Migrate the build system from Maven to Gradle

Author: purejava

.github/dependabot.yml

@@ -1,28 +1,12 @@
 version: 2
 updates:
-  - package-ecosystem: "maven"
+  - package-ecosystem: "gradle"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "saturday"
       time: "06:00"
       timezone: "Etc/UTC"
-    groups:
-      java-test-dependencies:
-        patterns:
-          - "org.junit.jupiter:*"
-      maven-build-plugins:
-        patterns:
-          - "org.apache.maven.plugins:*"
-          - "org.sonatype.plugins:*"
-      java-production-dependencies:
-        patterns:
-          - "*"
-        exclude-patterns:
-          - "org.openjfx:*"
-          - "org.apache.maven.plugins:*"
-          - "org.junit.jupiter:*"
-          - "org.sonatype.plugins:*"
 
   - package-ecosystem: "github-actions"
     directory: "/" # even for `.github/workflows`
@@ -31,4 +15,4 @@ updates:
     groups:
       github-actions:
         patterns:
-          - "*"
+          - "*"

.github/workflows/build_and_release_github.yml

@@ -10,130 +10,42 @@ jobs:
     name: createrelease
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-      - name: create release
-        id: create_release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
-          draft: true
-          prerelease: false
-      - name: Output Release URL File
-        run: echo "${{ steps.create_release.outputs.upload_url }}" > release_url.txt
-      - name: Save Release URL file for publish
-        uses: actions/upload-artifact@v4
-        with:
-          name: release_url
-          path: release_url.txt
-      - uses: little-core-labs/[email protected]
-        id: tagName
-      - name: Output git tag
-        run: echo "${{ steps.tagName.outputs.tag }}" > git_tag.txt
-      - name: Save git tag file for publish
-        uses: actions/upload-artifact@v4
-        with:
-          name: git_tag
-          path: git_tag.txt
-
-
-  build_and_upload:
-    needs: createrelease
-    name: build_and_upload
-    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
-          cache: 'maven'
-      - name: Set up GPG
-        run: |
-          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-      - name: Build with Maven
-        run: mvn -B -Psign -Dgpg.passphrase=${GPG_PASSPHRASE} -Dtest=org.purejava.integrations.keychain.KeePassXCAccessTest install --file pom.xml
-        env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Load Release URL File from release job
-        uses: actions/download-artifact@v4
-        with:
-          name: release_url
-      - name: Get Release File Name & Upload URL
-        id: get_release_info
-        run: |
-          value=`cat release_url.txt`
-          echo ::set-output name=upload_url::$value
-      - name: Load git tag from release job
-        uses: actions/download-artifact@v4
-        with:
-          name: git_tag
-      - name: Get git tag info
-        id: get_tag_info
-        run: |
-          value=`cat git_tag.txt`
-          echo ::set-output name=git_tag::$value
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
 
-      - name: Sign uber jar with key 5BFB2076ABC48776
+      - name: Import GPG key
         run: |
-          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 5BFB2076ABC48776 --detach-sign ./target/keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.jar
-        env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-      - name: Sign source tarball with key 5BFB2076ABC48776
-        if: startsWith(github.ref, 'refs/tags/')
-        run: |
-          git archive --prefix="keepassxc-cryptomator-${{ github.ref_name }}/" -o "keepassxc-cryptomator-${{ github.ref_name }}.tar.gz" ${{ github.ref }}
-          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 5BFB2076ABC48776 --detach-sign keepassxc-cryptomator-*.tar.gz
-        env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-
-      - name: Upload uber jar
-        id: upload-release-asset
-        uses: actions/[email protected]
+          echo "$GPG_SIGNING_KEY_PW" | gpg --batch --import --yes --passphrase-fd 0 <(echo -n "$GPG_SIGNING_KEY_B64" | base64 --decode)
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./target/keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.jar
-          asset_name: keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.jar
-          asset_content_type: application/java-archive
+          GPG_SIGNING_KEY_B64: ${{ secrets.GPG_PRIVATE_KEY_B64 }}
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Upload signature file for uber jar
-        id: upload-signature-file-for-uber-jar
-        uses: actions/[email protected]
+      - name: Setup GPG key information
+        run: |
+          mkdir -p ~/.gradle ~/.gnupg
+          echo "signing.gnupg.homeDir=/home/runner/.gnupg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.keyName=ABC48776" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.passphrase=${GPG_SIGNING_KEY_PW}" >> ~/.gradle/gradle.properties
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./target/keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.jar.sig
-          asset_name: keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.jar.sig
-          asset_content_type: application/pgp-signature
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Upload tarball
-        id: upload-release-asset-2
-        uses: actions/[email protected]
+      - name: Build package
+        run: ./gradlew clean build
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz
-          asset_name: keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz
-          asset_content_type: application/tar+gzip
+          GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Upload signature file for source tarball
-        id: upload-signature-file-for-source-tarball
-        uses: actions/[email protected]
+      - name: Release package
+        run: ./gradlew githubRelease
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
-          asset_path: ./keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz.sig
-          asset_name: keepassxc-cryptomator-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz.sig
-          asset_content_type: application/pgp-signature
+          GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/build_develop.yml

@@ -6,22 +6,38 @@ on:
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
-          cache: 'maven'
-      - name: Set up GPG
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Import GPG key
         run: |
-          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+          echo "$GPG_SIGNING_KEY_PW" | gpg --batch --import --yes --passphrase-fd 0 <(echo -n "$GPG_SIGNING_KEY_B64" | base64 --decode)
         env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-      - name: Build with Maven
-        run: mvn -B -Psign -Dgpg.passphrase=${GPG_PASSPHRASE} -Dtest=org.purejava.integrations.keychain.KeePassXCAccessTest install --file pom.xml
+          GPG_SIGNING_KEY_B64: ${{ secrets.GPG_PRIVATE_KEY_B64 }}
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Setup GPG key information
+        run: |
+          mkdir -p ~/.gradle ~/.gnupg
+          echo "signing.gnupg.homeDir=/home/runner/.gnupg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.keyName=ABC48776" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.passphrase=${GPG_SIGNING_KEY_PW}" >> ~/.gradle/gradle.properties
+        env:
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Build package
+        run: ./gradlew clean build
         env:
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/codeql-analysis.init.gradle

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+allprojects {
+    tasks.withType(JavaCompile).configureEach {
+        outputs.doNotCacheIf("CodeQL scanning", { true })
+    }
+}

.github/workflows/codeql-analysis.yml

@@ -1,4 +1,3 @@
-
 name: "CodeQL"
 
 on:
@@ -7,32 +6,105 @@ on:
   pull_request:
     branches: [develop]
   schedule:
-    - cron: '0 8 * * 0'
+    - cron: '34 10 * * 4'
+
+permissions: {}
 
 jobs:
-  analyse:
-    name: Analyse
+  CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/analyze to upload SARIF results
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['java', 'javascript']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
     steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 2
-    - uses: actions/setup-java@v4
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      # Checkout must run before the caching key is computed using the `hashFiles` method
+
+    - name: Cache Gradle Modules
+      uses: actions/cache@v4
       with:
-        distribution: 'temurin'
-        java-version: '17'
-    - uses: actions/cache@v4
+        path: |
+          ~/.gradle/caches/modules-2/
+          ~/.gradle/caches/build-cache-1/
+          ~/.gradle/caches/signatures/
+          ~/.gradle/caches/keyrings/
+        key: ${{ runner.os }}-gradle-cache-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}
+        if: ${{ matrix.language == 'java' }}
+
+    - name: Disable checksum offloading
+      # See: https://github.com/actions/virtual-environments/issues/1187#issuecomment-686735760
+      run: sudo ethtool -K eth0 tx off rx off
+
+    # Install and setup JDK 17
+    - name: Setup JDK 17
+      uses: actions/setup-java@v4
       with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
+        distribution: temurin
+        java-version: 17
+
+    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
-        languages: java
-    - name: Build
-      run: mvn -B compile
+        languages: ${{ matrix.language }}
+        tools: latest
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    - name: Compile with Gradle with Build Scan
+      if: ${{ matrix.language == 'java' && github.repository_owner == 'gradle' }}
+      run: ./gradlew --init-script .github/workflows/codeql-analysis.init.gradle -DcacheNode=us -S testClasses -Dhttp.keepAlive=false
+      env:
+        # Set the DEVELOCITY_ACCESS_KEY so that Gradle Build Scans are generated
+        DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+        # Potential stop-gap solution for ReadTimeout issues with the Gradle Build Cache
+        # https://gradle.slack.com/archives/CHDLT99C6/p1636477584059200
+        GRADLE_OPTS: -Dhttp.keepAlive=false
+        ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
+        ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.GPG_PRIVATE_KEY_ID }}
+        ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
+
+    - name: Compile with Gradle without Build Scan
+      if: ${{ matrix.language == 'java' && github.repository_owner != 'gradle' }}
+      run: ./gradlew --init-script .github/workflows/codeql-analysis.init.gradle -S testClasses
+
+    - name: Cleanup Gradle Daemons
+      run: ./gradlew --stop
+      if: ${{ matrix.language == 'java' }}
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
+      with:
+        config-file: ./.github/codeql/codeql-config.yml
+
+    - name: Cleanup Gradle Cache
+      # Cleans up the Gradle caches before being cached
+      run: |
+        rm -f ~/.gradle/caches/modules-2/modules-2.lock
+        rm -f ~/.gradle/caches/modules-2/gc.properties
+      if: ${{ matrix.language == 'java' }}