Sherlock Trunks - Version 3 (sonatype-nexus-community#171)

Author: shaikhu

.circleci/config.yml

@@ -1,10 +1,10 @@
 version: 2.1
 orbs:
-  gradle: circleci/gradle@1.0.11
+  gradle: circleci/gradle@3.0.0
 executors:
-  openjdk-8-executor:
+  openjdk-11-executor:
     docker:
-      - image: 'circleci/android:api-28-alpha'
+      - image: 'circleci/android:api-29'
 
 commands:
   configure-git:
@@ -23,7 +23,7 @@ commands:
 
 jobs:
   do-release:
-    executor: openjdk-8-executor
+    executor: openjdk-11-executor
     parameters:
       ssh-fingerprints:
         type: string
@@ -36,15 +36,15 @@ jobs:
       - gradle-release
 
 it-defaults: &it-defaults
-      executor: openjdk-8-executor
+      executor: openjdk-11-executor
       test_results_path: build/test-results
       reports_path: build/reports
 
 workflows:
   checkout-run_task:
     jobs:
       - gradle/test:
-          executor: openjdk-8-executor
+          executor: openjdk-11-executor
           test_results_path: build/test-results
           reports_path: build/reports
           test_command: test --no-daemon --debug --max-workers 2
@@ -70,36 +70,24 @@ workflows:
           test_command: --no-daemon -Dorg.gradle.daemon=false --info it2
   it3:
     jobs:
-    - gradle/test:
+      - gradle/test:
           <<: *it-defaults
           test_command: --no-daemon -Dorg.gradle.daemon=false --info it3
   it4:
     jobs:
-    - gradle/test:
+      - gradle/test:
           <<: *it-defaults
           test_command: --no-daemon -Dorg.gradle.daemon=false --info it4
   it5:
     jobs:
-    - gradle/test:
+      - gradle/test:
           <<: *it-defaults
           test_command: --no-daemon -Dorg.gradle.daemon=false --info it5
   it6:
-    jobs:
-    - gradle/test:
-          <<: *it-defaults
-          test_command: --no-daemon -Dorg.gradle.daemon=false --info it6
-
-  it7:
-    jobs:
-      - gradle/test:
-          <<: *it-defaults
-          test_command: --no-daemon -Dorg.gradle.daemon=false --info it7
-
-  it8:
     jobs:
       - gradle/test:
           <<: *it-defaults
-          test_command: --no-daemon -Dorg.gradle.daemon=false --info it8
+          test_command: --no-daemon -Dorg.gradle.daemon=false --info it6
 
   release:
     jobs:

.github/actions/setup/action.yml

@@ -7,7 +7,6 @@ runs:
       uses: actions/setup-java@v4
       with:
         distribution: 'temurin'
-        # TODO: Update this to Java 11 after branch `version3` is merged
-        java-version: 8
+        java-version: 11
     - name: Setup Gradle
       uses: gradle/actions/setup-gradle@v4

.github/workflows/ci.yaml

@@ -30,9 +30,8 @@ jobs:
     strategy:
       # might be helpful to limit threads in local builds
       #max-parallel: 2
-      # TODO: Update this to remove obsolete itX's after branch `version3` is merged
       matrix:
-        it: [it1, it2, it3, it4, it5, it6, it7, it8]
+        it: [it1, it2, it3, it4, it5, it6]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -68,4 +67,4 @@ jobs:
           username: ${{ secrets.SONATYPE_LIFECYCLE_USERNAME }}
           password: ${{ secrets.SONATYPE_LIFECYCLE_PASSWORD }}
           application-id: 'scan-gradle-plugin'
-          scan-targets: '.'
+          scan-targets: './build.gradle'

.java-version

@@ -0,0 +1 @@
+11

README.md

@@ -42,7 +42,16 @@ If you want to save some time, skip integration tests:
 > ./gradlew integrationTest
 
 ## Compatibility
-The plugin can be used on projects with Gradle 3.3 or higher (local installation or wrapper) and Java 8 installed locally.
+The plugin from release 3.0.0 onwards, can be used with Java 11 installed locally on projects with Gradle versions:
+- 5.0 until 6.4.1
+- 7.6.4
+- 8.3 or higher
+
+It has ranges of supported versions due to a known bug in Gradle for plugins with multi-jar dependencies. See more at:
+- https://github.com/gradle/gradle/issues/27156
+- https://discuss.gradle.org/t/is-there-any-way-to-skip-gradle-instrumenting-classpath-file-transformer/45213/3
+
+All plugin releases prior to 3.0.0, can be used on projects with Gradle 3.3 or higher (local installation or wrapper) and Java 8 installed locally.
 
 ## Supported Programming Languages
 Gradle can be used to build projects developed in various programming languages. This plugin supports:
@@ -72,6 +81,13 @@ Some basic examples follow, which we strongly advise reading :)
 
 After doing so, specific usage on CI tools can be found at https://github.com/guillermo-varela/example-scan-gradle-plugin
 
+Also, when running the tasks please set the log level to `INFO` to see results using `-i` or `--info`:
+
+```
+./gradlew ossIndexAudit --info
+./gradlew nexusIQScan --info
+```
+
 ### OSS Index
 OSS Index can be used without any extra configuration, but to avoid reaching the limit for anonymous queries every user
 is encouraged to create a free account on [OSS Index](https://ossindex.sonatype.org/user/signin) and use the credentials

build.gradle

@@ -1,13 +1,10 @@
-import com.github.jengelman.gradle.plugins.shadow.tasks.ConfigureShadowRelocation
-
 plugins {
   id 'java-gradle-plugin'
   id 'maven-publish'
   id 'signing'
   id 'net.researchgate.release' version '3.0.0'
   id 'io.codearte.nexus-staging' version '0.30.0'
   id 'com.gradle.plugin-publish' version '0.21.0'
-  id 'com.github.johnrengelman.shadow' version '7.1.2'
 }
 
 apply from: 'gradle/integration-test.gradle'
@@ -26,8 +23,8 @@ gradlePlugin {
 }
 
 java {
-  sourceCompatibility = JavaVersion.VERSION_1_8
-  targetCompatibility = JavaVersion.VERSION_1_8
+  sourceCompatibility = JavaVersion.VERSION_11
+  targetCompatibility = JavaVersion.VERSION_11
   withJavadocJar()
   withSourcesJar()
 }
@@ -49,49 +46,33 @@ jar {
   }
 }
 
-shadowJar {
-  mergeServiceFiles()
-  archiveClassifier.set('')
-}
-
-task relocateShadowJar(type: ConfigureShadowRelocation) {
-  target = tasks.shadowJar
-}
-
-tasks.shadowJar.dependsOn tasks.relocateShadowJar
-
-artifacts {
-  archives shadowJar
-}
-
 allprojects {
   repositories {
     mavenCentral()
   }
 }
 
-dependencies {
-  shadow localGroovy()
-  shadow gradleApi()
+ext {
+  nexusPlatformApiVersion='5.1.2-01'
+  ossIndexClientVersion='1.8.2'
+  logbackVersion='1.3.14'
+  commonsIoVersion='2.16.1'
 
-  implementation ("com.sonatype.nexus:nexus-platform-api:$nexusPlatformApiVersion") {
-    exclude group: 'org.eclipse.jgit', module: 'org.eclipse.jgit'
-  }
-  implementation 'org.eclipse.jgit:org.eclipse.jgit:5.13.3.202401111512-r'
+  junitVersion='4.13.2'
+  mockitoVersion='5.12.0'
+  assertJVersion='3.25.3'
+}
+
+dependencies {
+  implementation "com.sonatype.nexus:nexus-platform-api:$nexusPlatformApiVersion"
   implementation "org.sonatype.ossindex:ossindex-service-client:$ossIndexClientVersion"
   implementation "ch.qos.logback:logback-classic:$logbackVersion"
   implementation "commons-io:commons-io:$commonsIoVersion"
 
   testImplementation gradleTestKit()
   testImplementation "junit:junit:$junitVersion"
   testImplementation "org.assertj:assertj-core:$assertJVersion"
-  testImplementation "org.powermock:powermock-module-junit4:$powermockVersion"
-  testImplementation "org.powermock:powermock-api-mockito2:$powermockVersion"
-}
-
-// Remove the gradleApi so it isn't merged into the jar file when applying 'shadow'
-configurations.named(JavaPlugin.API_CONFIGURATION_NAME) {
-  dependencies.remove(project.dependencies.gradleApi())
+  testImplementation "org.mockito:mockito-core:${mockitoVersion}"
 }
 
 processResources {
@@ -104,14 +85,6 @@ test {
   maxHeapSize = '512m'
 }
 
-sourceSets {
-  test {
-    // Groovy and Gradle libraries on the new shadow configuration need to be available for tests
-    compileClasspath = configurations.shadow + compileClasspath
-    runtimeClasspath = configurations.shadow + runtimeClasspath
-  }
-}
-
 publishing {
   afterEvaluate {
     def pluginUrl = 'https://github.com/sonatype-nexus-community/scan-gradle-plugin'

gradle.properties

@@ -15,14 +15,5 @@
 #
 
 group=org.sonatype.gradle.plugins
-version=2.8.4-SNAPSHOT
+version=3.0.0-SNAPSHOT
 release.useAutomaticVersion=true
-
-nexusPlatformApiVersion=4.0.7-01
-ossIndexClientVersion=1.8.2
-logbackVersion=1.3.14
-commonsIoVersion=2.16.1
-
-junitVersion=4.13.2
-powermockVersion=2.0.9
-assertJVersion=3.25.3

gradle/integration-test.gradle

@@ -12,14 +12,12 @@ task integrationTest(type: Test) {
   group = 'verification'
 }
 
-['**/ScanIT_Gradle_Versions_3_3*.class',
- '**/ScanIT_Gradle_Versions_4_1*.class',
- '**/ScanIT_Gradle_Versions_4_4*.class',
- '**/ScanIT_Gradle_Versions_5_0*.class',
+['**/ScanIT_Gradle_Versions_5_0*.class',
  '**/ScanIT_Gradle_Versions_5_5*.class',
  '**/ScanIT_Gradle_Versions_6_0*.class',
- '**/ScanIT_Gradle_Versions_6_6*.class',
- '**/ScanIT_Gradle_Versions_7_0*.class'].eachWithIndex { className, index ->
+ '**/ScanIT_Gradle_Versions_7_6*.class',
+ '**/ScanIT_Gradle_Versions_8_3*.class',
+ '**/ScanIT_Gradle_Versions_8_6*.class'].eachWithIndex { className, index ->
   task "it${index + 1}"(type: Test) {
     includes = [className]
     description = "Runs the integration tests on class $className."

gradle/wrapper/gradle-wrapper.jar

@@ -1,5 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists