Merge pull request #85 from pmonks/dev

Release 2.0.400
pmonks · Mar 27, 2024 · 2410a9b · 2410a9b
2 parents 8a0c78d + a13c278
commit 2410a9b
Show file tree

Hide file tree

Showing 8 changed files with 50 additions and 96 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: 21
-      - uses: DeLaGuardo/setup-clojure@12.3
+      - uses: DeLaGuardo/setup-clojure@12.5
         with:
           cli: latest
       - uses: actions/cache@v4

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -2,7 +2,7 @@ name: deploy
 on:
   push:
     branches:
-      - main
+      - release
 
 jobs:
   deploy:
@@ -17,7 +17,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: 21
-      - uses: DeLaGuardo/setup-clojure@12.3
+      - uses: DeLaGuardo/setup-clojure@12.5
         with:
           cli: latest
       - uses: actions/cache@v4

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -2,7 +2,7 @@ name: docs
 on:
   push:
     branches:
-      - main
+      - release
 
 jobs:
   docs:
@@ -14,7 +14,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: 21
-      - uses: DeLaGuardo/setup-clojure@12.3
+      - uses: DeLaGuardo/setup-clojure@12.5
         with:
           cli: latest
       - uses: actions/cache@v4

diff --git a/.github/workflows/vulnerabilities.yml b/.github/workflows/vulnerabilities.yml
diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
-| | | | |
-|---:|:---:|:---:|:---:|
-| [**main**](https://github.com/pmonks/pbr/tree/main) | [![CI](https://github.com/pmonks/pbr/workflows/CI/badge.svg?branch=main)](https://github.com/pmonks/pbr/actions?query=workflow%3ACI+branch%3Amain) | [![Dependencies](https://github.com/pmonks/pbr/workflows/dependencies/badge.svg?branch=main)](https://github.com/pmonks/pbr/actions?query=workflow%3Adependencies+branch%3Amain) | [![Vulnerabilities](https://github.com/pmonks/pbr/workflows/vulnerabilities/badge.svg?branch=main)](https://pmonks.github.io/pbr/nvd/dependency-check-report.html) |
-| [**dev**](https://github.com/pmonks/pbr/tree/dev)  | [![CI](https://github.com/pmonks/pbr/workflows/CI/badge.svg?branch=dev)](https://github.com/pmonks/pbr/actions?query=workflow%3ACI+branch%3Adev) | [![Dependencies](https://github.com/pmonks/pbr/workflows/dependencies/badge.svg?branch=dev)](https://github.com/pmonks/pbr/actions?query=workflow%3Adependencies+branch%3Adev) | [![Vulnerabilities](https://github.com/pmonks/pbr/workflows/vulnerabilities/badge.svg?branch=dev)](https://github.com/pmonks/pbr/actions?query=workflow%3Avulnerabilities+branch%3Adev) |
+| | | |
+|---:|:---:|:---:|
+| [**release**](https://github.com/pmonks/pbr/tree/release) | [![CI](https://github.com/pmonks/pbr/actions/workflows/ci.yml/badge.svg?branch=release)](https://github.com/pmonks/pbr/actions?query=workflow%3ACI+branch%3Arelease) | [![Dependencies](https://github.com/pmonks/pbr/actions/workflows/dependencies.yml/badge.svg?branch=release)](https://github.com/pmonks/pbr/actions?query=workflow%3Adependencies+branch%3Arelease) |
+| [**dev**](https://github.com/pmonks/pbr/tree/dev)  | [![CI](https://github.com/pmonks/pbr/actions/workflows/ci.yml/badge.svg?branch=dev)](https://github.com/pmonks/pbr/actions?query=workflow%3ACI+branch%3Adev) | [![Dependencies](https://github.com/pmonks/pbr/actions/workflows/dependencies.yml/badge.svg?branch=dev)](https://github.com/pmonks/pbr/actions?query=workflow%3Adependencies+branch%3Adev) |
 
-[![Latest Version](https://img.shields.io/clojars/v/com.github.pmonks/pbr)](https://clojars.org/com.github.pmonks/pbr/) [![Open Issues](https://img.shields.io/github/issues/pmonks/pbr.svg)](https://github.com/pmonks/pbr/issues) [![License](https://img.shields.io/github/license/pmonks/pbr.svg)](https://github.com/pmonks/pbr/blob/main/LICENSE)
+[![Latest Version](https://img.shields.io/clojars/v/com.github.pmonks/pbr)](https://clojars.org/com.github.pmonks/pbr/) [![License](https://img.shields.io/github/license/pmonks/pbr.svg)](https://github.com/pmonks/pbr/blob/release/LICENSE) [![Open Issues](https://img.shields.io/github/issues/pmonks/pbr.svg)](https://github.com/pmonks/pbr/issues)
 
 
 <img alt="Ice cold can of hangover-inducing rubbish beer" align="right" width="25%" src="https://pabstblueribbon.com/wp-content/uploads/2020/10/pbr-org.png">
@@ -22,7 +22,7 @@ This project looks very promising - I encourage folks to try it out and contribu
 
 ### Why not [build-clj](https://github.com/seancorfield/build-clj)?
 
-_Discontinued in February 2023._
+_Discontinued February 2023._
 
 ## Features
 
@@ -32,31 +32,31 @@ PBR includes a library of tools.build tasks that are [documented here](https://p
 
 ### Turnkey build script
 
-PBR also provides a turnkey `build.clj` script that provides all of the tasks I typically need in my build scripts.  It allows customisation via a per-project `pbr.clj` file, which must contain a `set-opts` fn where various project specific options can be set.  You can look at [PBR's own `pbr.clj` file](https://github.com/pmonks/pbr/blob/main/pbr.clj) for an idea of what this looks like.
+PBR also provides a turnkey `build.clj` script that provides all of the tasks I typically need in my build scripts.  It allows customisation via a per-project `pbr.clj` file, which must contain a `set-opts` fn where various project specific options can be set.  You can look at [PBR's own `pbr.clj` file](https://github.com/pmonks/pbr/blob/release/pbr.clj) for an idea of what this looks like.
 
-Tasks can be listed by running `clojure -A:deps -T:build help/doc`, and are:
+Tasks can be listed by running `clojure -A:deps -T:build help/doc`, and include:
 
-* `check` - Check the code by AOT compiling it (and throwing away the result).
+* `check` - Check the code by AOT compiling it (and throwing away the result).  Uses [clj-check](https://github.com/athos/clj-check).
 * `check-asf-policy` - Checks this project's dependencies' licenses against the ASF's 3rd party license policy (https://www.apache.org/legal/resolved.html).
 * `check-release` - Check that a release can be done from the current directory.
 * `ci` - Run the CI pipeline.
 * `clean` - Clean up the project.
-* `deploy` - Deploys the library JAR to Clojars.
-* `docs` - Generates documentation (using codox).
-* `eastwood` - Run the eastwood linter.
+* `deploy` - Deploys the library JAR to Clojars (using [deps-deploy](https://github.com/slipset/deps-deploy)).
+* `docs` - Generates documentation (using [codox](https://github.com/weavejester/codox)).
+* `eastwood` - Run the [eastwood](https://github.com/jonase/eastwood) linter.
 * `install` - Install the library locally e.g. so it can be tested by downstream dependencies
 * `jar` - Generates a library JAR for the project.
-* `kondo` - Run the clj-kondo linter.
-* `licenses` - Attempts to list all licenses for the transitive set of dependencies of the project, as SPDX license expressions.
+* `kondo` - Run the [clj-kondo](https://github.com/clj-kondo/clj-kondo) linter.
+* `licenses` - Attempts to list all licenses for the transitive set of dependencies of the project, as SPDX license expressions, using [tools-licenses](https://github.com/pmonks/tools-licenses).
 * `lint` - Run all linters.
-* `nvd` - Run an NVD vulnerability check.
-* `outdated` - Check for outdated dependencies (using antq).
-* `pom` - Generates a comprehensive pom.xml for the project.
+* `nvd` - Run an NVD vulnerability check. NOTE: requires an API key from [here](https://nvd.nist.gov/developers/request-an-api-key).
+* `outdated` - Check for outdated dependencies, using [antq](https://github.com/liquidz/antq).
+* `pom` - Generates a comprehensive pom.xml for the project, using [tools-pom](https://github.com/pmonks/tools-pom)
 * `release` - Release a new version of the library.
 * `test` - Run the tests.
 * `uber` - Create an uber jar.
 * `uberexec` - Creates an executable uber jar. NOTE: does not bundle a JRE, though one is still required.
-* `upgrade` - Upgrade any outdated dependencies (using antq). NOTE: does not prompt for confirmation!
+* `upgrade` - Upgrade any outdated dependencies, using [antq](https://github.com/liquidz/antq). NOTE: does not prompt for confirmation!
 
 #### deps.edn required by turnkey build script
 
@@ -99,21 +99,21 @@ $ clj -A:build -P
 **A.** Because this code is cheap and nasty, and will give you a headache if you consume too much of it.
 
 **Q.** Does PBR use itself for build tasks?  
-**A.** Yes it does!  [You can see this sneaky self-reference here](https://github.com/pmonks/pbr/blob/main/deps.edn#L42).
+**A.** Yes it does!  [You can see this sneaky self-reference here](https://github.com/pmonks/pbr/blob/release/deps.edn#L42).
 
 ## Contributor Information
 
-[Contributing Guidelines](https://github.com/pmonks/pbr/blob/main/.github/CONTRIBUTING.md)
+[Contributing Guidelines](https://github.com/pmonks/pbr/blob/release/.github/CONTRIBUTING.md)
 
 [Bug Tracker](https://github.com/pmonks/pbr/issues)
 
-[Code of Conduct](https://github.com/pmonks/pbr/blob/main/.github/CODE_OF_CONDUCT.md)
+[Code of Conduct](https://github.com/pmonks/pbr/blob/release/.github/CODE_OF_CONDUCT.md)
 
 ### Developer Workflow
 
-This project uses the [git-flow branching strategy](https://nvie.com/posts/a-successful-git-branching-model/), with the caveat that the permanent branches are called `main` and `dev`, and any changes to the `main` branch are considered a release and auto-deployed (JARs to Clojars, API docs to GitHub Pages, etc.).
+This project uses the [git-flow branching strategy](https://nvie.com/posts/a-successful-git-branching-model/), and the permanent branches are called `release` and `dev`.  Any changes to the `release` branch are considered a release and auto-deployed (JARs to Clojars, API docs to GitHub Pages, etc.).
 
-For this reason, **all development must occur either in branch `dev`, or (preferably) in temporary branches off of `dev`.**  All PRs from forked repos must also be submitted against `dev`; the `main` branch is **only** updated from `dev` via PRs created by the core development team.  All other changes submitted to `main` will be rejected.
+For this reason, **all development must occur either in branch `dev`, or (preferably) in temporary branches off of `dev`.**  All PRs from forked repos must also be submitted against `dev`; the `release` branch is **only** updated from `dev` via PRs created by the core development team.  All other changes submitted to `release` will be rejected.
 
 ### Build Tasks
 

diff --git a/deps.edn b/deps.edn
@@ -18,32 +18,32 @@
 
 {:paths ["src" "resources"]
  :deps
-   {org.clojure/clojure                        {:mvn/version "1.11.1"}
-    org.clojure/tools.deps                     {:mvn/version "0.18.1398"}
+   {org.clojure/clojure                        {:mvn/version "1.11.2"}
+    org.clojure/tools.deps                     {:mvn/version "0.19.1417"}
     org.clojure/data.json                      {:mvn/version "2.5.0"}
     slipset/deps-deploy                        {:mvn/version "0.2.2" :exclusions [org.slf4j/slf4j-nop ch.qos.logback/logback-classic]}
-    io.github.clojure/tools.build              {:mvn/version "0.9.6" :exclusions [org.slf4j/slf4j-nop]}
-    com.github.pmonks/tools-convenience        {:mvn/version "1.0.142"}
-    com.github.pmonks/tools-pom                {:mvn/version "1.0.127"}
-    com.github.pmonks/tools-licenses           {:mvn/version "2.0.188"}
-    clj-kondo/clj-kondo                        {:mvn/version "2023.12.15"}
+;    io.github.clojure/tools.build              {:mvn/version "0.9.6" :exclusions [org.slf4j/slf4j-nop]}
+    com.github.pmonks/tools-convenience        {:mvn/version "1.0.151"}
+    com.github.pmonks/tools-pom                {:mvn/version "1.0.136"}
+    com.github.pmonks/tools-licenses           {:mvn/version "2.0.200"}
+    clj-kondo/clj-kondo                        {:mvn/version "2024.03.13"}
 
     ; Forced versions for shit that's broken elsewhere
     org.springframework.build/aws-maven        {:mvn/version "4.8.0.RELEASE"}    ; Note: do NOT upgrade to 5.0.0.RELEASE or deps-deploy throws a ClassDefNotFoundException
 
     ; Dynamic dependencies - any time any of these changes it MUST ALSO BE CHANGED IN pbr.tasks!!
-    org.apache.logging.log4j/log4j-api         {:mvn/version "2.22.1"}    ; Use log4j2 for logging, since logback has become a huge pita in recent times...
-    org.apache.logging.log4j/log4j-core        {:mvn/version "2.22.1"}
-    org.apache.logging.log4j/log4j-jul         {:mvn/version "2.22.1"}    ; Java utils clogging bridge
-    org.apache.logging.log4j/log4j-jcl         {:mvn/version "2.22.1"}    ; Apache commons clogging bridge
-    org.apache.logging.log4j/log4j-slf4j2-impl {:mvn/version "2.22.1"}    ; SLF4J clogging bridge
-    org.apache.logging.log4j/log4j-1.2-api     {:mvn/version "2.22.1"}    ; log4j1 clogging bridge
+    org.apache.logging.log4j/log4j-api         {:mvn/version "2.23.1"}    ; Use log4j2 for logging, since logback has become a huge pita in recent times...
+    org.apache.logging.log4j/log4j-core        {:mvn/version "2.23.1"}
+    org.apache.logging.log4j/log4j-jul         {:mvn/version "2.23.1"}    ; Java utils clogging bridge
+    org.apache.logging.log4j/log4j-jcl         {:mvn/version "2.23.1"}    ; Apache commons clogging bridge
+    org.apache.logging.log4j/log4j-slf4j2-impl {:mvn/version "2.23.1"}    ; SLF4J clogging bridge
+    org.apache.logging.log4j/log4j-1.2-api     {:mvn/version "2.23.1"}    ; log4j1 clogging bridge
 ;    org.slf4j/slf4j-nop                        {:mvn/version "2.0.10"}    ; Note: used for some commands invoked as sub-processes, but can't be used here or it will shadow log4j2
     jonase/eastwood                            {:mvn/version "1.4.0"}     ; Note: 1.4.2 uses a version of org.ow2.asm/asm that's incompatible with clj-kondo's dependent version
     codox/codox                                {:mvn/version "0.10.8"}
     com.github.athos/clj-check                 {:git/sha "518d5a1cbfcd7c952f548e6dbfcb9a4a5faf9062"}
     io.github.cognitect-labs/test-runner       {:git/tag "v0.5.1" :git/sha "dfb30dd"}
-    com.github.liquidz/antq                    {:mvn/version "2.8.1173"}}
+    com.github.liquidz/antq                    {:mvn/version "2.8.1185"}}
  :aliases
    {:build {:deps       {com.github.pmonks/pbr {:local/root "."}}
             :ns-default pbr.build}}}
diff --git a/pbr.clj b/pbr.clj
@@ -22,6 +22,7 @@
   (assoc opts
          :lib          'com.github.pmonks/pbr
          :version      (pbr/calculate-version 2 0)
+         :prod-branch  "release"         
          :ignore-deps? true
          :write-pom    true
          :validate-pom true

diff --git a/src/pbr/tasks.clj b/src/pbr/tasks.clj
@@ -33,10 +33,10 @@
 (def ^:private ver-clj-check   {:git/sha "518d5a1cbfcd7c952f548e6dbfcb9a4a5faf9062"})
 (def ^:private ver-test-runner {:git/tag "v0.5.1" :git/sha "dfb30dd"})
 (def ^:private ver-slf4j       {:mvn/version "2.0.10"})
-(def ^:private ver-log4j2      {:mvn/version "2.22.1"})
+(def ^:private ver-log4j2      {:mvn/version "2.23.1"})
 (def ^:private ver-eastwood    {:mvn/version "1.4.0"})
 (def ^:private ver-codox       {:mvn/version "0.10.8"})
-(def ^:private ver-antq        {:mvn/version "2.8.1173"})
+(def ^:private ver-antq        {:mvn/version "2.8.1185"})
 
 ; Utility functions
 
@@ -204,6 +204,7 @@
                                                   "} :main-opts [\"-m\" \"antq.core\"]}}}")
               "-M:antq"
               "--ignore-locals"
+;              "--transitive"  ; This seems to cause a deadlock, and there are several other bugs raised against it in the antq repo
               "--skip=pom")
   opts)
 
@@ -365,7 +366,9 @@
 (defn nvd
   "Run the NVD vulnerability checker
 
-  :nvd -- opt: a map containing nvd-clojure-specific configuration options. See https://github.com/rm-hull/nvd-clojure#configuration-options"
+  :nvd -- opt: a map containing nvd-clojure-specific configuration options. See https://github.com/rm-hull/nvd-clojure#configuration-options
+
+  Note: this task requires that you obtain and configure an NVD API token."
   [opts]
   (when (and (s/blank? (System/getenv "NVD_API_TOKEN"))
              (s/blank? (get-in opts [:nvd :nvd-api :key])))
@@ -484,7 +487,7 @@
   opts)
 
 (defn release
-  "Release a new version of the code via a PR to main. opts includes:
+  "Release a new version of the code via a PR to the prod branch. opts includes:
 
   :lib         -- req: a symbol identifying your project e.g. 'org.github.pmonks/pbr
   :version     -- req: a string containing the version of your project e.g. \"1.0.0-SNAPSHOT\"