{"id":15201827,"url":"https://github.com/tomasbjerre/gradle-scripts","last_synced_at":"2026-01-14T03:01:47.599Z","repository":{"id":53848519,"uuid":"112837336","full_name":"tomasbjerre/gradle-scripts","owner":"tomasbjerre","description":"Releasing to Maven Central, Changelog generation, version management with conventional commits... a highly configurable shared Gradle script.","archived":true,"fork":false,"pushed_at":"2024-09-29T09:13:35.000Z","size":485,"stargazers_count":13,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-28T20:42:25.517Z","etag":null,"topics":["gradle","gradle-script"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomasbjerre.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-12-02T11:39:44.000Z","updated_at":"2024-09-29T09:14:27.000Z","dependencies_parsed_at":"2023-11-10T04:41:57.500Z","dependency_job_id":"e0e50548-a77a-4f68-8a48-f420c56d11f4","html_url":"https://github.com/tomasbjerre/gradle-scripts","commit_stats":null,"previous_names":[],"tags_count":165,"template":false,"template_full_name":null,"purl":"pkg:github/tomasbjerre/gradle-scripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fgradle-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fgradle-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fgradle-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fgradle-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomasbjerre","download_url":"https://codeload.github.com/tomasbjerre/gradle-scripts/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fgradle-scripts/sbom","scorecard":{"id":892017,"data":{"date":"2025-08-11","repo":{"name":"github.com/tomasbjerre/gradle-scripts","commit":"abe70176c064c45d108b6a592ee7dd88f1da7e95"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/gradle-ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-ci.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/tomasbjerre/gradle-scripts/gradle-ci.yml/master?enable=pin","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}}]},"last_synced_at":"2025-08-24T12:13:33.454Z","repository_id":53848519,"created_at":"2025-08-24T12:13:33.454Z","updated_at":"2025-08-24T12:13:33.454Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408800,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gradle","gradle-script"],"created_at":"2024-09-28T03:41:17.232Z","updated_at":"2026-01-14T03:01:47.577Z","avatar_url":"https://github.com/tomasbjerre.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"This functionality moved to:\n\n- \u003chttps://github.com/tomasbjerre/java-convention-gradle-plugin\u003e\n- \u003chttps://github.com/tomasbjerre/update-versions-gradle-plugin\u003e\n- \u003chttps://github.com/tomasbjerre/conventional-release-gradle-plugin\u003e\n\n# Gradle Scripts\n\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/se.bjurr.gradle/gradle-scripts/badge.svg)](https://search.maven.org/artifact/se.bjurr.gradle/gradle-scripts)\n\nThis is a gradle script, written in a highly configurable way, much like I've [blogged about in Jenkins](https://www.jenkins.io/blog/2020/10/21/a-sustainable-pattern-with-shared-library/). It contains a bunch of features that I use in my Gradle projects.\n\nExample usage can be found in:\n\n- [Git Changelog Lib](https://github.com/tomasbjerre/git-changelog-lib/blob/master/build.gradle)\n- [Git Changelog Command Line](https://github.com/tomasbjerre/git-changelog-command-line/blob/master/build.gradle)\n- [Violations Lib](https://github.com/tomasbjerre/violations-lib/blob/master/build.gradle)\n- [Violations Gradle Plugin](https://github.com/tomasbjerre/violations-gradle-plugin/blob/master/build.gradle)\n\n## How does it work?\n\nIt packages a `jar`. Uploads it to a Maven repository. Users can add the `jar` to their classpath and apply the `main.gradle` script from that `jar`.\n\nThe behaviour of the script is highly configurable by supplying a `project.ext.buildConfig`. The given config will be merged with the [defaultConfig](src/main/resources/main.gradle).\n\n```groovy\napply plugin: 'java-library'\n\nbuildscript {\n repositories {\n  mavenCentral()\n  mavenLocal()\n }\n dependencies {\n  classpath 'se.bjurr.gradle:gradle-scripts:2.+'\n }\n}\nproject.ext.buildConfig = [\n  // Your can supply a given config here, a subset of defaultConfig.\n]\napply from: project.buildscript.classLoader.getResource('main.gradle').toURI()\n```\n\n## Features\n\nMissing something? Pull requests are welcome =)\n\nAll configuration options are documented in the [defaultConfig](src/main/resources/main.gradle).\n\n\u003c!-- start default config --\u003e\n```groovy\n\ndef defaultConfig = [\n  /**\n   * \"DEFAULT\" - Works for most Java projects.\n   * \"GRADLE\" - A Gradle plugin.\n   * \"COMMAND\" - Runnable JAR, distributed in Central and NPM.\n   */\n  repoType: \"DEFAULT\",\n  sourceCompatibility: 17,\n  targetCompatibility: 17,\n  staticCodeAnalysis: [\n    /**\n    * Maximum number of violations to accept from static code analysis.\n    */\n    maxViolations: 9999,\n  ],\n  publishing: [\n    website: 'https://github.com/tomasbjerre/' + project.name,\n    vcsUrl: 'https://github.com/tomasbjerre/'+project.name,\n    licenseName: 'The Apache Software License, Version 2.0',\n    licenseUrl: 'http://www.apache.org/licenses/LICENSE-2.0.txt',\n    developerId: 'tomasbjerre',\n    developerName: 'Tomas Bjerre',\n    developerEmail: 'tomas.bjerre85@gmail.com',\n    /**\n    * If using PasswordCredentials and repository name \"nexus\", you will\n    * need to supply username/password properties named \"nexusUsername\"\n    * and \"nexusPassword\". Perhaps in ~/.gradle/gradle.properties\n    */\n    mavenRepositoryName: \"nexus\",\n    mavenRepositoryUrl: 'https://oss.sonatype.org/service/local/staging/deploy/maven2/',\n    /**\n     * true, if you want the repository in Nexus to be closed and pomoted to Release.\n     */\n    nexusCloseAndRelease: true,\n    /**\n    * If using signing you will need to supply signing properties.\n    * Perhaps in ~/.gradle/gradle.properties\n    * https://docs.gradle.org/current/userguide/signing_plugin.html\n    */\n    sign: true,\n    /**\n    * If not empty: creates a fat jar with relocated packages.\n    * Example: [ \"com.google\", \"a.b:se.bjurr.a.b\" ]\n    * Will make up a relocation target for \"com.google\" and will use \"se.bjurr.a.b\" as target for \"a.b\".\n    */\n    relocate: [],\n  ],\n  gradlePlugin: [\n    tags: []\n  ],\n  changelog: [\n    enabled: true,\n    githubTokenEnvVariableName: 'GITHUB_OAUTH2TOKEN',\n    githubOrganization: 'tomasbjerre',\n    jiraIssuePattern: \"\\\\bJENKINS-([0-9]+)\\\\b\",\n    ignoreCommitsIfMessageMatches: \"^\\\\[maven-release-plugin\\\\].*|^\\\\[Gradle Release Plugin\\\\].*|^Merge.*|.*\\\\[GRADLE SCRIPT\\\\].*\"\n  ],\n  violations: [\n    /**\n     * Update README.md with table of parsers and reporters.\n     */\n    updateReadme: false\n  ],\n  manifest: [\n    mainClass: ''\n  ],\n  /**\n   * Will be configured if they exist.\n   */\n  generatedSourceFolders: [\n    \"src/gen/java\",\n    \"src/generated/java\"\n  ],\n  formattingExcludedPatterns: [\n    \"**/gen/**\",\n    \"**/generated/**\"\n  ],\n  /**\n   * Will be configured if they exist.\n   */\n  extraTestSourceFolders: [\n    \"src/test/generated\"\n  ],\n  /**\n   * Used as \"from\" in jar if it exists. Can be used to do annotation processing.\n   */\n  jarResourcesFolder: 'src/jar/resources'\n]\n\n```\n\u003c!-- end default config --\u003e\n\n### Publishing releases\n\nIt can:\n\n- Step version\n- Package release\n- Sign release\n- Publish release to repository (like Nexus or Maven Central)\n- Create a changelog\n- Commit/tag/push to Git\n- Close and promote release in Nexus\n\nWith:\n\n```sh\n./gradlew releasePatch\n./gradlew releaseMinor\n./gradlew releaseMajor\n```\n\nOr by relying on [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) and just doing:\n\n```sh\n./gradlew release\n```\n\n### Static code analysis\n\nIt has `Spotbugs` configured in combination with [Violations Gradle Plugin](https://github.com/tomasbjerre/violations-gradle-plugin). Any violations will be printed nicely in the build log. And build can optionally be failed based on number of violations.\n\n### Other features\n\n- Automated changelog\n- Code formatting, with Google Java Format.\n- Shadowing, producing fat-jar\n- Signing artifacts with PGP\n- ...\n\n## Requirements\n\nGradle wrapper can be downloaded with:\n\n```sh\ncat \u003e gradle/wrapper/gradle-wrapper.properties \u003c\u003c EOL\ndistributionBase=GRADLE_USER_HOME\ndistributionPath=wrapper/dists\ndistributionUrl=https\\://services.gradle.org/distributions/gradle-8.6-bin.zip\nnetworkTimeout=10000\nzipStoreBase=GRADLE_USER_HOME\nzipStorePath=wrapper/dists\nEOL\n\n./gradlew wrapper \\\n --gradle-version=8.6 \\\n --distribution-type=bin\n```\n\nIn many cases you can just run the `gradlew wrapper` task. But there are cases where this does not work. On such case is if you are using Java version X and the current wrapper only support version Y, the current wrapper cannot run. Se example error below:\n\n```sh\n$ java -version\n\nopenjdk version \"21.0.2\" 2024-01-16\nOpenJDK Runtime Environment (build 21.0.2+13-Ubuntu-122.04.1)\nOpenJDK 64-Bit Server VM (build 21.0.2+13-Ubuntu-122.04.1, mixed mode, sharing)\n```\n\n```sh\n$ ./gradlew wrapper --gradle-version=8.6 --distribution-type=bin\n\nDownloading https://X/distributions/gradle-6.8.3-bin.zip\n\n...\n\nFAILURE: Build failed with an exception.\n\n* Where:\nBuild file 'X/build.gradle'\n\n* What went wrong:\nCould not compile build file 'X/build.gradle'.\n\u003e startup failed:\n  General error during semantic analysis: Unsupported class file major version 65\n\n  java.lang.IllegalArgumentException: Unsupported class file major version 65\n        at groovyjarjarasm.asm.ClassReader.\u003cinit\u003e(ClassReader.java:196)\n```\n\n## Developer instructions\n\nYou can fiddle with the script localy by installning it with:\n\n```sh\n./gradlew publishToMavenLocal -Pversion=latest-SNAPSHOT\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fgradle-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomasbjerre%2Fgradle-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fgradle-scripts/lists"}