependencies</groupId>
<artifactId>dependencies-junit</artifactId>
<version>${dependencies.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>ch.exense.dependencies</groupId>
<artifactId>dependencies-logging</artifactId>
<version>${dependencies.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>ch.exense.dependencies</groupId>
<artifactId>dependencies-jackson</artifactId>
<version>${dependencies.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- BOM of *this* project, exporting our OWN modules -->
<dependency>
<groupId>ch.exense.step</groupId>
<artifactId>step-api-function</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>ch.exense.step</groupId>
<artifactId>step-api-keyword</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>ch.exense.step</groupId>
<artifactId>step-api-reporting</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>ch.exense.step</groupId>
<artifactId>step-api-json-schema</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</dependencyManagement>

<!-- actually used dependencies, exported to all modules (but not externally referring projects) -->
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Expand All @@ -111,12 +149,12 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.0.0-M1</version>
<version>${dep.mvn.deploy.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
<version>${dep.mvn.compiler.version}</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
Expand All @@ -126,7 +164,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.0.1</version>
<version>${dep.mvn.source.version}</version>
<executions>
<execution>
<id>attach-sources</id>
Expand All @@ -140,7 +178,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.1.1</version>
<version>${dep.mvn.javadoc.version}</version>
<configuration>
<source>8</source>
</configuration>
Expand All @@ -157,7 +195,7 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.8</version>
<version>${dep.mvn.jacoco.version}</version>
<executions>
<execution>
<id>default-prepare-agent</id>
Expand All @@ -178,62 +216,67 @@

<profiles>
<profile>
<id>Default</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<build>
</build>
<!-- Local compilation - no signature -->
</profile>
<profile>
<id>DependencyCheck</id>
<id>SignedBuild</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<!-- Profile use for checking security issues in external dependencies -->
<build>
<plugins>
<!-- Signature -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>7.1.0</version>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${dep.mvn.gpg.version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>check</goal>
<goal>sign</goal>
</goals>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>DefaultBuild</id>
<id>DependencyCheck</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<!-- Profile use for checking security issues in external dependencies. -->
<!-- This may take a LOOONG time (possibly multiple minutes), even when using an API key -->
<!-- To quickly check the results, run this (in the project directory):
find . -name dependency-check-report.csv | xargs wc -l
-->
<!-- Anything that returns more than 1 line (the CSV header line) is potentially vulnerable. -->
<build>
<plugins>
<!-- Signature -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dep.mvn.dependency-check.version}</version>
<configuration>
<formats>HTML,CSV</formats>
<skipDependencyManagement>false</skipDependencyManagement>
<!-- <nvdApiKey>KEY_HERE</nvdApiKey>-->
<failOnError>false</failOnError>
</configuration>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<phase>
verify
</phase>
<goals>
<goal>sign</goal>
<goal>check</goal>
</goals>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</execution>
</executions>
</plugin>
Expand Down
20 changes: 1 addition & 19 deletions step-api/step-api-function/pom.xml
Original file line number Diff line number Diff line change
@@ -1,21 +1,3 @@
<!--
Copyright (C) 2020, exense GmbH
This file is part of STEP
STEP is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
STEP is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with STEP. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

Expand All @@ -24,7 +6,7 @@
<parent>
<groupId>ch.exense.step</groupId>
<artifactId>step-api</artifactId>
<version>1.2.0-SNAPSHOT</version>
<version>0.0.0-SNAPSHOT</version>
</parent>

<dependencies>
Expand Down
Loading

0 comments on commit 3b26733

Please sign in to comment.