feat: No functional changes

feat: Update dependencies

feat: Update build & release process

feat: Releases are now automatically published to GitHub Releases page

Author: rsenden

.github/workflows/build-dev-release.yml

@@ -0,0 +1,65 @@
+on: 
+  push: 
+    branches:
+      - '**'
+
+env:
+  DIST_DIR: ${{ github.workspace }}/build/dist
+
+name: Build development release
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v2
+      
+      - name: Define development release info
+        if: startsWith(github.ref, 'refs/heads/')
+        run: |
+          branch="${GITHUB_REF#refs/heads/}"
+          tag="dev_${branch//[^a-zA-Z0-9_.-]/.}" # Replace all special characters by a dot
+          echo DO_BUILD=true >> $GITHUB_ENV # We always want to do a build if we're building a branch
+          echo BRANCH=${branch} >> $GITHUB_ENV
+          echo RELEASE_TAG=${tag} >> $GITHUB_ENV
+          
+          if git ls-remote --exit-code origin refs/tags/${tag} >/dev/null 2>&1; then
+            echo "Found tag ${tag}, development release will be published"
+            echo DO_RELEASE=true >> $GITHUB_ENV
+          else 
+            echo "Tag ${tag} does not exist, no development release will be published"
+          fi
+          
+      - name: Build development release
+        if: env.DO_BUILD
+        run: ./gradlew dist distThirdParty
+        
+      - name: Publish build artifacts
+        if: env.DO_BUILD
+        uses: actions/upload-artifact@v2
+        with:
+          name: build_artifacts
+          path: ${{ env.DIST_DIR }}
+          
+      - name: Update development release tag
+        uses: richardsimko/update-tag@v1
+        if: env.DO_RELEASE
+        with:
+          tag_name: ${{ env.RELEASE_TAG }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+        
+      - name: Create pre-release
+        if: env.DO_RELEASE
+        run: |
+          files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
+          gh release delete ${{ env.RELEASE_TAG }} -y || true
+          gh release create ${{ env.RELEASE_TAG }} -p -t "Development Release - ${{ env.BRANCH }} branch" -n 'See `Assets` section below for latest build artifacts' ${files}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+          
+      
+          
+      
+
+      

.github/workflows/build-prod-release.yml

@@ -0,0 +1,48 @@
+on:
+  push:
+    branches:
+      - main
+      
+env:
+  DIST_DIR: ${{ github.workspace }}/build/dist
+      
+name: Build production release
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v2
+      
+      - name: Generate and process release PR
+        id: release_please
+        uses: GoogleCloudPlatform/release-please-action@v2
+        with:
+          release-type: simple
+          package-name: ${{ github.event.repository.name }}
+          
+      - name: Define production release info
+        if: steps.release_please.outputs.release_created
+        run: |
+          tag=${{steps.release_please.outputs.tag_name}}
+          version=${{steps.release_please.outputs.version}}
+          major=${{steps.release_please.outputs.major}}
+          minor=${{steps.release_please.outputs.minor}}
+          patch=${{steps.release_please.outputs.patch}}
+          echo DO_RELEASE=true >> $GITHUB_ENV
+          echo RELEASE_TAG=${tag} >> $GITHUB_ENV
+          echo RELEASE_VERSION=${version} >> $GITHUB_ENV
+          
+      - name: Build production release
+        if: env.DO_RELEASE
+        run: ./gradlew dist distThirdParty -Pversion=${{env.RELEASE_VERSION}}
+      
+      - name: Upload assets to release
+        if: env.DO_RELEASE
+        run: |
+          tag=${{ steps.release_please.outputs.tag_name }}
+          files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
+          gh release upload "${tag}" $files --clobber
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          

.travis.yml

@@ -30,13 +30,11 @@ This Fortify SSC parser plugin allows for importing scan results from OWASP Depe
 
 ### Related Links
 
-* **Downloads**:  
-  _Beta versions may be unstable or non-functional. The `*-thirdparty.zip` file is for informational purposes only and does not need to be downloaded._
-	* **Release versions**: https://bintray.com/package/files/fortify-ps/release/fortify-ssc-parser-owasp-dependency-check?order=desc&sort=fileLastModified&basePath=&tab=files  
-	* **Beta versions**: https://bintray.com/package/files/fortify-ps/beta/fortify-ssc-parser-owasp-dependency-check?order=desc&sort=fileLastModified&basePath=&tab=files
-	* **Sample input files**: [sampleData](sampleData)
+* **Downloads**: https://github.com/fortify-ps/fortify-ssc-parser-owasp-dependency-check/releases
+    * _Development releases may be unstable or non-functional. The `*-thirdparty.zip` file is for informational purposes only and does not need to be downloaded._
+* **Sample input files**: [sampleData](sampleData)
 * **GitHub**: https://github.com/fortify-ps/fortify-ssc-parser-owasp-dependency-check
-* **Automated builds**: https://travis-ci.com/fortify-ps/fortify-ssc-parser-owasp-dependency-check
+* **Automated builds**: https://github.com/fortify-ps/fortify-ssc-parser-owasp-dependency-check/actions
 * **OWASP Dependency Check website**: https://owasp.org/www-project-dependency-check/
 
 
@@ -98,8 +96,7 @@ SSC clients (FortifyClient, Maven plugin, ...):
 
 ## Developers
 
-The following sections provide information that may be useful for developers of this 
-parser plugin.
+The following sections provide information that may be useful for developers of this utility.
 
 ### IDE's
 
@@ -125,37 +122,16 @@ the main project directory.
 * Build: (plugin binary will be stored in `build/libs`)
 	* `./gradlew clean build`: Clean and build the project
 	* `./gradlew build`: Build the project without cleaning
-	* `./gradlew dist`: Build distribution zip
-* Version management:
-	* `./gradlew printProjectVersion`: Print the current version
-	* `./gradlew startSnapshotBranch -PnextVersion=2.0`: Start a new snapshot branch for an upcoming `2.0` version
-	* `./gradlew releaseSnapshot`: Merge the changes from the current branch to the master branch, and create release tag
+	* `./gradlew dist distThirdParty`: Build distribution zip and third-party information bundle
 * `./fortify-scan.sh`: Run a Fortify scan; requires Fortify SCA to be installed
 
-Note that the version management tasks operate only on the local repository; you will need to manually
-push any changes (including tags and branches) to the remote repository.
+### Automated Builds
 
-### Versioning
+This project uses GitHub Actions workflows to perform automated builds for both development and production releases. All pushes to the main branch qualify for building a production release. Commits on the main branch should use [Conventional Commit Messages](https://www.conventionalcommits.org/en/v1.0.0/); it is recommended to also use conventional commit messages on any other branches.
 
-The various version-related Gradle tasks assume the following versioning methodology:
+User-facing commits (features or fixes) on the main branch will trigger the [release-please-action](https://github.com/google-github-actions/release-please-action) to automatically create a pull request for publishing a release version. This pull request contains an automatically generated CHANGELOG.md together with a version.txt based on the conventional commit messages on the main branch. Merging such a pull request will automatically publish the production binaries and Docker images to the locations described in the [Related Links](#related-links) section.
 
-* The `master` branch is only used for creating tagged release versions
-* A branch named `<version>-SNAPSHOT` contains the current snapshot state for the upcoming release
-* Optionally, other branches can be used to develop individual features, perform bug fixes, ...
-	* However, note that the Gradle build may be unable to identify a correct version number for the project
-	* As such, only builds from tagged versions or from a `<version>-SNAPSHOT` branch should be published to a Maven repository
-
-### CI/CD
-
-Travis-CI builds are automatically triggered when there is any change in the project repository,
-for example due to pushing changes, or creating tags or branches. If applicable, binaries and related 
-artifacts are automatically published to Bintray using the `bintrayUpload` task:
-
-* Building a tagged version will result in corresponding release version artifacts to be published
-* Building a branch named `<version>-SNAPSHOT` will result in corresponding beta version artifacts to be published
-* No artifacts will be deployed for any other build, for example when Travis-CI builds the `master` branch
-
-See the [Related Links](#related-links) section for the relevant Travis-CI and Bintray links.
+Every push to a branch in the GitHub repository will also automatically trigger a development release to be built. By default, development releases are only published as build job artifacts. However, if a tag named `dev_<branch-name>` exists, then development releases are also published to the locations described in the [Related Links](#related-links) section. The `dev_<branch-name>` tag will be automatically updated to the commit that triggered the build.
 
 
 ## License
@@ -165,4 +141,5 @@ See [LICENSE.TXT](LICENSE.TXT)
 
 <x-insert text="-->"/>
 
-<x-include url="file:LICENSE.TXT"/>
+<x-include url="file:LICENSE.TXT"/>
+

README.md

@@ -1,35 +1,26 @@
 plugins {
-  id "io.freefair.lombok" version "4.1.2"
-  id "com.jfrog.bintray" version "1.8.4"
-  id 'org.ajoberstar.grgit' version "4.0.0"
-  id 'com.github.jk1.dependency-license-report' version '1.12'
-  id "org.kordamp.gradle.markdown" version "2.0.0"
+  id "io.freefair.lombok" version "5.3.0"
+  id 'com.github.jk1.dependency-license-report' version '1.16'
+  id "org.kordamp.gradle.markdown" version "2.2.0"
 }
 
 group 'com.fortify.ssc.parser.owasp.dependencycheck'
+ext.getVersion = {
+	def result = project.findProperty('version');
+	return result || result=='unspecified' ? new Date().format('0.yyyyMMdd.HHmmss') : result;
+}
+version = ext.getVersion();
+ext.sscParserPluginVersion = project.version
 
 ext {
-	gradleHelpersLocation = "https://raw.githubusercontent.com/fortify-ps/gradle-helpers/1.2"
+	gradleHelpersLocation = "https://raw.githubusercontent.com/fortify-ps/gradle-helpers/1.5"
 }
 
 apply from: "${gradleHelpersLocation}/repo-helper.gradle"
 apply from: "${gradleHelpersLocation}/junit-helper.gradle"
-apply from: "${gradleHelpersLocation}/version-helper.gradle"
 apply from: "${gradleHelpersLocation}/fortify-helper.gradle"
-
-// Project and plugin version based on SCM information
-version = getProjectVersionAsBetaOrRelease(true)
-ext {
-	sscParserPluginVersion = getProjectVersionAsPlainVersionNumber()
-	bintrayRepo = "${getBetaOrReleaseLabel()}"
-	bintrayPkgName = "${rootProject.name}"
-	bintrayDownloadContainerName = getProjectVersionAsBetaOrRelease(false)
-	projectLicense = 'MIT'
-}
-
 apply from: "${gradleHelpersLocation}/ssc-parser-plugin-helper.gradle"
 apply from: "${gradleHelpersLocation}/thirdparty-helper.gradle"
-apply from: "${gradleHelpersLocation}/bintray-binaries-helper.gradle"
 apply from: "${gradleHelpersLocation}/readme2html.gradle"
 
 apply plugin: 'java'
@@ -49,14 +40,14 @@ configurations.all {
 }
 
 dependencies {
-    compileExport(group: 'com.fortify.ssc.parser.util', name: 'json', version:'1.3', changing: false) { transitive = true }
+    implementationExport(group: 'com.fortify.ssc.parser.util', name: 'fortify-ssc-parser-util-json', version:'1.4', changing: false) { transitive = true }
 }
 
 task dist(type: Zip) {
 	dependsOn 'build', 'readme2html'
 	archiveFileName = "${rootProject.name}-${project.version}.zip"
 	destinationDirectory = file("$buildDir/dist")
-	from("${libsDir}") {
+	from("${buildDir}/${libsDirName}") {
 		include "${rootProject.name}-${project.version}.jar"
 	}
 	from "${buildDir}/html"
@@ -65,13 +56,3 @@ task dist(type: Zip) {
 		include "LICENSE.TXT"
 	}
 }
-
-bintray {
-    filesSpec {
-       from("${buildDir}/dist") {
-          include "*.zip"
-       }
-       into '.'
-    }
-}
-_bintrayRecordingCopy.dependsOn 'clean', 'dist', 'distThirdParty'

build.gradle

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.jar

@@ -82,6 +82,7 @@ esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
+
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ] ; then
     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
@@ -129,6 +130,7 @@ fi
 if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
     JAVACMD=`cygpath --unix "$JAVACMD"`
 
     # We build the pattern for arguments to be converted via cygpath
@@ -154,19 +156,19 @@ if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
         else
             eval `echo args$i`="\"$arg\""
         fi
-        i=$((i+1))
+        i=`expr $i + 1`
     done
     case $i in
-        (0) set -- ;;
-        (1) set -- "$args0" ;;
-        (2) set -- "$args0" "$args1" ;;
-        (3) set -- "$args0" "$args1" "$args2" ;;
-        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
     esac
 fi
 
@@ -175,14 +177,9 @@ save () {
     for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
     echo " "
 }
-APP_ARGS=$(save "$@")
+APP_ARGS=`save "$@"`
 
 # Collect all arguments for the java command, following the shell quoting and substitution rules
 eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
 
-# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
-  cd "$(dirname "$0")"
-fi
-
 exec "$JAVACMD" "$@"