Initial project setup

[rammrain]

Summary

• Initialize Gradle 9.4.1 with java-library plugin and BitWeb conventions (split build: build.gradle, test.gradle, library.gradle)
• Add MontonioSdkConfiguration with sandbox base URL default and test
• Add GitHub Actions CI workflow running tests on Java 17, 21, and 25
• Add .sdkmanrc, .gitignore, CLAUDE.md

Closes #1

Test plan

• ./gradlew build passes locally
• ./gradlew test passes (verifies sandbox base URL default)
• CI workflow runs on PR

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added SDK configuration allowing base-URL selection (defaults to sandbox).

• Chores

  • Added project build system, wrapper and publication configuration.
  • Added CI workflow to run tests and produce build artifacts automatically.
  • Added developer tooling config and ignore rules for common local/generated files.
  • Added line-ending attributes for wrapper scripts.

• Tests

  • Added unit/integration test tasks and a test asserting default base URL.

• Documentation

  • Added repository documentation with build and test guidance.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: feb8d023-4443-4504-bb20-6a08127767da

📥 Commits

Reviewing files that changed from the base of the PR and between 3fd4a76 and 3708c59.

📒 Files selected for processing (1)

• library.gradle

🚧 Files skipped from review as they are similar to previous changes (1)

• library.gradle

---

📝 Walkthrough

Walkthrough

Initial project scaffolding: Gradle build and wrapper, CI workflow, VCS configs, publication/signing scripts, test and coverage tasks, a simple SDK configuration class with default sandbox URL, and corresponding unit test.

Changes

Cohort / File(s)	Summary
CI/CD and Workflow ​.github/workflows/build.yml	Adds GitHub Actions workflow named "Build": pull_request and push to main triggers; test job runs Gradle tests across Java matrix (17, 21, 25); build job depends on test, runs with Java 17 and uploads build/libs/*.jar as montonio-sdk artifact.
VCS & SDK configuration ​.gitignore, ​.gitattributes, ​.sdkmanrc	Adds ignore rules for IDE/build/OS files, enforces LF/CRLF for wrapper scripts, and pins Java 17 via .sdkmanrc.
Gradle core & wrapper build.gradle, gradle.properties, settings.gradle, gradle/wrapper/gradle-wrapper.properties, gradlew, gradlew.bat	Introduces top-level Gradle configuration (plugins, Java compile args, JUnit BOM), disables welcome message, adds wrapper properties and platform scripts, and sets root project name montonio-sdk.
Library publication & signing library.gradle	Adds java-library, maven-publish, signing and Nexus publishing configuration; defines mavenJava publication with artifactId = 'montonio-sdk', POM metadata, conditional Sonatype publishing and in-memory PGP signing.
Testing & Coverage test.gradle	Adds jacoco, configures test to use JUnit Platform, defines unitTest and integrationTest tasks with tag filtering, creates Jacoco XML reports, and registers testAndReport aggregation task.
Documentation CLAUDE.md	Adds project guidance: overview, required tooling (Java 17, Gradle), common Gradle commands and expected Gradle file split.
Source & Tests src/main/java/ee/bitweb/montonio/sdk/MontonioSdkConfiguration.java, src/test/java/ee/bitweb/montonio/sdk/MontonioSdkConfigurationTest.java	Adds MontonioSdkConfiguration with SANDBOX_BASE_URL constant and configurable baseUrl (Lombok getters/setters), plus unit test asserting default sandbox base URL.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through build scripts, tidy and neat,
Gradle seedlings sprout beneath my feet.
Sandbox URL curled in a basket snug,
Tests do a jig, jars packed with a hug.
Tiny paws clap: "Prepare to ship!" 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Initial project setup' accurately and concisely summarizes the main objective of the pull request, which establishes the foundation for the Montonio Java SDK project.
Linked Issues check	✅ Passed	The pull request successfully addresses all requirements from issue #1: Gradle and Wrapper initialization [#1], gitignore addition [#1], configuration class with baseUrl [#1], and GitHub Actions CI workflow for Java 17/21/25 [#1].
Out of Scope Changes check	✅ Passed	All changes are within scope and directly support the initial project setup: configuration files, build scripts, CI/CD workflow, and foundational documentation align with the linked issue #1 objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/initial-setup

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rammrain]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (3)

build.gradle (1)

1-5: Redundant buildscript classpath declaration.

The org.owasp:dependency-check-gradle in the buildscript classpath (line 3) is redundant since the plugin is already applied with a version in the plugins block (line 9). The buildscript block can be removed.

♻️ Suggested removal

-buildscript {
-    dependencies {
-        classpath 'org.owasp:dependency-check-gradle'
-    }
-}
-
 plugins {
     id 'java'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@build.gradle` around lines 1 - 5, Remove the redundant buildscript classpath
declaration: delete the entire buildscript { dependencies { classpath
'org.owasp:dependency-check-gradle' } } block because the dependency-check
Gradle plugin is already applied via the plugins block
(org.owasp:dependency-check-gradle with a version); keep the plugins block
intact and ensure no other code depends on the removed buildscript symbol.

library.gradle (1)

62-64: Reconsider including source files in the main JAR.

Including sourceSets.main.allSource in the main JAR bundles source code alongside compiled classes, which is unusual. Sources are typically only in the -sources.jar (already enabled via withSourcesJar()). This doubles the JAR size and may expose implementation details.

♻️ Consider removing this

-jar {
-    from sourceSets.main.allSource
-}

If you intentionally want sources in the main JAR (e.g., for IDE debugging without attaching sources), please add a comment explaining the rationale.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@library.gradle` around lines 62 - 64, The jar task currently includes
sourceSets.main.allSource which packages source files into the main JAR
(duplicating withSourcesJar()); remove sourceSets.main.allSource from the jar
configuration unless you intentionally need sources in the runtime artifact, or
if keeping it add a clear comment explaining the rationale (e.g., "include
sources in main JAR for IDE debugging without attaching sources"). Update the
jar task (referencing jar and sourceSets.main.allSource) so only compiled
classes are packaged and rely on withSourcesJar() to publish sources, or
document why this special behavior is required.

test.gradle (1)

21-27: JaCoCo report tasks should explicitly depend on their test tasks.

The jacocoUnitTestReport and jacocoIntegrationTestReport tasks reference executionData from test tasks but don't declare dependsOn. This means running the report task directly may fail if tests haven't been executed.

♻️ Proposed fix

 tasks.register('jacocoUnitTestReport', JacocoReport) {
+    dependsOn unitTest
     sourceSets sourceSets.main
     executionData unitTest
     reports {
         xml.required = true
     }
 }

 tasks.register('jacocoIntegrationTestReport', JacocoReport) {
+    dependsOn integrationTest
     sourceSets sourceSets.main
     executionData integrationTest
     reports {
         xml.required = true
     }
 }

Also applies to: 29-35

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test.gradle` around lines 21 - 27, The jacoco report tasks
(jacocoUnitTestReport and jacocoIntegrationTestReport) declare executionData
from test tasks but don’t declare task dependencies, so running them directly
can fail; update the task registrations for jacocoUnitTestReport and
jacocoIntegrationTestReport to add explicit dependsOn on the corresponding test
tasks (unitTest and integrationTest) — e.g., ensure
jacocoUnitTestReport.dependsOn(unitTest) and
jacocoIntegrationTestReport.dependsOn(integrationTest) or use
dependsOn(tasks.named('unitTest')) / dependsOn(tasks.named('integrationTest'))
so the tests run before the reports are generated.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@build.gradle`:
- Around line 9-11: The junit BOM version is pinned to 5.12.2 in build.gradle;
update the org.junit:junit-bom dependency declaration (look for the string
"org.junit:junit-bom" and the version "5.12.2") to the latest 5.14.3 so the
project uses the current JUnit BOM with bug and security fixes.

In `@gradle.properties`:
- Line 1: Remove the insecure Gradle property that disables checksum
verification: delete the line
`systemProp.org.gradle.internal.publish.checksums.insecure=true` from
gradle.properties so Maven publish integrity checks remain enforced; if there
was a specific reason for disabling checksums, replace it with documented,
secure alternatives or add a comment explaining and tracking the justification
instead of leaving the insecure flag in place.

In `@gradlew.bat`:
- Around line 1-94: gradlew.bat currently uses LF-only line endings which breaks
Windows batch parsing; convert gradlew.bat to CRLF and add a .gitattributes
entry to force CRLF for the batch wrapper (e.g., set "gradlew.bat text eol=crlf"
and ensure gradlew stays as appropriate), then re-normalize in Git (git add
--renormalize gradlew.bat and commit) so labels like :execute and
:findJavaFromJavaHome parse correctly on Windows.

In `@library.gradle`:
- Line 38: Replace the bitwise AND operator (&) with the logical AND operator
(&&) in the conditional checks that test
project.hasProperty('mavenCentralUsername') &
project.hasProperty('mavenCentralPassword') (and the analogous occurrence later
in the file), so the if expressions use short-circuit evaluation (e.g., change
the expression calling project.hasProperty(...) & project.hasProperty(...) to
use &&).
- Around line 49-54: The signing block currently always calls sign
publishing.publications.mavenJava even when keys are absent; update the signing
configuration (the signing block) to only call sign
publishing.publications.mavenJava when signing is required and keys exist: wrap
or gate the sign(...) call behind the same condition that checks
project.hasProperty("signingKey") && project.hasProperty("signingPassword") or
use signing.required { ... } logic to skip signing for snapshots/local builds;
ensure useInMemoryPgpKeys(project.signingKey, project.signingPassword) remains
inside that conditional so signing only runs when keys are configured.
- Around line 26-30: The SCM block currently uses incorrect prefixes; update the
scm configuration in the Gradle publishing setup (the scm { ... } block) so that
both connection and developerConnection use the required "scm:git:" prefix
(e.g., change "scm:https://..." to "scm:git:https://..." and "scm:git@..." to
"scm:git:git@..."), leaving the url field unchanged to satisfy Maven Central's
SCM URL format requirements.

In `@test.gradle`:
- Around line 37-40: The task declaration for testAndReport currently registers
the task as type Test which creates an empty test execution; change the
registration to use DefaultTask instead of Test so it only orchestrates other
tasks (update the tasks.register('testAndReport', Test) call to use DefaultTask
and keep the existing mustRunAfter and dependsOn configuration for 'unitTest',
'integrationTest', 'jacocoUnitTestReport', and 'jacocoIntegrationTestReport').

---

Nitpick comments:
In `@build.gradle`:
- Around line 1-5: Remove the redundant buildscript classpath declaration:
delete the entire buildscript { dependencies { classpath
'org.owasp:dependency-check-gradle' } } block because the dependency-check
Gradle plugin is already applied via the plugins block
(org.owasp:dependency-check-gradle with a version); keep the plugins block
intact and ensure no other code depends on the removed buildscript symbol.

In `@library.gradle`:
- Around line 62-64: The jar task currently includes sourceSets.main.allSource
which packages source files into the main JAR (duplicating withSourcesJar());
remove sourceSets.main.allSource from the jar configuration unless you
intentionally need sources in the runtime artifact, or if keeping it add a clear
comment explaining the rationale (e.g., "include sources in main JAR for IDE
debugging without attaching sources"). Update the jar task (referencing jar and
sourceSets.main.allSource) so only compiled classes are packaged and rely on
withSourcesJar() to publish sources, or document why this special behavior is
required.

In `@test.gradle`:
- Around line 21-27: The jacoco report tasks (jacocoUnitTestReport and
jacocoIntegrationTestReport) declare executionData from test tasks but don’t
declare task dependencies, so running them directly can fail; update the task
registrations for jacocoUnitTestReport and jacocoIntegrationTestReport to add
explicit dependsOn on the corresponding test tasks (unitTest and
integrationTest) — e.g., ensure jacocoUnitTestReport.dependsOn(unitTest) and
jacocoIntegrationTestReport.dependsOn(integrationTest) or use
dependsOn(tasks.named('unitTest')) / dependsOn(tasks.named('integrationTest'))
so the tests run before the reports are generated.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 08d9d713-b6d8-4538-927b-7b3445626f17

📥 Commits

Reviewing files that changed from the base of the PR and between 9ee59aa and 35dc4b6.

⛔ Files ignored due to path filters (1)

• gradle/wrapper/gradle-wrapper.jar is excluded by !**/*.jar

📒 Files selected for processing (14)

• .github/workflows/build.yml
• .gitignore
• .sdkmanrc
• CLAUDE.md
• build.gradle
• gradle.properties
• gradle/wrapper/gradle-wrapper.properties
• gradlew
• gradlew.bat
• library.gradle
• settings.gradle
• src/main/java/ee/bitweb/montonio/sdk/MontonioSdkConfiguration.java
• src/test/java/ee/bitweb/montonio/sdk/MontonioSdkConfigurationTest.java
• test.gradle

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

test.gradle (1)

37-41: Use lazy task references instead of eager lookup in testAndReport.

Line 40 uses tasks.getByName('integrationTest'), which eagerly realises the task and bypasses Gradle's configuration avoidance. Use tasks.named() to keep configuration lazy.

♻️ Proposed refactor

 tasks.register('testAndReport') {
     group = "verification"
     description = "Runs unit and integration tests with coverage reports"
-    tasks.getByName('integrationTest').mustRunAfter('unitTest')
+    tasks.named('integrationTest') {
+        mustRunAfter(tasks.named('unitTest'))
+    }
     dependsOn('unitTest', 'integrationTest', 'jacocoUnitTestReport', 'jacocoIntegrationTestReport')
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test.gradle` around lines 37 - 41, The task registration for testAndReport
currently uses an eager lookup tasks.getByName('integrationTest') which realizes
the task; change that to use lazy references via tasks.named('integrationTest')
for mustRunAfter, and convert the dependsOn list to use lazy/task provider
references (e.g., tasks.named('unitTest'), tasks.named('integrationTest'), and
the jacoco report tasks via tasks.named(...)) so configuration avoidance is
preserved; update references in the testAndReport closure for mustRunAfter and
dependsOn to use tasks.named(...) instead of tasks.getByName(...).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@library.gradle`:
- Around line 16-31: The POM's pom { ... } metadata is missing the required
developers section causing Maven Central validation to fail; update the pom
block to include a developers { developer { id, name, email, url } } entry (add
one or more developer entries) with real maintainer values so the publication
has the mandatory developers metadata; ensure the developers block is placed
alongside name/description/url/licenses/scm inside the existing pom closure
(reference: the pom block in library.gradle).
- Around line 62-64: The build currently forces sources into the main runtime
artifact via the jar { from sourceSets.main.allSource } block; remove that jar
block so the main JAR stays lean and rely on the existing withSourcesJar()
configuration to produce the separate sources JAR. Locate and delete the jar {
from sourceSets.main.allSource } block (reference: jar and
sourceSets.main.allSource) and keep withSourcesJar() as-is.

---

Nitpick comments:
In `@test.gradle`:
- Around line 37-41: The task registration for testAndReport currently uses an
eager lookup tasks.getByName('integrationTest') which realizes the task; change
that to use lazy references via tasks.named('integrationTest') for mustRunAfter,
and convert the dependsOn list to use lazy/task provider references (e.g.,
tasks.named('unitTest'), tasks.named('integrationTest'), and the jacoco report
tasks via tasks.named(...)) so configuration avoidance is preserved; update
references in the testAndReport closure for mustRunAfter and dependsOn to use
tasks.named(...) instead of tasks.getByName(...).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5cc49dea-7a1d-4a52-a11b-25570bc3a398

📥 Commits

Reviewing files that changed from the base of the PR and between 35dc4b6 and 3fd4a76.

📒 Files selected for processing (5)

• .gitattributes
• build.gradle
• gradle.properties
• library.gradle
• test.gradle

✅ Files skipped from review due to trivial changes (3)

• gradle.properties
• .gitattributes
• build.gradle