diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 04bdf66..8e18585 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,9 +1,9 @@ -name: CI +name: SNAPSHOT on: push: - branches: [ feature/* ] + branches: [ master, develop, feature/* ] pull_request: branches: [ master ] @@ -26,6 +26,7 @@ jobs: arguments: build - name: Upload Build Artifacts + if: github.ref == 'refs/heads/master' uses: eskatos/gradle-command-action@v1 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..d60bf3d --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,32 @@ + +name: RELEASE + +on: + release: + types: [created] + +jobs: + perform-release: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Get the version + id: get_version + run: echo ::set-output name=VERSION::$(echo ${GITHUB_REF##*/}) + + - name: Setup Java + uses: actions/setup-java@v1 + with: + java-version: 11 + + - name: Publish artifact + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_VERSION: ${{ steps.get_version.outputs.VERSION }} + run: | + echo "New version: ${RELEASE_VERSION}" + echo "Github username: ${GITHUB_ACTOR}" + ./gradlew -Pversion=${RELEASE_VERSION} test publish diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 0000000..83a1a31 --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,22 @@ + +name: SNYK + +on: + pull_request: + branches: [ master ] + +jobs: + run_snyk: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/gradle-jdk11@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high + command: monitor diff --git a/.gitignore b/.gitignore index c04bf53..ae14fc8 100644 --- a/.gitignore +++ b/.gitignore @@ -8,7 +8,6 @@ /bin/ /.vscode/ /.groovy -/gradle.properties .idea/ .externalToolBuilders/ /out diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b1d0cd..7829266 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.1] +### Created +- `SECURITY.md` file creation. +- GitHub Actions Workflow Creation. +- Updated dependenices resolving security problems. -## 1.0.0 +## [1.0.0] ### Created - Initial release of JenkinsDSL core. +[1.0.1]: https://github.com/EliLillyCo/CIRR_JenkinsPipelineLibraries/releases/v1.0.1...v1.0.0 [1.0.0]: https://github.com/EliLillyCo/CIRR_JenkinsPipelineLibraries/releases/v1.0.0 diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2b42e47 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Supported Versions + +The versions of this project which are currently being supported with security updates are: + +| Version | Supported | +| ------- | ------------------ | +| 1.x | :white_check_mark: | + +## Reporting a Vulnerability + +If you find a vulnerability assosiated with this source code please contact either: + +- [Jarrett Alexander](mailto:alexander_jarrett@lilly.com). +- [Nick Liffen](mailto:liffen_nicholas@lilly.com). + +For the moment in time, **please do not** open a GitHub issue on the repository to report a vulnerability. diff --git a/build.gradle b/build.gradle index da3de85..61be87f 100644 --- a/build.gradle +++ b/build.gradle @@ -6,6 +6,8 @@ apply plugin: 'java' apply plugin: 'maven-publish' apply plugin: 'jacoco' apply plugin: "io.spring.dependency-management" +apply plugin: 'org.owasp.dependencycheck' +apply plugin: 'com.github.ben-manes.versions' //// Configuration group = 'com.lilly.opensource.edat' @@ -40,21 +42,24 @@ test.testLogging { } repositories { - maven { - url 'https://elilillyco.jfrog.io/elilillyco/Lilly-Maven' - } + mavenCentral() + jcenter() + maven { url 'https://repo1.maven.org/maven2/' } + maven { url 'https://repo.jenkins-ci.org/releases/' } } buildscript { repositories { mavenCentral() + jcenter() } dependencies { - classpath "io.spring.gradle:dependency-management-plugin:1.0.3.RELEASE" + classpath "io.spring.gradle:dependency-management-plugin:1.0.3.RELEASE" + classpath 'org.owasp:dependency-check-gradle:5.3.2' + classpath 'com.github.ben-manes:gradle-versions-plugin:0.28.0' } } - dependencyManagement { imports { mavenBom 'com.amazonaws:aws-java-sdk-bom:1.11.485' @@ -63,9 +68,9 @@ dependencyManagement { dependencies { implementation 'org.codehaus.groovy:groovy-all:2.4.15' - implementation 'org.jenkins-ci.main:jenkins-core:2.141' - implementation group: 'org.jenkins-ci.plugins.workflow', name: 'workflow-cps', version: '2.57', ext: 'jar' - implementation group: 'org.jenkins-ci.plugins', name: 'credentials-binding', version: '1.17', ext: 'jar' + implementation 'org.jenkins-ci.main:jenkins-core:2.238' + implementation group: 'org.jenkins-ci.plugins.workflow', name: 'workflow-cps', version: '2.80', ext: 'jar' + implementation group: 'org.jenkins-ci.plugins', name: 'credentials-binding', version: '1.23', ext: 'jar' implementation group: 'org.jenkins-ci.plugins', name: 'branch-api', version: '2.0.21', ext: 'jar' implementation group: 'org.jenkins-ci.plugins', name: 'cloudbees-folder', version: '6.7', ext: 'jar' implementation group: 'org.jenkins-ci.plugins', name: 'scm-api', version: '2.3.0', ext: 'jar' @@ -78,18 +83,18 @@ dependencies { implementation group: 'com.cloudbees', name: 'groovy-cps', version: '1.24', ext: 'jar' implementation group: 'org.jenkins-ci.plugins.workflow', name: 'workflow-durable-task-step', version: '2.26', ext: 'jar' implementation group: 'org.jenkins-ci.plugins', name: 'durable-task', version: '1.28', ext: 'jar' - implementation 'com.amazonaws:aws-java-sdk-core' - implementation 'com.amazonaws:aws-java-sdk-s3' - implementation 'com.amazonaws:aws-java-sdk-sts' + implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.803', ext: 'jar' + implementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.11.803', ext: 'jar' + implementation group: 'com.amazonaws', name: 'aws-java-sdk-sts', version: '1.11.803', ext: 'jar' implementation group: 'org.jenkins-ci.plugins', name: 'cloudbees-folder', version: '6.7', ext: 'jar' implementation group: 'org.apache.ivy', name: 'ivy', version: '2.4.0', ext: 'jar' - implementation 'javax.servlet:javax.servlet-api:4.0.1' - implementation 'org.spockframework:spock-core:1.2-groovy-2.4' - implementation 'org.yaml:snakeyaml:1.23' - testImplementation 'junit:junit:4.12' - testRuntimeOnly 'net.bytebuddy:byte-buddy:1.8.21' - testRuntimeOnly 'org.objenesis:objenesis:2.6' - testRuntimeOnly 'org.slf4j:slf4j-simple:1.7.25' + implementation group: 'javax.servlet', name: 'javax.servlet-api', version: '4.0.1', ext: 'jar' + implementation group: 'org.spockframework', name: 'spock-core', version: '1.2-groovy-2.4', ext: 'jar' + implementation group: 'org.yaml', name: 'snakeyaml', version: '1.23', ext: 'jar' + testImplementation group: 'junit', name: 'junit', version: '4.12', ext: 'jar' + testRuntimeOnly group: 'net.bytebuddy', name: 'byte-buddy', version: '1.8.21', ext: 'jar' + testRuntimeOnly group: 'org.objenesis', name: 'objenesis', version: '2.6', ext: 'jar' + testRuntimeOnly group: 'org.slf4j', name: 'slf4j-simple', version: '1.7.25', ext: 'jar' } //// Sources and GroovyDoc Jars diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 0000000..8d0c7be --- /dev/null +++ b/gradle.properties @@ -0,0 +1 @@ +version=1.0.0-SNAPSHOT