diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index f0cb2c7..eebbb1b 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -34,4 +34,4 @@ jobs:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
chmod +x gradlew
- ./gradlew --continue build sonar
+ ./gradlew build sonar
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..0f62b9c
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,35 @@
+# Publish to Maven Central
+
+name: publish
+
+on:
+ repository_dispatch:
+ types: manual-publish
+ release:
+ types: [ created ]
+
+jobs:
+ publish:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Set up JDK
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'adopt'
+ java-version: '17'
+ cache: 'gradle'
+
+ - name: Publish
+ run: |
+ chmod +x gradlew
+ ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
+ env:
+ ORG_GRADLE_PROJECT_nexusUsername: ${{ secrets.NEXUS_USERNAME }}
+ ORG_GRADLE_PROJECT_nexusPassword: ${{ secrets.NEXUS_PASSWORD }}
+ ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SEER_GPG_SECRET_KEY }}
+ ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SEER_GPG_PASSWORD }}
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index 45d4834..4ef0501 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,13 +1,15 @@
+import java.time.Duration
+
plugins {
id 'java-library'
id 'jacoco'
- id 'com.github.spotbugs' version '5.0.14'
+ id 'com.github.spotbugs' version '5.2.1'
id 'maven-publish'
id 'signing'
- id 'io.github.gradle-nexus.publish-plugin' version '1.3.0'
- id 'org.sonatype.gradle.plugins.scan' version '2.6.0'
- id "com.github.ben-manes.versions" version '0.47.0'
- id "org.sonarqube" version "4.2.1.3168"
+ id 'io.github.gradle-nexus.publish-plugin' version '1.3.0' // publish to Maven Central
+ id 'com.github.ben-manes.versions' version '0.49.0' // check for out-of-date dependencies (run 'dependencyUpdates' manually)
+ id 'org.sonatype.gradle.plugins.scan' version '2.6.1' // scan for vulnerabilities
+ id 'org.sonarqube' version '4.4.1.3373' // sonarQube analysis
}
group = 'com.imsweb'
@@ -21,21 +23,21 @@ repositories {
}
dependencies {
- implementation 'org.apache.commons:commons-lang3:3.12.0'
- implementation 'org.apache.commons:commons-compress:1.22'
- implementation 'commons-io:commons-io:2.13.0'
+ implementation 'org.apache.commons:commons-lang3:3.13.0'
+ implementation 'org.apache.commons:commons-compress:1.24.0'
+ implementation 'commons-io:commons-io:2.14.0'
testImplementation 'junit:junit:4.13.2'
}
// enforce UTF-8, display the compilation warnings
-tasks.withType(JavaCompile) {
+tasks.withType(JavaCompile).configureEach {
options.encoding = 'UTF-8'
options.compilerArgs << '-Xlint:unchecked' << '-Xlint:deprecation'
}
// the Javadoc was made way too strict in Java 8 and it's not worth the time fixing everything!
-tasks.withType(Javadoc) {
+tasks.withType(Javadoc).configureEach {
options.addStringOption('Xdoclint:none', '-quiet')
}
@@ -65,7 +67,7 @@ jar {
// spotbugs plugin settings
spotbugs {
- excludeFilter = file('config/spotbugs/spotbugs-exclude.xml')
+ excludeFilter.set(file('config/spotbugs/spotbugs-exclude.xml'))
}
jacocoTestReport {
@@ -77,9 +79,10 @@ test.finalizedBy jacocoTestReport
sonarqube {
properties {
- property "sonar.projectKey", "imsweb_seerutils"
- property "sonar.organization", "imsweb"
- property "sonar.host.url", "https://sonarcloud.io"
+ property 'sonar.projectKey', 'imsweb_seerutils'
+ property 'sonar.organization', 'imsweb'
+ property 'sonar.host.url', 'https://sonarcloud.io'
+ //property 'sonar.gradle.skipCompile', 'true' // this is supposed to remove the warning about the compilation timing, but it doesn't :-(
}
}
@@ -88,6 +91,7 @@ ossIndexAudit {
outputFormat = 'DEPENDENCY_GRAPH'
printBanner = false
}
+check.dependsOn 'ossIndexAudit'
def isNonStable = { String version ->
def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { it -> version.toUpperCase().contains(it) }
@@ -150,8 +154,10 @@ publishing {
// setup JAR signing
signing {
- def signingKey = project.findProperty('signing.armored.key') ?: ''
- def signingPassword = project.findProperty('signing.armored.password') ?: ''
+ required { !project.version.endsWith('-SNAPSHOT') }
+
+ String signingKey = project.findProperty('signing.armored.key') ?: ''
+ String signingPassword = project.findProperty('signing.armored.password') ?: ''
useInMemoryPgpKeys(signingKey, signingPassword)
@@ -169,23 +175,17 @@ nexusPublishing {
}
}
- clientTimeout = java.time.Duration.ofSeconds(300)
- connectTimeout = java.time.Duration.ofSeconds(60)
+ clientTimeout = Duration.ofSeconds(300)
+ connectTimeout = Duration.ofSeconds(60)
transitionCheckOptions {
maxRetries.set(50)
- delayBetween.set(java.time.Duration.ofMillis(5000))
+ delayBetween.set(Duration.ofMillis(5000))
}
}
-// don't try to release a snapshot to a non-snapshot repository, that won't work anyway
-if (version.endsWith('-SNAPSHOT')) {
- gradle.startParameter.excludedTaskNames += 'signMavenJavaPublication'
- gradle.startParameter.excludedTaskNames += 'closeAndReleaseSonatypeStagingRepository'
-}
-
// Gradle wrapper, this allows to build the project without having to install Gradle!
wrapper {
- gradleVersion = '8.2.1'
+ gradleVersion = '8.4'
distributionType = Wrapper.DistributionType.ALL
}
diff --git a/config/spotbugs/spotbugs-exclude.xml b/config/spotbugs/spotbugs-exclude.xml
index 31e5232..ab5f588 100644
--- a/config/spotbugs/spotbugs-exclude.xml
+++ b/config/spotbugs/spotbugs-exclude.xml
@@ -8,4 +8,8 @@
+
+
+
+
\ No newline at end of file
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index c747538..8838ba9 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-all.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
diff --git a/settings.gradle b/settings.gradle
index 849cd01..f069e9c 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1 +1,4 @@
-rootProject.name = 'seerutils'
\ No newline at end of file
+rootProject.name = 'seerutils'
+
+// following can be removed when sonarQube plugin is upgraded to 5.x
+System.setProperty('sonar.gradle.skipCompile', 'true')
\ No newline at end of file
diff --git a/src/main/java/com/imsweb/seerutils/zip/ZipArchiveThresholdInputStream.java b/src/main/java/com/imsweb/seerutils/zip/ZipArchiveThresholdInputStream.java
index 4b5b4bb..fb494ba 100644
--- a/src/main/java/com/imsweb/seerutils/zip/ZipArchiveThresholdInputStream.java
+++ b/src/main/java/com/imsweb/seerutils/zip/ZipArchiveThresholdInputStream.java
@@ -31,11 +31,6 @@ public class ZipArchiveThresholdInputStream extends FilterInputStream {
public ZipArchiveThresholdInputStream(InputStream is) {
super(is);
-
- if (!(is instanceof InputStreamStatistics))
- throw new IllegalArgumentException("InputStream of class " + is.getClass() + " is not implementing InputStreamStatistics.");
-
- // set defaults but they will always be set by ZipSecureFile.getInputStream
_minInflateRatio = 0.01d;
_maxEntrySize = 0xFFFFFFFFL;
}
@@ -93,6 +88,9 @@ private void checkThreshold() throws IOException {
if (!_guardState)
return;
+ if (!(in instanceof InputStreamStatistics))
+ throw new IllegalArgumentException("InputStream of class " + in.getClass() + " is not implementing InputStreamStatistics.");
+
final InputStreamStatistics stats = (InputStreamStatistics)in;
final long payloadSize = stats.getUncompressedCount();