/ms-gradle-baseline

Primary LanguageJava

ms-gradle-baseline build

Overview

A gradle plugin to apply a common baseline of plugins to a java project.

Features

Feature Implemented
Dependency version checking via Gradle Versions 👍
OWASP CVE checking via Dependency-Check 👍
Static analysis with Spotbugs 👍
Test coverage with Jacoco 👍
Spring Boot features via Spring Boot 👍
Git Hook configuration via GitHooks 👍
Setup common platform configuration Common Platform 👍
Configure gradle to use JUnit 5 JUnit 5 👍
Configure Java compiler options Java Compile 👍
Configure dependency tasks Dependency Insights 👍
Configure IDE settings (code style/editorconfig)

Usage

In your build.gradle add the following line to the plugin section:

plugins {
  ...
  id "com.jrmcdonald.ms-gradle-baseline" version "1.0.0"
  ...
}

The latest version can be found by going to https://plugins.gradle.org/plugin/com.jrmcdonald.ms-gradle-baseline.

Plugins

The configuration applied by this plugin is the equivalent to the following:

DependencyUpdates Plugin

Check for the latest versions of any gradle dependencies using the Gradle Versions Plugin.

def isNonStable = { String version ->
    def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { it -> version.toUpperCase().contains(it) }
    def regex = /^[0-9,.v-]+(-r)?$/
    return !stableKeyword && !(version ==~ regex)
}

tasks {
    dependencyUpdates {
        rejectVersionIf {
            isNonStable(it.candidate.version)
        }
        checkConstraints = true
    }
}
tasks.build.dependsOn 'dependencyUpdates'

DependencyCheck Plugin

Check for any vulnerabilities in any gradle dependencies using the Dependency-Check Plugin.

dependencyCheck {
    format = 'ALL'
    analyzers {
        nodeEnabled = false
    }
}
check.dependsOn dependencyCheckAggregate

SpotBugs Plugin

Find bugs with static analysis using the SpotBugs Plugin.

spotbugsMain {
    reports {
        xml.enabled(false)
        html.enabled(true)
    }
}

Jacoco Plugin

Check code coverage using the Jacoco Plugin. The standard jacocoTestReport task is configured for the the root gradle project. A new codeCoverageReport task is configured to aggregate coverage from all sub projects (as described in the Gradle Docs).

jacocoTestReport {
    reports {
        html.enabled true
        xml.enabled true
    }
}

tasks.register("codeCoverageReport", JacocoReport) {
    subprojects { subproject ->
        subproject.plugins.withType(JacocoPlugin).configureEach {
            subproject.tasks.matching({ t -> t.extensions.findByType(JacocoTaskExtension) }).configureEach { testTask ->
                sourceSets subproject.sourceSets.main
                executionData(testTask)
            }
            subproject.tasks.matching({ t -> t.extensions.findByType(JacocoTaskExtension) }).forEach {
                rootProject.tasks.codeCoverageReport.dependsOn(it)
            }
        }
    }

    reports {
        xml.enabled true
        html.enabled true
    }
}
test.finalizedBy codeCoverageReport
test.finalizedBy jacocoTestReport
check.dependsOn codeCoverageReport
check.dependsOn jacocoTestReport

Spring Boot Plugin

Enable Spring Boot applications using the Spring Boot Plugin.

sonarqube {
    properties {
        property "sonar.projectKey", "jrmcdonald_{{rootProjectName}}"
        property "sonar.organization", "jrmcdonald"
        property "sonar.host.url", "https://sonarcloud.io"
        property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/codeCoverageReport/codeCoverageReport.xml"
    }
}
tasks.sonarqube.mustRunAfter codeCoverageReport

GitHooks Plugin

Apply version controlled git hooks using the ghooks plugin.

Configuration

Common Platform

Define a new configuration that is extended by the main java configurations making it easier to apply a platform to multiple configurations.

configurations {
    commonPlatform
    compileOnly.extendsFrom(commonPlatform)
    annotationProcessor.extendsFrom(commonPlatform)
    testCompileOnly.extendsFrom(commonPlatform)
    testAnnotationProcessor.extendsFrom(commonPlatform)
    implementation.extendsFrom(commonPlatform)
    testFixturesImplementation.extendsFrom(commonPlatform)
}

Which can be used as:

dependencies {
    commonPlatform enforcedPlatform(group: 'org.springframework.boot', name: 'spring-boot-dependencies', version: '2.3.2.RELEASE')
}

JUnit 5

Configure gradle to use JUnit5 for tests.

test {
    useJUnitPlatform()
}

Java Compile

Configure java compilation options.

compileJava {
    options.compilerArgs << "-Werror"
    options.compilerArgs << "-Xlint:all"
    options.compilerArgs << "-Xlint:-try"
    options.compilerArgs << "-Xlint:-processing"
}

Dependency Insights

Configure dependency insight tasks.

subprojects {
    task allDeps(type: DependencyReportTask) {}
    task allDepInsight(type: DependencyInsightReportTask) {}
}