diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f5568426..aa9671eb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,7 +19,8 @@ jobs: build: strategy: matrix: - java-version: [11, 17] + # sigstore-java still supports Java 11, however, we test it with conformance-tests only + java-version: [17, 21] fail-fast: false concurrency: @@ -39,10 +40,10 @@ jobs: - name: Set up JDK ${{ matrix.java-version }} uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: - # We need Java 17 for the build, so we install it always + # We need Java 21 for the build, so we install it always java-version: | ${{ matrix.java-version }} - 17 + 21 distribution: 'temurin' - name: Setup Go environment uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 @@ -62,9 +63,9 @@ jobs: - name: Ensure sigstore-java self signing still works if: ${{ !github.event.pull_request.head.repo.fork }} - run: ./gradlew sigstore-java:publishToMavenLocal -Prelease -PskipPgpSigning + run: ./gradlew -Porg.gradle.java.installations.auto-download=false sigstore-java:publishToMavenLocal -Prelease -PskipPgpSigning - name: Test sigstore-java/sandbox run: | cd sandbox - ./gradlew build + ./gradlew -Porg.gradle.java.installations.auto-download=false build diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 8df3e461..245c22a0 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -13,7 +13,7 @@ jobs: strategy: max-parallel: 1 matrix: - java-version: [11, 17] + java-version: [11, 17, 21] sigstore-env: [production, staging] fail-fast: false @@ -30,21 +30,21 @@ jobs: with: persist-credentials: false - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - name: Build sigstore-java cli and server jar - run: ./gradlew :sigstore-cli:serverShadowJar - + run: ./gradlew -Porg.gradle.java.installations.auto-download=false :sigstore-cli:serverShadowJar + - name: Start test server in background run: java -jar ${{ github.workspace }}/sigstore-cli/build/libs/sigstore-cli-server-all.jar & - + - name: Wait for server to be ready run: curl --retry-connrefused --retry 10 --retry-delay 1 --fail http://localhost:8080/ diff --git a/.github/workflows/examples.yaml b/.github/workflows/examples.yaml index 29c627eb..0c479d05 100644 --- a/.github/workflows/examples.yaml +++ b/.github/workflows/examples.yaml @@ -72,14 +72,14 @@ jobs: - name: Setup Java uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - name: install sigstore java development jars into mavenLocal - run: ./gradlew publishToMavenLocal -Prelease -PskipSigning + run: ./gradlew -Porg.gradle.java.installations.auto-download=false publishToMavenLocal -Prelease -PskipSigning - name: calculate development version id: dev_version diff --git a/.github/workflows/release-sigstore-gradle-plugin-from-tag.yaml b/.github/workflows/release-sigstore-gradle-plugin-from-tag.yaml index fc2514fa..887d6ce6 100644 --- a/.github/workflows/release-sigstore-gradle-plugin-from-tag.yaml +++ b/.github/workflows/release-sigstore-gradle-plugin-from-tag.yaml @@ -47,10 +47,10 @@ jobs: with: persist-credentials: false - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - name: Setup Gradle @@ -58,7 +58,7 @@ jobs: - name: Build, Sign and Release to Gradle Plugin Portal run: | - ./gradlew publishPlugins -Prelease -Pgradle.publish.key=$GRADLE_PUBLISH_KEY -Pgradle.publish.secret=$GRADLE_PUBLISH_SECRET + ./gradlew -Porg.gradle.java.installations.auto-download=false publishPlugins -Prelease -Pgradle.publish.key=$GRADLE_PUBLISH_KEY -Pgradle.publish.secret=$GRADLE_PUBLISH_SECRET env: ORG_GRADLE_PROJECT_signingKey: ${{ secrets.PGP_PRIVATE_KEY }} ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.PGP_PASSPHRASE }} diff --git a/.github/workflows/release-sigstore-java-from-tag.yaml b/.github/workflows/release-sigstore-java-from-tag.yaml index 5866079c..5bc0a600 100644 --- a/.github/workflows/release-sigstore-java-from-tag.yaml +++ b/.github/workflows/release-sigstore-java-from-tag.yaml @@ -48,10 +48,10 @@ jobs: with: persist-credentials: false - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - name: Setup Gradle @@ -59,7 +59,7 @@ jobs: - name: Build, Sign and Release to Maven Central run: | - ./gradlew clean :sigstore-java:publishMavenJavaPublicationToSonatypeRepository :sigstore-maven-plugin:publishMavenJavaPublicationToSonatypeRepository -Prelease + ./gradlew -Porg.gradle.java.installations.auto-download=false clean :sigstore-java:publishMavenJavaPublicationToSonatypeRepository :sigstore-maven-plugin:publishMavenJavaPublicationToSonatypeRepository -Prelease env: ORG_GRADLE_PROJECT_signingKey: ${{ secrets.PGP_PRIVATE_KEY }} ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.PGP_PASSPHRASE }} diff --git a/.github/workflows/tuf-conformance.yml b/.github/workflows/tuf-conformance.yml index 180efe16..8220d496 100644 --- a/.github/workflows/tuf-conformance.yml +++ b/.github/workflows/tuf-conformance.yml @@ -12,7 +12,7 @@ jobs: strategy: max-parallel: 1 matrix: - java-version: [11, 17] + java-version: [11, 17, 21] fail-fast: false concurrency: @@ -28,17 +28,17 @@ jobs: with: persist-credentials: false - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - name: Build tuf cli - run: ./gradlew :tuf-cli:build + run: ./gradlew -Porg.gradle.java.installations.auto-download=false :tuf-cli:build - name: Unpack tuf distribution run: tar -xvf ${{ github.workspace }}/tuf-cli/build/distributions/tuf-cli-*.tar --strip-components 1 diff --git a/build-logic/build-parameters/build.gradle.kts b/build-logic/build-parameters/build.gradle.kts index 2f337056..94f41681 100644 --- a/build-logic/build-parameters/build.gradle.kts +++ b/build-logic/build-parameters/build.gradle.kts @@ -14,7 +14,7 @@ buildParameters { } val projectName = "sigstore-java" integer("jdkBuildVersion") { - defaultValue.set(17) + defaultValue.set(21) mandatory.set(true) description.set("JDK version to use for building $projectName. If the value is 0, then the current Java is used. (see https://docs.gradle.org/8.4/userguide/toolchains.html#sec:consuming)") } diff --git a/settings.gradle.kts b/settings.gradle.kts index 48d85287..e451e5f3 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -1,5 +1,14 @@ +plugins { + id("org.gradle.toolchains.foojay-resolver-convention") version "1.0.0" +} + rootProject.name = "sigstore-java-root" +if (JavaVersion.current() < JavaVersion.VERSION_21) { + throw UnsupportedOperationException("Please use Java 21+ for launching Gradle when building ${rootProject.name}, the current Java is ${JavaVersion.current().majorVersion}. " + + "If you want to execute tests with a different Java version, use -PjdkTestVersion=${JavaVersion.current().majorVersion}") +} + includeBuild("build-logic-commons") includeBuild("build-logic")