Configure credentials for ossindex (#58)

kaklakariada · dependabot[bot] · web-flow · commit afa5f088f448 · 2025-10-26T13:53:35.000+01:00
* Bump gradle/actions from 4 to 5 Bumps [gradle/actions](https://github.com/gradle/actions) from 4 to 5. - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@v4...v5) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/github-script from 7 to 8 Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Configure credentials for ossindex * Add changelog entry * Fix broken link * Don't fail build for missing ossindex credentials --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kaklakariada <kaklakariada@users.noreply.github.com>
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -38,7 +38,7 @@ jobs:
         java-version: ${{ matrix.java }}
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Cache SonarQube packages
       uses: actions/cache@v4
@@ -49,6 +49,10 @@ jobs:
 
     - name: Build with Java ${{ matrix.java }}
       run: ./gradlew build --info --warning-mode all -PjavaVersion=${{ matrix.java }}
+      env:
+        ORG_GRADLE_PROJECT_ossIndexUsername: ${{ secrets.OSSINDEX_USERNAME }}
+        ORG_GRADLE_PROJECT_ossIndexToken: ${{ secrets.OSSINDEX_TOKEN }}
+
 
     - name: Sonar analysis
       if: ${{ env.DEFAULT_JAVA == matrix.java && env.SONAR_TOKEN != null }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -26,7 +26,7 @@ jobs:
 
       - name: Fail if not running on main branch
         if: ${{ github.ref != 'refs/heads/main' }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main')
@@ -37,7 +37,7 @@ jobs:
           java-version: 17
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
 
       - name: Build
         run: ./gradlew build --warning-mode all
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- [PR #58](https://github.com/itsallcode/openfasttrace-gradle/pull/58)
+  - Upgrade dependencies
+  - Specify credentials for OssIndex
+
 ## [3.1.0] - 2025-08-03
 
 - [PR #51](https://github.com/itsallcode/openfasttrace-gradle/pull/51) (Thanks to [@koppor](https://github.com/koppor) for his contribution!)
diff --git a/README.md b/README.md
@@ -183,6 +183,15 @@ To use `openfasttrace` from source during development:
 
 ### Check dependencies for vulnerabilities
 
+Get token for OssIndex from [ossindex.sonatype.org](https://ossindex.sonatype.org/) and add it to `~/.gradle/gradle.properties`:
+
+```properties
+ossIndexUsername = <user>
+ossIndexToken    = <token>
+```
+
+Then run
+
 ```sh
 ./gradlew ossIndexAudit
 ```
diff --git a/build.gradle b/build.gradle
@@ -2,11 +2,11 @@ plugins {
     id 'java-gradle-plugin'
     id 'jacoco'
     id 'signing'
-    id 'com.gradle.plugin-publish' version '1.3.1'
-    id 'org.sonarqube' version '6.2.0.5505'
+    id 'com.gradle.plugin-publish' version '2.0.0'
+    id 'org.sonarqube' version '7.0.1.6134'
     id 'pl.droidsonroids.jacoco.testkit' version '1.0.12'
-    id 'com.github.ben-manes.versions' version '0.52.0'
-    id 'org.sonatype.gradle.plugins.scan' version '3.1.2'
+    id 'com.github.ben-manes.versions' version '0.53.0'
+    id 'org.sonatype.gradle.plugins.scan' version '3.1.4'
 }
 
 repositories {
@@ -21,7 +21,7 @@ group = 'org.itsallcode'
 ext {
     gradlePluginId = 'org.itsallcode.openfasttrace'
     oftVersion = '4.2.0'
-    junitVersion = '5.13.4'
+    junitVersion = '6.0.0'
     if (project.hasProperty('oftSourceDir')) {
         oftSourceDir = file(project.oftSourceDir)
         useOftSources = oftSourceDir.exists()
@@ -170,6 +170,10 @@ tasks.named("dependencyUpdates").configure {
 }
 
 ossIndexAudit {
+  if(project.hasProperty("ossIndexUsername") && project.hasProperty("ossIndexToken")) {
+    username = findProperty("ossIndexUsername")
+    password = findProperty("ossIndexToken")
+  }
   allConfigurations = false
   useCache = true
   excludeVulnerabilityIds = []
