diff --git a/CHANGELOG.md b/CHANGELOG.md index d94df64..650c1d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [unreleased] +### Added + +- [Dependency analysis Gradle plugin](https://github.com/autonomousapps/dependency-analysis-gradle-plugin) +- The `check` task now depends on the `buildHealth` task and will fail the build on health violations + +### Changed + +- Changed JSR-305 dependency from `implementation` to `api` + ## [1.0.0] - 2023-12-22 ### Added diff --git a/build.gradle.kts b/build.gradle.kts index 6a3e2af..7cfa10b 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -13,6 +13,7 @@ plugins { checkstyle `maven-publish` signing + alias(libs.plugins.dependencyAnalysis) alias(libs.plugins.spotbugs) alias(libs.plugins.versions) } @@ -33,7 +34,7 @@ java { } dependencies { - implementation(libs.jsr305) + api(libs.jsr305) spotbugsPlugins(libs.spotbugsContrib) } @@ -54,6 +55,16 @@ spotbugs { excludeFilter = file("dev/spotbugs/suppressions.xml") } +dependencyAnalysis { + issues { + all { + onAny { + severity("fail") + } + } + } +} + fun isNonStable(version: String): Boolean { val stableKeyword = listOf("RELEASE", "FINAL", "GA").any { version.uppercase().contains(it) } val regex = "^[0-9,.v-]+(-r)?$".toRegex() @@ -84,6 +95,10 @@ tasks { } } + check { + dependsOn(buildHealth) + } + spotbugsMain { reports.create("html").required = true } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index c8b8f51..026e778 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -5,6 +5,7 @@ checkstyle = "10.12.5" spotbugs = "4.8.3" [plugins] +dependencyAnalysis = { id = "com.autonomousapps.dependency-analysis", version = "1.30.0" } spotbugs = { id = "com.github.spotbugs", version = "6.0.7" } versions = { id = "com.github.ben-manes.versions", version = "0.51.0" }