mirror of
https://github.com/corda/corda.git
synced 2025-06-23 09:25:36 +00:00
Fwd-merge scannable jars updates from 4.11
This commit is contained in:
chriscochrane
@ -6,69 +6,127 @@ if (System.getenv('CORDA_ARTIFACTORY_USERNAME') != null || project.hasProperty('
|
||||
logger.info("Internal R3 user - resolving publication build dependencies from internal plugins")
|
||||
pluginManager.apply('com.r3.internal.gradle.plugins.r3Publish')
|
||||
afterEvaluate {
|
||||
publishing {
|
||||
publications {
|
||||
configureEach {
|
||||
def repo = "https://github.com/corda/corda"
|
||||
pom {
|
||||
description = project.description
|
||||
name = project.name
|
||||
url = repo
|
||||
scm {
|
||||
url = repo
|
||||
}
|
||||
licenses {
|
||||
license {
|
||||
name = 'Apache-2.0'
|
||||
url = 'https://www.apache.org/licenses/LICENSE-2.0'
|
||||
distribution = 'repo'
|
||||
}
|
||||
}
|
||||
// Define a common repository URL (assuming 'repo' is a variable or can be defined here)
|
||||
// You might need to define 'repo' in your top-level build.gradle or elsewhere.
|
||||
def repoUrl = "https://github.com/corda/corda" // Replace with your actual repo URL if 'repo' is not global
|
||||
// Or access from project properties if 'repo' is defined there, e.g., project.ext.repoUrl or project.findProperty('repoUrl')
|
||||
|
||||
developers {
|
||||
developer {
|
||||
id = 'R3'
|
||||
name = 'R3'
|
||||
email = 'dev@corda.net'
|
||||
}
|
||||
}
|
||||
}
|
||||
// --- Define a common POM configuration closure/action that applies to ALL publications ---
|
||||
def configureCommonPom = { MavenPom pom ->
|
||||
pom.description = project.description // Use project's description
|
||||
pom.name = project.name // Use project's name
|
||||
pom.url = repoUrl
|
||||
pom.scm {
|
||||
url = repoUrl
|
||||
}
|
||||
pom.licenses {
|
||||
license {
|
||||
name = 'Apache-2.0'
|
||||
url = 'https://www.apache.org/licenses/LICENSE-2.0'
|
||||
distribution = 'repo'
|
||||
}
|
||||
}
|
||||
pom.developers {
|
||||
developer {
|
||||
id = 'R3'
|
||||
name = 'R3'
|
||||
email = 'dev@corda.net'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Publish the default jar for fat-jar sub-modules that do not currently publish their dependencies.
|
||||
// These are not for external consumption.
|
||||
// We must generate a jar which has a pom.xml with a full dependency list for vulnerability tools to evaluate.
|
||||
// Only do this for builds done within R3.
|
||||
def projectDict = [
|
||||
"testing:testserver": "corda-testserver",
|
||||
"tools:explorer": "corda-tools-explorer",
|
||||
"opentelemetry:opentelemetry-driver": "corda-opentelemetry-driver",
|
||||
"tools:network-builder": "corda-tools-network-builder",
|
||||
"node:capsule": "corda"
|
||||
]
|
||||
def lookupName = "${project.parent.name}:${project.name}".toString()
|
||||
// Apply maven-publish plugin unconditionally to all projects in this block
|
||||
project.pluginManager.apply('maven-publish')
|
||||
|
||||
if (projectDict.containsKey(lookupName)) {
|
||||
pluginManager.apply('maven-publish')
|
||||
def jarName = projectDict[lookupName]
|
||||
publishing {
|
||||
publications {
|
||||
"$jarName-jarPublication"(MavenPublication) {
|
||||
from components.java
|
||||
artifactId = "$jarName-thin-with-deps"
|
||||
pom {
|
||||
name = "$jarName-thin-with-deps"
|
||||
description = "Corda ${project.name} for vulnerability checking."
|
||||
// Set common project properties for publishing (group and version)
|
||||
project.group 'net.corda'
|
||||
project.version "$corda_release_version" // Assuming corda_release_version is defined
|
||||
|
||||
def projectDict = [
|
||||
"testserver:testcapsule": [name: "corda-testserver", type: 'capsule'],
|
||||
"explorer:capsule": [name: "corda-tools-explorer", type: 'capsule'],
|
||||
"opentelemetry:opentelemetry-driver": [name: "corda-opentelemetry-driver", type: 'shadow'],
|
||||
"tools:network-builder": [name: "corda-tools-network-builder", type: 'shadow'],
|
||||
"node:capsule": [name: "corda", type: 'capsule'],
|
||||
"corda-project:confidential-identities": [name: "corda-confidential-identities", type: 'corda'],
|
||||
"finance:contracts": [name: "corda-finance-contracts", type: 'corda'],
|
||||
"finance:workflows": [name: "corda-finance-workflows", type: 'corda']
|
||||
]
|
||||
def lookupName = "${project.parent?.name ?: ''}:${project.name}".toString() // Handle root project gracefully
|
||||
|
||||
project.publishing {
|
||||
publications {
|
||||
|
||||
withType(MavenPublication).all { publication ->
|
||||
// Only apply if the publication's POM hasn't been explicitly configured with these details yet,
|
||||
// or if we want to overwrite. Using 'pom(configureCommonPom)' is additive for elements
|
||||
// like developers/licenses but overwrites simple fields like name/description.
|
||||
// This applies to all publications, be they maven, shadow, corda, capsule, thin-for-deps.
|
||||
publication.pom(configureCommonPom)
|
||||
}
|
||||
|
||||
if (projectDict.containsKey(lookupName)) {
|
||||
def jarName = projectDict[lookupName].name
|
||||
def projectType = projectDict[lookupName].type
|
||||
def publicationName = "${jarName}Publication" // Use a consistent name
|
||||
|
||||
if (projectType == "corda" || projectType == "capsule") {
|
||||
def thinWithDepsJarTask = project.tasks.register("${jarName}ThinWithDepsJar", Jar) {
|
||||
archiveClassifier = 'R3-internal' // IMPORTANT: Give it a classifier
|
||||
from project.sourceSets.main.output // Include compiled classes and resources
|
||||
}
|
||||
|
||||
create(publicationName, MavenPublication) {
|
||||
artifact(thinWithDepsJarTask.get())
|
||||
|
||||
groupId = project.group
|
||||
artifactId = "${jarName}-thin-with-deps" // Distinct artifactId
|
||||
version = project.version
|
||||
|
||||
// Manual dependency handling for 'corda' and 'capsule' types
|
||||
pom.withXml {
|
||||
def rootNode = asNode()
|
||||
// Ensure dependencies node exists
|
||||
def dependenciesNode = rootNode.children().find { it.name() == 'dependencies' }
|
||||
if (!dependenciesNode) {
|
||||
dependenciesNode = rootNode.appendNode('dependencies')
|
||||
}
|
||||
|
||||
def dependenciesProject = project
|
||||
if (projectType == "capsule") {
|
||||
dependenciesProject = project.parent
|
||||
}
|
||||
|
||||
if (dependenciesProject != null) {
|
||||
dependenciesProject.configurations.runtimeClasspath.allDependencies.each { dep ->
|
||||
if (dep instanceof ExternalModuleDependency) {
|
||||
def dnode = dependenciesNode.appendNode('dependency')
|
||||
dnode.appendNode('groupId', "${dep.group}")
|
||||
dnode.appendNode('artifactId', "${dep.name}")
|
||||
dnode.appendNode('version', "${dep.version}")
|
||||
dnode.appendNode('scope', 'compile')
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else { // type = 'shadow' (handled by projectDict)
|
||||
create(publicationName, MavenPublication) {
|
||||
from project.components.java
|
||||
artifactId = "$jarName-thin-with-deps"
|
||||
|
||||
// No manual dependency crafting needed here, `from components.java` handles it
|
||||
}
|
||||
|
||||
// Apply classifier to the main jar for 'shadow' projects
|
||||
project.tasks.withType(Jar).configureEach { jarTask ->
|
||||
if (jarTask.name == 'jar') { // Ensure it's the main jar task
|
||||
jarTask.archiveClassifier = 'R3-internal'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
jar {
|
||||
archiveClassifier = 'R3-internal'
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
||||
@ -17,7 +17,10 @@ dependencies {
|
||||
capsuleRuntime "com.typesafe:config:$typesafe_config_version"
|
||||
}
|
||||
|
||||
jar.enabled = true
|
||||
jar {
|
||||
enabled = true
|
||||
classifier 'thin'
|
||||
}
|
||||
|
||||
capsule {
|
||||
version capsule_version
|
||||
|
||||
Reference in New Issue
Block a user