diff --git a/.travis.yml b/.travis.yml index 54c597d..67fb353 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,18 @@ language: scala -scala: - - 2.10.6 -jdk: - - oraclejdk8 - - oraclejdk7 -script: "sbt clean test scripted" +matrix: + include: + - env: SBT_VERSION="0.13.16" + jdk: oraclejdk7 + - env: SBT_VERSION="1.0.0-RC3" + jdk: oraclejdk8 +script: + - sbt "^^ ${SBT_VERSION}" clean test scripted +cache: + directories: + - "$HOME/.ivy2/cache" + - "$HOME/.sbt/launchers" +before_cache: + - find $HOME/.ivy2 -name "ivydata-*.properties" -delete +sudo: false # commented out until sbt-coveralls plugin is fixed #after_success: "sbt coveralls" \ No newline at end of file diff --git a/README.md b/README.md index 82f34c3..2719b76 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ sbt-dependency-check is an AutoPlugin, so you need sbt 0.13.5+. Simply add the p addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "0.1.9") +For sbt 1.0.0-RC3 use version `0.1.10`. + ## Usage ### Tasks Task | Description | Command diff --git a/build.sbt b/build.sbt index cdc347d..1a08a9d 100644 --- a/build.sbt +++ b/build.sbt @@ -1,18 +1,25 @@ import sbt.{Project, _} import sbtrelease.ReleasePlugin.autoImport.ReleaseTransformations._ import sbtrelease.ReleasePlugin.autoImport._ +import sbtrelease.ReleaseStateTransformations.setNextVersion + +val sbtDependencyCheck = project in file(".") organization := "net.vonbuchholtz" name := "sbt-dependency-check" -scalaVersion := "2.10.6" +crossSbtVersions := Vector("0.13.16", "1.0.0-RC3") sbtPlugin := true libraryDependencies ++= Seq( "commons-collections" % "commons-collections" % "3.2.2", - "org.owasp" % "dependency-check-core" % "2.1.0", - "org.slf4j" % "slf4j-simple" % "1.7.25" + "org.owasp" % "dependency-check-core" % "2.1.0" ) +libraryDependencies += { + appConfiguration.value.provider.id.version match { + case sv if sv.startsWith("0.13") => "org.slf4j" % "slf4j-simple" % "1.7.25" + } +} dependencyUpdatesFilter -= moduleFilter(organization = "org.scala-lang") | moduleFilter(organization = "org.scala-sbt") dependencyUpdatesFailBuild := true @@ -50,16 +57,16 @@ releaseProcess := Seq[ReleaseStep]( checkSnapshotDependencies, inquireVersions, runClean, - runTest, - releaseStepInputTask(scripted), + releaseStepCommandAndRemaining("^ test"), + releaseStepCommandAndRemaining("^ scripted"), setReleaseVersion, commitReleaseVersion, setReleaseVersionInReadme, tagRelease, - ReleaseStep(action = Command.process("publishSigned", _)), + releaseStepCommandAndRemaining("^ publishSigned"), + releaseStepCommandAndRemaining("sonatypeReleaseAll"), setNextVersion, - commitNextVersion, - ReleaseStep(action = Command.process("sonatypeReleaseAll", _)) + commitNextVersion //,pushChanges ) diff --git a/project/build.properties b/project/build.properties index 3e8bd1a..cddd489 100644 --- a/project/build.properties +++ b/project/build.properties @@ -1 +1 @@ -sbt.version = 0.13.15 +sbt.version = 0.13.16 diff --git a/project/plugins.sbt b/project/plugins.sbt index 4dde547..264755a 100644 --- a/project/plugins.sbt +++ b/project/plugins.sbt @@ -4,5 +4,3 @@ addSbtPlugin("com.timushev.sbt" % "sbt-updates" % "0.3.1") // https://github.com/jrudolph/sbt-dependency-graph addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.8.2") -// https://github.com/sbt/sbt-git -addSbtPlugin("com.typesafe.sbt" % "sbt-git" % "0.9.3") diff --git a/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckPlugin.scala b/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckPlugin.scala index 28fbc4b..9851866 100644 --- a/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckPlugin.scala +++ b/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckPlugin.scala @@ -190,50 +190,64 @@ object DependencyCheckPlugin extends sbt.AutoPlugin { Settings.setStringIfNotEmpty(key, url match { case Some(u) => u.toExternalForm case None => null }) } - def checkTask: Def.Initialize[Task[Unit]] = Def.task { + def checkTask: Def.Initialize[Task[Unit]] = Def.taskDyn { val log: Logger = streams.value.log if (!dependencyCheckSkip.value) { - log.info(s"Running check for ${name.value}") + Def.task { + log.info(s"Running check for ${name.value}") - val settings: Settings = initializeSettings.value - val outputDir: File = dependencyCheckOutputDirectory.value.getOrElse(crossTarget.value) - val reportFormat: String = dependencyCheckFormat.value - val cvssScore: Float = dependencyCheckFailBuildOnCVSS.value - val useSbtModuleIdAsGav: Boolean = dependencyCheckUseSbtModuleIdAsGav.value.getOrElse(false) + val settings: Settings = initializeSettings.value + val outputDir: File = dependencyCheckOutputDirectory.value.getOrElse(crossTarget.value) + val reportFormat: String = dependencyCheckFormat.value + val cvssScore: Float = dependencyCheckFailBuildOnCVSS.value + val useSbtModuleIdAsGav: Boolean = dependencyCheckUseSbtModuleIdAsGav.value.getOrElse(false) - // working around threadlocal issue with DependencyCheck's Settings and sbt task dependency system. - Settings.setInstance(settings) + // working around threadlocal issue with DependencyCheck's Settings and sbt task dependency system. + Settings.setInstance(settings) - var checkDependencies = Set[Attributed[File]]() - checkDependencies ++= logAddDependencies((dependencyClasspath in Compile).value, Compile, log) + var checkDependencies = Set[Attributed[File]]() + checkDependencies ++= logAddDependencies((dependencyClasspath in Compile).value, Compile, log) - if (!dependencyCheckSkipRuntimeScope.value) { - checkDependencies ++= logAddDependencies((dependencyClasspath in Runtime).value, Runtime, log) - } - if (!dependencyCheckSkipTestScope.value) { - checkDependencies ++= logAddDependencies((dependencyClasspath in Test).value, Test, log) - } - if (dependencyCheckSkipProvidedScope.value) { - checkDependencies --= logRemoveDependencies(Classpaths.managedJars(Provided, classpathTypes.value, update.value), Provided, log) - } - if (dependencyCheckSkipOptionalScope.value) { - checkDependencies --= logRemoveDependencies(Classpaths.managedJars(Optional, classpathTypes.value, update.value), Optional, log) - } + val skipRuntimeScope = dependencyCheckSkipRuntimeScope.value + val skipTestScope = dependencyCheckSkipTestScope.value + val skipProvidedScope = dependencyCheckSkipProvidedScope.value + val skipOptionalScope = dependencyCheckSkipOptionalScope.value - val scanSet: Seq[File] = (dependencyCheckScanSet.value.map { _ ** "*" } reduceLeft( _ +++ _) filter {_.isFile}).get + val runtimeClasspath = (dependencyClasspath in Runtime).value + val testClasspath = (dependencyClasspath in Test).value + val classpathTypeValue = classpathTypes.value + val updateValue = update.value - try { - val engine: Engine = createReport(checkDependencies, scanSet, outputDir, reportFormat, useSbtModuleIdAsGav, log) - determineTaskFailureStatus(cvssScore, engine) - } catch { - case e: Exception => - log.error(s"Failed creating report: ${e.getLocalizedMessage}") - throw e - } + if (!skipRuntimeScope) { + checkDependencies ++= logAddDependencies(runtimeClasspath, Runtime, log) + } + if (!skipTestScope) { + checkDependencies ++= logAddDependencies(testClasspath, Test, log) + } + if (skipProvidedScope) { + checkDependencies --= logRemoveDependencies(Classpaths.managedJars(Provided, classpathTypeValue, updateValue), Provided, log) + } + if (skipOptionalScope) { + checkDependencies --= logRemoveDependencies(Classpaths.managedJars(Optional, classpathTypeValue, updateValue), Optional, log) + } + + val scanSet: Seq[File] = (dependencyCheckScanSet.value.map { _ ** "*" } reduceLeft( _ +++ _) filter {_.isFile}).get + + try { + val engine: Engine = createReport(checkDependencies, scanSet, outputDir, reportFormat, useSbtModuleIdAsGav, log) + determineTaskFailureStatus(cvssScore, engine) + } catch { + case e: Exception => + log.error(s"Failed creating report: ${e.getLocalizedMessage}") + throw e + } + } tag NonParallel } else { - log.info(s"Skipping dependency check for ${name.value}") + Def.task { + log.info(s"Skipping dependency check for ${name.value}") + } } } tag NonParallel @@ -279,20 +293,35 @@ object DependencyCheckPlugin extends sbt.AutoPlugin { lazy val aggregateTestFilter = ScopeFilter(inAnyProject, inConfigurations(Test)) lazy val aggregateProvidedFilter = ScopeFilter(inAnyProject, inConfigurations(Provided)) lazy val aggregateOptionalFilter = ScopeFilter(inAnyProject, inConfigurations(Optional)) - lazy val aggregateCompileTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.task { - (thisProjectRef.value, configuration.value, if ((dependencyCheckSkip ?? false).value) Seq.empty else (dependencyClasspath in configuration).value) + lazy val aggregateCompileTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.taskDyn { + if ((dependencyCheckSkip ?? false).value) + Def.task {(thisProjectRef.value, configuration.value, Seq.empty)} + else + Def.task {(thisProjectRef.value, configuration.value, (dependencyClasspath in configuration).value)} } - lazy val aggregateRuntimeTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.task { - (thisProjectRef.value, configuration.value, if ((dependencyCheckSkip ?? false).value || (dependencyCheckSkipRuntimeScope ?? false).value) Seq.empty else (dependencyClasspath in configuration).value) + lazy val aggregateRuntimeTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.taskDyn { + if ((dependencyCheckSkip ?? false).value || (dependencyCheckSkipRuntimeScope ?? false).value) + Def.task {(thisProjectRef.value, configuration.value, Seq.empty)} + else + Def.task {(thisProjectRef.value, configuration.value, (dependencyClasspath in configuration).value)} } - lazy val aggregateTestTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.task { - (thisProjectRef.value, configuration.value, if ((dependencyCheckSkip ?? false).value || (dependencyCheckSkipTestScope ?? true).value) Seq.empty else (dependencyClasspath in configuration).value) + lazy val aggregateTestTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.taskDyn { + if ((dependencyCheckSkip ?? false).value || (dependencyCheckSkipTestScope ?? true).value) + Def.task {(thisProjectRef.value, configuration.value, Seq.empty)} + else + Def.task {(thisProjectRef.value, configuration.value, (dependencyClasspath in configuration).value)} } - lazy val aggregateProvidedTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.task { - (thisProjectRef.value, configuration.value, if ((dependencyCheckSkip ?? false).value || !(dependencyCheckSkipProvidedScope ?? false).value) Seq.empty else Classpaths.managedJars(configuration.value, classpathTypes.value, update.value)) + lazy val aggregateProvidedTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.taskDyn { + if ((dependencyCheckSkip ?? false).value || !(dependencyCheckSkipProvidedScope ?? false).value) + Def.task {(thisProjectRef.value, configuration.value, Seq.empty) } + else + Def.task {(thisProjectRef.value, configuration.value, Classpaths.managedJars(configuration.value, classpathTypes.value, update.value))} } - lazy val aggregateOptionalTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.task { - (thisProjectRef.value, configuration.value, if ((dependencyCheckSkip ?? false).value || !(dependencyCheckSkipOptionalScope ?? false).value) Seq.empty else Classpaths.managedJars(configuration.value, classpathTypes.value, update.value)) + lazy val aggregateOptionalTask: Def.Initialize[Task[(ProjectRef, Configuration, Seq[Attributed[File]])]] = Def.taskDyn { + if ((dependencyCheckSkip ?? false).value || !(dependencyCheckSkipOptionalScope ?? false).value) + Def.task {(thisProjectRef.value, configuration.value, Seq.empty)} + else + Def.task {(thisProjectRef.value, configuration.value, Classpaths.managedJars(configuration.value, classpathTypes.value, update.value))} } def addClasspathDependencies(classpathToAdd: Seq[(ProjectRef, Configuration, Seq[Attributed[File]])], checkClasspath: Set[Attributed[File]], log: Logger): Set[Attributed[File]] = {