/kobalt-versioneye

VersionEye plug-in for the Kobalt build system

Primary LanguageKotlinBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

VersionEye plug-in for Kobalt

License (3-Clause BSD) release Build Status CircleCI Download

VersionEye Logo

The plug-in will create and update projects on VersionEye, a service that notifies you about outdated dependencies, security vulnerabilities and license violations.

To use the plug-in include the following in Build.kt file:

import net.thauvin.erik.kobalt.plugin.versioneye.*

val bs = buildScript {
    plugins("net.thauvin.erik:kobalt-versioneye:")
}

val p = project {
    name = "example"
    group = "com.example"
    artifactId = name
    version = "0.1"

    versionEye {

    }
}

View Example

To create or update your project on VersionEye, you will need an API key. If you are signed up, you can find your API Key here:

VersionEye API Key

To create your project on VersionEye simply use your API Key as follows

./kobaltw -Dversioneye.ApiKey=YOUR_API_KEY_HERE versionEye

This will instruct the plug-in to create and update your project on VersionEye. Your API Key will automatically be saved in thelocal.properties file.

Upon running the above command the plug-in will output something like:

Example Report

The report is based on the Traffic Light concept:

  1. Green items are clear.
  2. Yellow items may require some attention.
  3. Red items will cause the build to fail.

By default the plug-in is configured to only fail on known security vulnerabilities.

Global Configuration

You can configure the VersionEye API Key and Project Key (if you already have one) in one of two ways.

Using the command line:

./kobaltw -Dversioneye.ApiKey=YOUR_API_KEY -Dversionkey.projectKey=YOUR_PROJECT_KEY versionEye

These keys will be save automatically in the local.properties file.

In the local.properties file:

versioneye.ApiKey=YOUR_API_KEY
versioneye.projectKey=YOUR_PROJECT_KEY

Task Configuration

Parameters are configurable in the versionEye task:

versionEye {
    baseUrl = "https://www.versioneye.com/"
    colors = true
    name = ""
    org = ""
    quiet = false
    team = ""
    verbose = true
    visibility = "public"

    failOn(Fail.securityCheck)
}

The values are:

Value Description Default
baseUrl For VersionEye Enterprise VM to use your own domain, e.g. https://versioneye.my-company.com/ https://www.versioneye.com/
colors To enable (true) or disable (false) colors in the plug-in output. true
name The name of the VersionEye project, if none is specified the Kobalt project name will be used. none
quiet To completely disable output from the plug-in. false
org The VersionEye organization, if any. none
pom Generate a pom.xml for the project. See Private vs. Public. false
team The VersionEye team, if any. none
verbose To enable or disable extra information in the plug-in output. true
visibility To set the project's visibility on VersionEye, either public or private public

Some of the parameters can be controlled temporarily from the command line, as follows:

./kobaltw -Dve.colors=false versionEye
./kobaltw -Dve.verbose=false versionEye
./kobaltw -Dve.quiet=true versionEye

./kobaltw -Dve.colors=false -Dve.verbose=false versionEye

Failures Configuration

The failOn directive can be used to trigger specific failures:

versionEye {
    failOn(Fail.securityCheck, Fail.licensesCheck)
}
Fail On Description
Fail.dependenciesCheck Will triggered a failure on outdated dependencies.
Fail.licensesUnknownCheck Will trigger a failure on unknown licenses.
Fail.licensesCheck Will trigger a failure on licenses whitelist violations. Licenses and components whitelists can be configured on the VersionEye website.
Fail.securityCheck Will trigger a failure on known security vulnerabilities, on by default.

Private vs. Public

By default, projects created using the VersionEye API are private. If your project is hosted on GitHub or BitBucket and would like to make it public on VersionEye. The plug-in can generate a pom file compatible with VersionEye, as follows:

versionEye {
    pom = true
...
}

and to generate the pom file, but not create a new project on VersionEye:

./kobaltw -Dve.create=false versionEye

Be sure to commit pom.xml on GitHub or BitBucket, and then import your project at:

Finally, configure your project key.