ENT-12844 - Build default jars for snyk scans (#7914)

* Build default jars for snyk scans

* Snyk-scanner JAR for corda capsule

* Don't publish snyk-scanner jars

* Unwound previous changes

* Include more snyk-scanner jars; removed references to Snyk
This commit is contained in:
Chris Cochrane 2025-04-24 10:27:04 +01:00 committed by GitHub
parent 66c44adc16
commit 910e6f3212
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 48 additions and 4 deletions

View File

@ -755,12 +755,53 @@ artifactory {
defaults {
// Root project applies the plugin (for this block) but does not need to be published
if (project != rootProject) {
publications(project.extensions.publish.name())
def pubNames = project.publishing.publications*.name
publications(pubNames.toArray(new String[0]))
}
}
}
}
// Publish the default jar for fat-jar sub-modules that do not currently publish their dependencies.
// These are not for external consumption.
// We must generate a jar which has a pom.xml with a full dependency list for vulnerability tools to evaluate.
subprojects {
afterEvaluate { project ->
// map project to actual jar name, since some sub-project jars are not
// published with the same name as their sub-project.
def projectDict = [
"testing:testserver": "corda-testserver",
"tools:explorer": "corda-tools-explorer",
"opentelemetry:opentelemetry-driver": "corda-opentelemetry-driver",
"tools:network-builder": "corda-tools-network-builder",
"node:capsule": "corda"
]
def lookupName = "${project.parent.name}:${project.name}".toString()
if (projectDict.containsKey(lookupName)) {
apply plugin: 'maven-publish'
def jarName = projectDict[lookupName]
publishing {
publications {
"$jarName-jarPublication"(MavenPublication) {
from components.java
artifactId = "$jarName-thin-with-deps"
pom {
name = "$jarName-thin-with-deps"
description = "Corda ${project.name} for vulnerability checking."
}
}
}
}
jar {
archiveClassifier = 'R3-internal'
}
}
}
}
tasks.register('generateApi', net.corda.plugins.apiscanner.GenerateApi) {
baseName = "api-corda"
}

View File

@ -20,6 +20,9 @@ dependencies {
capsuleRuntime "com.typesafe:config:$typesafe_config_version"
compileOnly "com.typesafe:config:$typesafe_config_version"
testRuntimeOnly "com.typesafe:config:$typesafe_config_version"
// 'implementation' for the benefit of the snyk-scanner POM file
implementation "com.typesafe:config:$typesafe_config_version"
// Capsule is a library for building independently executable fat JARs.
// We only need this dependency to compile our Caplet against.
@ -30,7 +33,7 @@ dependencies {
testImplementation "junit:junit:$junit_version"
}
jar.enabled = false
jar.enabled = true
capsule {
version capsule_version

View File

@ -30,7 +30,7 @@ artifacts {
}
jar {
enabled = false
enabled = true
}
publish {

View File

@ -88,7 +88,7 @@ artifacts {
}
jar {
enabled = false
enabled = true
}
publish {