diff --git a/.github/workflows/security.code-scanning.yml b/.github/workflows/security.code-scanning.yml new file mode 100644 index 0000000..a868d13 --- /dev/null +++ b/.github/workflows/security.code-scanning.yml @@ -0,0 +1,19 @@ +name: CodeQL + +on: + pull_request: + branches: [ main ] + push: + branches: [ main ] + workflow_dispatch: + +jobs: + codeql-java: + uses: chargehound/security-workflows-public/.github/workflows/codeql-java.yml@test-gradle-submission + with: + build-mode: 'manual' + build-command: './gradlew --parallel --no-daemon --no-build-cache clean assemble -x test' + java-version: '8' + secrets: + DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} + diff --git a/.github/workflows/security.dependency-review.yml b/.github/workflows/security.dependency-review.yml new file mode 100644 index 0000000..8173a6f --- /dev/null +++ b/.github/workflows/security.dependency-review.yml @@ -0,0 +1,17 @@ +name: Dependency Review + +on: + push: + branches: ['main'] + + pull_request: + branches: [ main ] + workflow_dispatch: + +jobs: + dependency-review: + uses: chargehound/security-workflows-public/.github/workflows/dependency-review-gradle.yml@test-gradle-submission + with: + java-version: 8 + secrets: + DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/test-java.yaml b/.github/workflows/test-java.yaml index 8dd16b2..0665ed3 100644 --- a/.github/workflows/test-java.yaml +++ b/.github/workflows/test-java.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - java: [ '8', '9', '10', '11'] + java: [ '8' ] name: Test Java ${{ matrix.java }} steps: - uses: actions/checkout@v2 diff --git a/build.gradle b/build.gradle index eb21d38..71e9b5f 100644 --- a/build.gradle +++ b/build.gradle @@ -134,4 +134,67 @@ uploadArchives { } } } -} \ No newline at end of file +} + +// TODO: Remove task after upgrading Gradle >= 5.2 +import org.gradle.api.artifacts.ResolvedDependency +import org.gradle.api.artifacts.Configuration +import java.io.BufferedWriter +import java.io.FileWriter + +tasks.register("generateDependencyReport") { + doLast { + def outputFile = file("${buildDir}/dependency-report.txt") + File parentDir = outputFile.parentFile + if (!parentDir.exists() && !parentDir.mkdirs()) { + throw new IOException("Failed to create directory ${parentDir}") + } + + // Create a writer to write the dependency report to the file + BufferedWriter writer = new BufferedWriter(new FileWriter(outputFile)) + try { + writer.write("Manifest: ${project.name}\n") + writer.write("# Generated on ${new Date()}\n\n") + + // Iterate through all project configurations + project.configurations.each { Configuration config -> + try { + if (config.isCanBeResolved()) { + writer.write("${config.name}:\n") + + def dependencies = config.resolvedConfiguration.firstLevelModuleDependencies + if (dependencies.isEmpty()) { + writer.write(" (No dependencies found)\n") + } else { + dependencies.each { ResolvedDependency dep -> + printDependency(dep, writer, 1) + } + } + } else { + writer.write("${config.name}:\n") + writer.write(" (Cannot be resolved)\n") + } + } catch (Exception e) { + writer.write("${config.name}:\n") + writer.write(" (Resolution failed: ${e.message})\n") + } + + writer.write("\n") + } + } finally { + writer.close() + } + + println("Dependency report generated: ${outputFile.absolutePath}") + } +} + +// Recursive function to print dependencies with proper indentation +void printDependency(ResolvedDependency dependency, BufferedWriter writer, int level) { + def indentation = " " * level + writer.write("${indentation}- ${dependency.moduleGroup}:${dependency.moduleName}:${dependency.moduleVersion}\n") + + dependency.children.each { ResolvedDependency child -> + printDependency(child, writer, level + 1) + } +}