Merge branch 'main' of github.com:TBD54566975/tbdex-kt into 132-replyTo

.github/workflows/ci.yaml

@@ -16,7 +16,10 @@ jobs:
  matrix:
  os: [ ubuntu-latest ]
  steps:
- - uses: actions/checkout@v2
+ - name: Checkout source
+ uses: actions/checkout@v2
+ with:
+ submodules: 'true'
  - uses: gradle/wrapper-validation-action@v1
  - uses: actions/setup-java@v1
  with:
@@ -87,9 +90,9 @@ jobs:
  app-id: ${{ secrets.CICD_ROBOT_GITHUB_APP_ID }}
  private-key: ${{ secrets.CICD_ROBOT_GITHUB_APP_PRIVATE_KEY }}
  owner: TBD54566975
- repositories: sdk-development
+ repositories: sdk-report-runner
 
- - name: Trigger sdk-development report build
+ - name: Trigger sdk-report-runner report build
  if: github.ref == 'refs/heads/main'
  run: |
  curl -L \
@@ -98,6 +101,6 @@ jobs:
  -H "Content-Type: application/json" \
  --fail \
  --data '{"ref": "main"}' \
- https://api.github.com/repos/TBD54566975/sdk-development/actions/workflows/build-report.yaml/dispatches
+ https://api.github.com/repos/TBD54566975/sdk-report-runner/actions/workflows/build-report.yaml/dispatches
  env:
- APP_TOKEN: ${{ steps.generate_token.outputs.token }}
+ APP_TOKEN: ${{ steps.generate_token.outputs.token }}

.github/workflows/codeql.yaml

@@ -0,0 +1,84 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+ schedule:
+ - cron: '26 21 * * 4'
+
+jobs:
+ analyze:
+ name: Analyze
+ # Runner size impacts CodeQL analysis time. To learn more, please see:
+ # - https://gh.io/recommended-hardware-resources-for-running-codeql
+ # - https://gh.io/supported-runners-and-hardware-resources
+ # - https://gh.io/using-larger-runners
+ # Consider using larger runners for possible analysis time improvements.
+ runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+ timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+ permissions:
+ # required for all workflows
+ security-events: write
+
+ # only required for workflows in private repositories
+ actions: read
+ contents: read
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'java-kotlin' ]
+ # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
+ # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
+ # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v3
+
+ # ℹ️ Command-line programs to run using the OS shell.
+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+ # - run: |
+ # echo "Run, Build Application using script"
+ # ./location_of_script_within_repo/buildscript.sh
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:${{matrix.language}}"

.github/workflows/docs.yaml

@@ -1,9 +1,10 @@
 name: tbdex SDK Publish Docs to GH Pages
 
 on:
- # Runs on pushes targeting the default branch
+ # Runs on new releases publishing
  push:
- branches: ["main"]
+ tags:
+ - v**
 
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

.github/workflows/publish.yaml

@@ -0,0 +1,40 @@
+name: Publish package to the Maven Central Repository
+on:
+ workflow_dispatch:
+ inputs:
+ version:
+ description: 'Version to publish. For example "0.0.1"'
+ required: true
+ default: '0.0.0'
+ release:
+ types: [ published ]
+jobs:
+ publish:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: true
+ - uses: gradle/wrapper-validation-action@v1
+ - name: Set up Java
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'corretto'
+ java-version: '11'
+ - uses: actions/cache@v3
+ with:
+ path: ~/.gradle/caches
+ key: gradle-ubuntu-latest-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}-${{ hashFiles('**/versions.properties') }}
+
+ - name: Sonatype Publish Close And Release
+ run: |
+ if [ -n "${{ github.event.inputs.version }}" ]; then
+ ./gradlew -Pversion=${{ github.event.inputs.version }} publishToSonatype closeAndReleaseSonatypeStagingRepository
+ else
+ ./gradlew -Pversion=$(echo "${{ github.ref_name }}" | cut -c2-) publishToSonatype closeAndReleaseSonatypeStagingRepository
+ fi
+ env:
+ ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }}
+ ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }}
+ ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEUSERNAME }}
+ ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEPASSWORD }}

.github/workflows/scorecard.yml

@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+ # For Branch-Protection check. Only the default branch is supported. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+ branch_protection_rule:
+ # To guarantee Maintained check is occasionally updated. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+ schedule:
+ - cron: '24 7 * * 0'
+ push:
+ branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+ analysis:
+ name: Scorecard analysis
+ runs-on: ubuntu-latest
+ permissions:
+ # Needed to upload the results to code-scanning dashboard.
+ security-events: write
+ # Needed to publish results and get a badge (see publish_results below).
+ id-token: write
+ # Uncomment the permissions below if installing in a private repository.
+ # contents: read
+ # actions: read
+
+ steps:
+ - name: "Checkout code"
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+ with:
+ persist-credentials: false
+
+ - name: "Run analysis"
+ uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+ with:
+ results_file: results.sarif
+ results_format: sarif
+ # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+ # - you want to enable the Branch-Protection check on a *public* repository, or
+ # - you are installing Scorecard on a *private* repository
+ # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+ # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+ # Public repositories:
+ # - Publish results to OpenSSF REST API for easy access by consumers
+ # - Allows the repository to include the Scorecard badge.
+ # - See https://github.com/ossf/scorecard-action#publishing-results.
+ # For private repositories:
+ # - `publish_results` will always be set to `false`, regardless
+ # of the value entered here.
+ publish_results: true
+
+ # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+ # format to the repository Actions tab.
+ - name: "Upload artifact"
+ uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+ with:
+ name: SARIF file
+ path: results.sarif
+ retention-days: 5
+
+ # Upload the results to GitHub's code scanning dashboard.
+ - name: "Upload to code-scanning"
+ uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+ with:
+ sarif_file: results.sarif

README.md

@@ -1,6 +1,6 @@
 # tbdex-kt
 
-[![License](https://img.shields.io/github/license/TBD54566975/tbdex-kt)](https://github.com/TBD54566975/tbdex-kt/blob/main/LICENSE) [![CI](https://github.com/TBD54566975/tbdex-kt/actions/workflows/ci.yaml/badge.svg)](https://github.com/TBD54566975/tbdex-kt/actions/workflows/ci.yaml) [![](https://jitpack.io/v/TBD54566975/tbdex-kt.svg)](https://jitpack.io/#TBD54566975/tbdex-kt) [![Coverage](https://img.shields.io/codecov/c/gh/tbd54566975/tbdex-kt/main?logo=codecov&logoColor=FFFFFF&style=flat-square&token=YI87CKF1LI)](https://codecov.io/github/TBD54566975/tbdex-kt)
+[![License](https://img.shields.io/github/license/TBD54566975/tbdex-kt)](https://github.com/TBD54566975/tbdex-kt/blob/main/LICENSE) [![CI](https://github.com/TBD54566975/tbdex-kt/actions/workflows/ci.yaml/badge.svg)](https://github.com/TBD54566975/tbdex-kt/actions/workflows/ci.yaml) [![](https://jitpack.io/v/TBD54566975/tbdex-kt.svg)](https://jitpack.io/#TBD54566975/tbdex-kt) [![Coverage](https://img.shields.io/codecov/c/gh/tbd54566975/tbdex-kt/main?logo=codecov&logoColor=FFFFFF&style=flat-square&token=YI87CKF1LI)](https://codecov.io/github/TBD54566975/tbdex-kt) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/TBD54566975/tbdex-kt/badge)](https://securityscorecards.dev/viewer/?uri=github.com/TBD54566975/tbdex-kt)
 
 This repo contains 2 jvm packages:
 

build.gradle.kts

@@ -11,6 +11,8 @@ plugins {
  `maven-publish`
  id("org.jetbrains.dokka") version "1.9.0"
  id("org.jetbrains.kotlinx.kover") version "0.7.3"
+ signing
+ id("io.github.gradle-nexus.publish-plugin") version "1.3.0"
 }
 
 repositories {
@@ -22,8 +24,7 @@ dependencies {
 }
 
 allprojects {
- version = "0.6.0"
- group = "tbdex"
+ group = "xyz.block"
 }
 
 subprojects {
@@ -34,6 +35,7 @@ subprojects {
  plugin("maven-publish")
  plugin("org.jetbrains.dokka")
  plugin("org.jetbrains.kotlinx.kover")
+ plugin("signing")
  }
 
  tasks.withType<Detekt>().configureEach {
@@ -59,14 +61,51 @@ subprojects {
  targetCompatibility = JavaVersion.VERSION_11
  }
 
+ val publicationName = "${rootProject.name}-${project.name}"
  publishing {
  publications {
- create<MavenPublication>("tbdex") {
+ create<MavenPublication>(publicationName) {
  groupId = project.group.toString()
- artifactId = project.name.toString()
- version = project.version.toString()
+ artifactId = name
+ description = "Kotlin SDK for tbdex functionality"
+ version = project.property("version").toString()
  from(components["java"])
  }
+
+ withType<MavenPublication> {
+ pom {
+ name = publicationName
+ packaging = "jar"
+ description.set("tbdex kotlin SDK")
+ url.set("https://github.com/TBD54566975/tbdex-kt")
+ inceptionYear.set("2023")
+ licenses {
+ license {
+ name.set("The Apache License, Version 2.0")
+ url.set("https://github.com/TBD54566975/tbdex-kt/blob/main/LICENSE")
+ }
+ }
+ developers {
+ developer {
+ id.set("TBD54566975")
+ name.set("Block Inc.")
+ email.set("tbd-releases@tbd.email")
+ }
+ }
+ scm {
+ connection.set("scm:git:git@github.com:TBD54566975/tbdex-kt.git")
+ developerConnection.set("scm:git:ssh:git@github.com:TBD54566975/tbdex-kt.git")
+ url.set("https://github.com/TBD54566975/tbdex-kt")
+ }
+ }
+ }
+ }
+
+ signing {
+ val signingKey: String? by project
+ val signingPassword: String? by project
+ useInMemoryPgpKeys(signingKey, signingPassword)
+ sign(publishing.publications[publicationName])
  }
  }
 
@@ -108,4 +147,58 @@ subprojects {
 // this will not affect subprojects
 tasks.dokkaHtmlMultiModule {
  moduleName.set("tbdex SDK Documentation")
+}
+
+publishing {
+ publications {
+ create<MavenPublication>("tbdex") {
+ groupId = project.group.toString()
+ artifactId = name
+ description = "Kotlin SDK for tbdex functionality"
+ version = project.property("version").toString()
+ from(components["java"])
+
+ pom {
+ packaging = "jar"
+ name = project.name
+ description.set("tbdex kotlin SDK")
+ url.set("https://github.com/TBD54566975/tbdex-kt")
+ inceptionYear.set("2023")
+ licenses {
+ license {
+ name.set("The Apache License, Version 2.0")
+ url.set("https://github.com/TBD54566975/tbdex-kt/blob/main/LICENSE")
+ }
+ }
+ developers {
+ developer {
+ id.set("TBD54566975")
+ name.set("Block Inc.")
+ email.set("tbd-releases@tbd.email")
+ }
+ }
+ scm {
+ connection.set("scm:git:git@github.com:TBD54566975/tbdex-kt.git")
+ developerConnection.set("scm:git:ssh:git@github.com:TBD54566975/tbdex-kt.git")
+ url.set("https://github.com/TBD54566975/tbdex-kt")
+ }
+ }
+ }
+ }
+}
+
+signing {
+ val signingKey: String? by project
+ val signingPassword: String? by project
+ useInMemoryPgpKeys(signingKey, signingPassword)
+ sign(publishing.publications["tbdex"])
+}
+
+nexusPublishing {
+ repositories {
+ sonatype { //only for users registered in Sonatype after 24 Feb 2021
+ nexusUrl.set(uri("https://s01.oss.sonatype.org/service/local/"))
+ snapshotRepositoryUrl.set(uri("https://s01.oss.sonatype.org/content/repositories/snapshots/"))
+ }
+ }
 }