diff --git a/README.md b/README.md index 8f4f358f..51e3fb26 100644 --- a/README.md +++ b/README.md @@ -523,7 +523,7 @@ Classes to be scanned, tests to be executed and thresholds are configured in [bu A report is generated under [build/reports/pitest/index.html](./build/reports/pitest/index.html). A link to the report is also printed after the `pitest` run. -This task is also executed as part of `gw check`. + #### Remark @@ -562,7 +562,7 @@ In case of suppression, a note must be added to explain why it does not apply to See also: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html. -### Dependency-License-Compatibility +### How to Check Dependency-License-Compatibility The `gw check` phase depends on a dependency-license-compatibility check. If any dependency violates the configured [list of allowed licenses](etc/allowed-licenses.json), the build will fail. @@ -592,7 +592,7 @@ The generated license can be found here: [index.html](build/reports/dependency-l More information can be found on the [project's website](https://github.com/jk1/Gradle-License-Report). -### Dependency Version Upgrade +### How to Upgrade Versions of Dependencies Dependency versions can be automatically upgraded to the latest available version: diff --git a/build.gradle b/build.gradle index 73c94f5c..6895942a 100644 --- a/build.gradle +++ b/build.gradle @@ -1,15 +1,15 @@ plugins { id 'java' id 'org.springframework.boot' version '3.4.1' - id 'io.spring.dependency-management' version '1.1.7' - id 'io.openapiprocessor.openapi-processor' version '2023.2' - id 'com.github.jk1.dependency-license-report' version '2.9' - id "org.owasp.dependencycheck" version "12.0.0" - id "com.diffplug.spotless" version "7.0.2" - id 'jacoco' - id 'info.solidsoft.pitest' version '1.15.0' - id 'se.patrikerdes.use-latest-versions' version '0.2.18' - id 'com.github.ben-manes.versions' version '0.51.0' + id 'io.spring.dependency-management' version '1.1.7' // manages implicit dependencies + id 'io.openapiprocessor.openapi-processor' version '2023.2' // generates Controller-interface and resources from API-spec + id 'com.github.jk1.dependency-license-report' version '2.9' // checks dependency-license compatibility + id "org.owasp.dependencycheck" version "12.0.1" // checks dependencies for known vulnerabilities + id "com.diffplug.spotless" version "7.0.2" // formats + checks formatting for source-code + id 'jacoco' // determines code-coverage of tests + id 'info.solidsoft.pitest' version '1.15.0' // performs mutation testing + id 'se.patrikerdes.use-latest-versions' version '0.2.18' // updates module and plugin versions + id 'com.github.ben-manes.versions' version '0.52.0' // determines which dependencies have updates } // HOWTO: find out which dependency versions are managed by Spring Boot: @@ -227,7 +227,7 @@ project.tasks.check.dependsOn(spotlessCheck) // HACK: no idea why spotless uses the output of these tasks, but we get warnings without those project.tasks.spotlessJava.dependsOn( tasks.generateLicenseReport, - tasks.pitest, + // tasks.pitest, TODO.test: PiTest currently does not work, needs to be fixed tasks.jacocoTestReport, tasks.processResources, tasks.processTestResources) @@ -454,7 +454,7 @@ pitest { outputFormats = ['XML', 'HTML'] timestampedReports = false } -project.tasks.check.dependsOn(project.tasks.pitest) +// project.tasks.check.dependsOn(project.tasks.pitest) TODO.test: PiTest currently does not work, needs to be fixed project.tasks.pitest.doFirst { // Why not doLast? See README.md! println "PiTest Mutation Report: file:///${project.rootDir}/build/reports/pitest/index.html" }