-
Notifications
You must be signed in to change notification settings - Fork 12
/
build.gradle
128 lines (93 loc) · 3.66 KB
/
build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/*
* Licensed to the Fintech Open Source Foundation (FINOS) under one or
* more contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright ownership.
* FINOS licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
plugins {
id "org.owasp.dependencycheck"
id "com.github.jk1.dependency-license-report"
id "maven-publish"
id "signing"
id "io.github.gradle-nexus.publish-plugin"
}
apply from: "gradle/versions.gradle"
apply from: "gradle/functions.gradle"
apply from: "gradle/publish.gradle"
import com.github.jk1.license.filter.*
def versionNumber = ext.getVersionFromGit()
allprojects {
group 'org.finos.tracdap'
version versionNumber
}
subprojects {
buildDir = rootProject.buildDir.path + '/modules/' + project.name
// Publishing setup is defined in gradle/publish.gradle
project.afterEvaluate(publishModule)
// Workaround for a bug between Gradle and Jetbrains in the build system
// Jetbrains build with Gradle creates classpath.index, subsequent builds report duplicate output file
tasks.withType(Jar).tap { configureEach { duplicatesStrategy = DuplicatesStrategy.EXCLUDE } }
// Task for printing out the full solution dependency tree
tasks.register("dependencyReport", DependencyReportTask)
}
dependencyCheck {
def NVD_DATAFEED = System.getenv("NVD_DATAFEED")
def NVD_API_KEY = System.getenv("NVD_API_KEY")
outputDirectory = "$projectDir/build/compliance/platform-owasp"
suppressionFiles = ["$projectDir/dev/compliance/owasp-false-positives.xml"]
// CVSS score < 4 is "low severity" according to NIST
// https://nvd.nist.gov/vuln-metrics/cvss
failBuildOnCVSS = 4
nvd {
if (NVD_DATAFEED != null && !NVD_DATAFEED.allWhitespace) {
datafeedUrl = NVD_DATAFEED
}
if (NVD_API_KEY != null && !NVD_API_KEY.allWhitespace) {
apiKey = NVD_API_KEY.trim()
maxRetryCount = 10
delay = 1000
}
}
// NVD cache directory - do not overlap with OWASP check for other languages
// Note: Cache corruption can stop the scan from running, in which case the cache should be cleared
data {
directory = rootProject.projectDir.absolutePath + '/build/compliance-cache/nvd_java_platform'
}
// Disable analyzers for other languages
// This check is for the Java platform components only
analyzers {
nodeEnabled = false
assemblyEnabled = false
msbuildEnabled = false
nuspecEnabled = false
retirejs {
enabled = false
}
nodeAudit {
enabled = false
}
}
}
licenseReport {
outputDir = "$projectDir/build/compliance/platform-licenses"
allowedLicensesFile = new File("$projectDir/dev/compliance/permitted-licenses.json")
filters = [
new LicenseBundleNormalizer(createDefaultTransformationRules: true),
new LicenseBundleNormalizer(bundlePath: "$projectDir/dev/compliance/license-normalization.json")]
}
nexusPublishing {
repositories {
// Publishing via Sonatype OSSRH -> Maven Central
sonatype()
}
}