feat: update spotless, ktlint, min java version (#8)

Author: aaron-steinfeld

.github/CODEOWNERS

@@ -3,5 +3,3 @@
 # global
 * @hypertrace/build-tooling
 
-# GH action
-.github/ @aaron-steinfeld @jbahire @kotharironak

.github/workflows/pr-build.yml

@@ -9,29 +9,22 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
        # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Check out code
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
           fetch-depth: 0
 
-      - name: create checksum file
-        uses: hypertrace/github-actions/checksum@main
-
-      - name: Cache packages
-        uses: actions/cache@v2
-        with:
-          path: ~/.gradle
-          key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }}
-          restore-keys: |
-            gradle-packages-${{ runner.os }}-${{ github.job }}
-            gradle-packages-${{ runner.os }}
-      
       - name: Build with Gradle
         uses: hypertrace/github-actions/gradle@main
         with: 
-          args: build
+          args: build
+  dependency-check:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Dependency Check
+        uses: hypertrace/github-actions/dependency-check@main

.github/workflows/publish.yml

@@ -8,26 +8,14 @@ on:
 
 jobs:
   publish-artifacts:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Check out code
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      - name: create checksum file
-        uses: hypertrace/github-actions/checksum@main
-
-      - name: Cache packages
-        uses: actions/cache@v2
-        with:
-          path: ~/.gradle
-          key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }}
-          restore-keys: |
-            gradle-packages-${{ runner.os }}-${{ github.job }}
-            gradle-packages-${{ runner.os }}
-
       - name: publish java artifacts
         uses: hypertrace/github-actions/gradle@main
         with: 

.github/workflows/snyk-scan.yml

@@ -5,17 +5,21 @@ plugins {
   id("org.hypertrace.repository-plugin") version "0.4.0"
   id("org.hypertrace.ci-utils-plugin") version "0.3.0"
   id("org.hypertrace.publish-plugin") version "1.0.4"
+  id("org.owasp.dependencycheck") version "8.4.0"
 }
 
 group = "org.hypertrace.gradle.code.style"
 
 java {
-  targetCompatibility = JavaVersion.VERSION_1_8
-  sourceCompatibility = JavaVersion.VERSION_1_8
+  targetCompatibility = JavaVersion.VERSION_11
+  sourceCompatibility = JavaVersion.VERSION_11
 }
 
 dependencies {
-  api("com.diffplug.spotless:spotless-plugin-gradle:6.8.0")
+  api("com.diffplug.spotless:spotless-plugin-gradle:6.20.0")
+  constraints {
+    implementation("com.squareup.okio:okio:3.4.0")
+  }
 }
 
 gradlePlugin {
@@ -30,3 +34,10 @@ gradlePlugin {
 hypertracePublish {
   license.set(APACHE_2_0)
 }
+
+dependencyCheck {
+  format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString()
+  suppressionFile = "owasp-suppressions.xml"
+  scanConfigurations.add("runtimeClasspath")
+  failBuildOnCVSS = 3.0F
+}

build.gradle.kts

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-all.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <packageUrl regex="true">^pkg:maven/org\.eclipse\.platform/org\.eclipse\.osgi@.*$</packageUrl>
+        <cpe>cpe:/a:eclipse:equinox</cpe>
+    </suppress>
+</suppressions>