Migrate the build system from Maven to Gradle

Author: purejava

.github/dependabot.yml

@@ -1,27 +1,12 @@
 version: 2
 updates:
-  - package-ecosystem: "maven"
+  - package-ecosystem: "gradle"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "saturday"
       time: "06:00"
       timezone: "Etc/UTC"
-    groups:
-      java-test-dependencies:
-        patterns:
-          - "org.junit.jupiter:*"
-      maven-build-plugins:
-        patterns:
-          - "org.apache.maven.plugins:*"
-          - "org.sonatype.plugins:*"
-      java-production-dependencies:
-        patterns:
-          - "*"
-        exclude-patterns:
-          - "org.apache.maven.plugins:*"
-          - "org.junit.jupiter:*"
-          - "org.sonatype.plugins:*"
 
   - package-ecosystem: "github-actions"
     directory: "/" # even for `.github/workflows`

.github/workflows/build_and_release_github.yml

@@ -6,181 +6,44 @@ on:
       - '*'
 
 jobs:
-  tagged-release:
-    name: "Tagged Release"
-    runs-on: "ubuntu-latest"
-
-    steps:
-      - uses: "marvinpinto/action-automatic-releases@latest"
-        id: create_release
-        with:
-          repo_token: "${{ secrets.GITHUB_TOKEN }}"
-          prerelease: false
-          draft: true
-
-      - name: Output Release URL File
-        run: echo "${{ steps.create_release.outputs.upload_url }}" > release_url.txt
-
-      - name: Save Release URL file for publish
-        uses: actions/upload-artifact@v4
-        with:
-          name: release_url
-          path: release_url.txt
-
-      - uses: little-core-labs/[email protected]
-        id: tagName
-
-      - name: Output git tag
-        run: echo "${{ steps.tagName.outputs.tag }}" > git_tag.txt
-
-      - name: Save git tag file for publish
-        uses: actions/upload-artifact@v4
-        with:
-          name: git_tag
-          path: git_tag.txt
-
-  build_and_upload:
-    needs: tagged-release
-    name: build_and_upload
+  release:
     runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
     steps:
       - uses: actions/checkout@v4
-      - name: maven-settings-xml-action
-        uses: whelk-io/maven-settings-xml-action@v22
-        with:
-          repositories: >
-            [
-              {
-                "id": "central",
-                "url": "https://repo1.maven.org/maven2"
-              },
-              {
-                "id": "github",
-                "url": "https://maven.pkg.github.com/bitwarden/sdk",
-                "releases": {
-                    "enabled": "true"
-                },
-                "snapshots": {
-                    "enabled": "true"
-                }
-              }
-            ]
-          servers: >
-            [
-              {
-                "id": "github",
-                "username": "${env.PACKAGES_USER}",
-                "password": "${env.PACKAGES_ACCESS_TOKEN}",
-                "configuration": {
-                  "httpConfiguration": {
-                    "all": {
-                      "usePreemptive": "true"
-                    }
-                  }
-                }
-              }
-            ]
-          profiles: >
-            [
-              {
-                "id": "github"
-              }
-            ]
-          active_profiles: >
-            [
-              "github"
-            ]
-          output_file: .m2/settings.xml
+
       - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '20'
-          cache: 'maven'
-          overwrite-settings: 'false'
-      - name: Set up GPG
-        run: |
-          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-      - name: Build with Maven
-        run: mvn -B -Psign -Dgpg.passphrase=${GPG_PASSPHRASE} -Dtest=org.purejava.integrations.keychain.BitwardenAccessTest install --settings ${{ github.workspace }}/.m2/settings.xml --file pom.xml
-        env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          PACKAGES_USER: ${{ secrets.PACKAGES_USER }}
-          PACKAGES_ACCESS_TOKEN: ${{ secrets.PACKAGES_ACCESS_TOKEN }}
 
-      - name: Load Release URL File from release job
-        uses: actions/download-artifact@v4
-        with:
-          name: release_url
-      - name: Get Release File Name & Upload URL
-        id: get_release_info
-        run: |
-          value=`cat release_url.txt`
-          echo ::set-output name=upload_url::$value
-      - name: Load git tag from release job
-        uses: actions/download-artifact@v4
-        with:
-          name: git_tag
-      - name: Get git tag info
-        id: get_tag_info
-        run: |
-          value=`cat git_tag.txt`
-          echo ::set-output name=git_tag::$value
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
 
-      - name: Sign uber jar with key 5BFB2076ABC48776
-        run: |
-          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 5BFB2076ABC48776 --detach-sign ./target/cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar
-        env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-      - name: Sign source tarball with key 5BFB2076ABC48776
-        if: startsWith(github.ref, 'refs/tags/')
+      - name: Import GPG key
         run: |
-          git archive --prefix="cryptomator-bitwarden-${{ github.ref_name }}/" -o "cryptomator-bitwarden-${{ github.ref_name }}.tar.gz" ${{ github.ref }}
-          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 5BFB2076ABC48776 --detach-sign cryptomator-bitwarden-*.tar.gz
+          echo "$GPG_SIGNING_KEY_PW" | gpg --batch --import --yes --passphrase-fd 0 <(echo -n "$GPG_SIGNING_KEY_B64" | base64 --decode)
         env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_SIGNING_KEY_B64: ${{ secrets.GPG_PRIVATE_KEY_B64 }}
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Upload uber jar
-        id: upload-release-asset
-        uses: actions/[email protected]
+      - name: Setup GPG key information
+        run: |
+          mkdir -p ~/.gradle ~/.gnupg
+          echo "signing.gnupg.homeDir=/home/runner/.gnupg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.keyName=ABC48776" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.passphrase=${GPG_SIGNING_KEY_PW}" >> ~/.gradle/gradle.properties
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./target/cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar
-          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar
-          asset_content_type: application/java-archive
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Upload signature file for uber jar
-        id: upload-signature-file-for-uber-jar
-        uses: actions/[email protected]
+      - name: Build package
+        run: ./gradlew clean build
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./target/cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar.sig
-          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar.sig
-          asset_content_type: application/pgp-signature
+          GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Upload tarball
-        id: upload-release-asset-2
-        uses: actions/[email protected]
+      - name: Release package
+        run: ./gradlew githubRelease
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz
-          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz
-          asset_content_type: application/tar+gzip
-
-      - name: Upload signature file for source tarball
-        id: upload-signature-file-for-source-tarball
-        uses: actions/[email protected]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz.sig
-          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz.sig
-          asset_content_type: application/pgp-signature
+          RELEASE_GRADLE_PLUGIN_TOKEN: ${{ secrets.RELEASE_GRADLE_PLUGIN_TOKEN }}

.github/workflows/build_develop.yml

@@ -1,76 +1,43 @@
-name: Java CI with Maven
+name: Java CI with Gradle
 
 on:
   push:
     branches: [develop]
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
-      - name: maven-settings-xml-action
-        uses: whelk-io/maven-settings-xml-action@v22
-        with:
-          repositories: >
-            [
-              {
-                "id": "central",
-                "url": "https://repo1.maven.org/maven2"
-              },
-              {
-                "id": "github",
-                "url": "https://maven.pkg.github.com/bitwarden/sdk",
-                "releases": {
-                    "enabled": "true"
-                },
-                "snapshots": {
-                    "enabled": "true"
-                }
-              }
-            ]
-          servers: >
-            [
-              {
-                "id": "github",
-                "username": "${env.PACKAGES_USER}",
-                "password": "${env.PACKAGES_ACCESS_TOKEN}",
-                "configuration": {
-                  "httpConfiguration": {
-                    "all": {
-                      "usePreemptive": "true"
-                    }
-                  }
-                }
-              }
-            ]
-          profiles: >
-            [
-              {
-                "id": "github"
-              }
-            ]
-          active_profiles: >
-            [
-              "github"
-            ]
-          output_file: .m2/settings.xml
+
       - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '20'
-          cache: 'maven'
-          overwrite-settings: 'false'
-      - name: Set up GPG
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Import GPG key
         run: |
-          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+          echo "$GPG_SIGNING_KEY_PW" | gpg --batch --import --yes --passphrase-fd 0 <(echo -n "$GPG_SIGNING_KEY_B64" | base64 --decode)
         env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-      - name: Build with Maven
-        run: mvn -s ${{ github.workspace }}/.m2/settings.xml -B -Psign -Dgpg.passphrase=${GPG_PASSPHRASE} -Dtest=org.purejava.integrations.keychain.BitwardenAccessTest install --file pom.xml
+          GPG_SIGNING_KEY_B64: ${{ secrets.GPG_PRIVATE_KEY_B64 }}
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Setup GPG key information
+        run: |
+          mkdir -p ~/.gradle ~/.gnupg
+          echo "signing.gnupg.homeDir=/home/runner/.gnupg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.keyName=ABC48776" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.passphrase=${GPG_SIGNING_KEY_PW}" >> ~/.gradle/gradle.properties
+        env:
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Build package
+        run: ./gradlew clean build
         env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          PACKAGES_USER: ${{ secrets.PACKAGES_USER }}
-          PACKAGES_ACCESS_TOKEN: ${{ secrets.PACKAGES_ACCESS_TOKEN }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/codeql-analysis.init.gradle

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+allprojects {
+    tasks.withType(JavaCompile).configureEach {
+        outputs.doNotCacheIf("CodeQL scanning", { true })
+    }
+}