Move project from Gradle to Maven

.github/workflows/release.yml

@@ -3,90 +3,99 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # This workflow will publish a Java project with Gradle
-# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-gradle
-# Inspired by https://github.com/dzikoysk/reposilite/blob/main/.github/workflows/publish-release.yml
+# For maven build see: https://github.com/marketplace/actions/gradle-build-action
+# For maven publishing see: https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven
 
 name: Publish Release
 
-on: workflow_dispatch
+# If input is empty we automatically bump the version
+on:
+  workflow_dispatch:
+    inputs:
+      customversion:
+        description: 'Custom version (optional)'
+        required: false
+        default: ''
+      nextversion:
+        description: 'Next version (optional)'
+        required: false
+        default: ''
 
 jobs:
-
-  github:
+  publish-release:
     runs-on: ubuntu-22.04
     permissions:
-      contents: write
-    outputs:
-      version: ${{ steps.version.outputs.version }}
+      contents: write # needed for release creation
     steps:
-
-      - name: Checkout repository
-        uses: actions/checkout@v3 # TODO: with... bot?
-        with:
-          fetch-depth: 0 # Due to https://axion-release-plugin.readthedocs.io/en/latest/configuration/ci_servers/#github-actions
-
-      - name: "Fetch git tags" # Required for axion-release-plugin
-        run: git fetch --tags
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@v3
-        with:
-          java-version: 17
-          distribution: adopt
-
-      - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1.1.0
-
-      - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2.7.0
-
-      - name: Release new version
+      - name: Validate next version input # Exit when version has no -SNAPSHOT suffix
+        if: github.event.inputs.nextversion != ''
         run: |
-          git config user.name 'github-actions[bot]'
-          git config user.email 'github-actions[bot]@users.noreply.github.com'
-          ./gradlew release
+          if [[ "${{ inputs.nextversion }}" != *-SNAPSHOT ]]; then exit 1; fi
 
-      - name: Show post-release version
-        run: ./gradlew currentVersion
-
-      # The previous "Release new version" step increases the version. We need this version for the publishing job. The
-      # currentVersion command gets this value, which we store in the "version" variable for following jobs.
-      # The $GITHUB_OUTPUT is a github-magic "file", it is accessible with needs.github.outputs.[variable-name], in our
-      # case: needs.github.outputs.version
-      - name: Store version
-        id: version
-        run: echo "VERSION=$(./gradlew -q -Prelease.quiet currentVersion)" >> "$GITHUB_OUTPUT"
-
-  maven:
-    runs-on: ubuntu-22.04
-    needs: [ github ]
-    steps:
+      - name: Releasing custom version
+        if: github.event.inputs.customversion != ''
+        run: echo "Releasing version ${{ github.event.inputs.customversion }}"
 
       - name: Checkout repository
         uses: actions/checkout@v3
         with:
-          fetch-depth: 0 # Due to https://axion-release-plugin.readthedocs.io/en/latest/configuration/ci_servers/#github-actions
-          ref: refs/tags/${{ needs.github.outputs.VERSION }} # Checkout the new created tag
-
-      - name: "Fetch git tags" # Required for axion-release-plugin
-        run: git fetch --tags
+          fetch-depth: 0 # required by previous_tag
 
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
           java-version: 17
-          distribution: adopt
-
-      - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1.1.0
-
-      - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2.7.0
+          distribution: temurin
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-private-key: ${{ secrets.SIGNING_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Apply wrapper permissions
+        run: |
+          chmod +x mvnw
 
-      - name: Publish to Maven Central
-        run: ./gradlew publish
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.SCB_BOT_GPG_KEY }}
+          passphrase: ${{ secrets.SCB_BOT_GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_tag_gpgsign: true
+          git_commit_gpgsign: true
+          git_committer_name: SecureCodeBoxBot
+          git_committer_email: securecodebox@iteratec.com
+
+      # CASE: Version set
+      - name: "[Custom version] Release & Publish"
+        if: github.event.inputs.customversion != '' # input "customversion" not empty
+        run: ./mvnw -B release:prepare release:perform -DreleaseVersion=${{ github.event.inputs.customversion }} -DdevelopmentVersion=${{ github.event.inputs.nextversion }} -P release
+        env:
+          GITHUB_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }}
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }}
+
+        # CASE: NO Version set
+      - name: "[Auto version] Release & Publish"
+        if: github.event.inputs.customversion == '' # input "customversion" empty
+        run: ./mvnw -B release:prepare release:perform -DdevelopmentVersion=${{ github.event.inputs.nextversion }} -P release
         env:
+          GITHUB_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }}
           MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
-          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
-          SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }}
+
+      # Required for creation of GitHub release
+      - name: "Get previous tag"
+        id: previous_tag
+        uses: WyriHaximus/github-action-get-previous-tag@v1
+
+      # See https://github.com/marketplace/actions/gh-release
+      - name: "Create GitHub Release"
+        uses: softprops/action-gh-release@v1
+        with:
+          token: ${{ github.token }} # could be replaced with personal access token
+          tag_name: ${{ steps.previous_tag.outputs.tag }}
+          generate_release_notes: true

.github/workflows/snapshot.yml

@@ -3,8 +3,8 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # This workflow will publish a Java project with Gradle
-# For gradle wrapper validation see: https://github.com/marketplace/actions/gradle-wrapper-validation
-# For gradle build see: https://github.com/marketplace/actions/gradle-build-action
+# For maven build see: https://github.com/marketplace/actions/gradle-build-action
+# For maven publishing see: https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven
 
 name: Publish Snapshot
 
@@ -17,25 +17,20 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
 
-    - name: Checkout repository
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - name: Set up JDK 17
-      uses: actions/setup-java@v3
-      with:
-        java-version: 17
-        distribution: adopt
-
-    - name: Validate Gradle wrapper
-      uses: gradle/wrapper-validation-action@v1.1.0
-
-    - name: Setup Gradle
-      uses: gradle/gradle-build-action@v2.7.0
-
-    - name: Publish to Maven Central
-      run: ./gradlew publish
-      env:
-        MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
-        MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: temurin
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+
+      - name: Build & Publish to Maven Central
+        run: mvn -U -B clean deploy # -U: force updates for dependencies, -B: no user input
+        env:
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}

.github/workflows/test.yml

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # This workflow will test a Java project with Gradle
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
 
 name: Java Tests
 on: [pull_request, push, workflow_dispatch]
@@ -20,13 +20,7 @@ jobs:
         uses: actions/setup-java@v3
         with:
           java-version: 17
-          distribution: adopt
+          distribution: temurin
 
-      - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1.1.0
-
-      - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2.7.0
-
-      - name: Build with Gradle
-        run: ./gradlew build
+      - name: Build with Maven
+        run: mvn --B --update-snapshots verify

README.md

@@ -28,6 +28,14 @@ You can find the latest version on [Maven Central](https://central.sonatype.com/
 implementation group: 'io.securecodebox', name: 'defectdojo-client', version: '1.0.0.-beta2'
 ```
 
+## Development
+
+To run a local build clone this repo and just invoke the following command in the repo directory: 
+
+```shell
+mvn clean install
+```
+
 ## Supported DefectDojo Versions
 
 The client is supposed to be compatible with DefectDojo 1.10 and later, older version of DefectDojo might still work, but are not officially supported.