Java Starter

Getting a new Java and Gradle project off the ground quickly.

---

Table of contents

• Features
• Prerequisites
• Verifications
• Formatting
• Security Checks
• License Checks
  • Generate License Report
  • Validate Licences
• Commits
  • Types
• Release new version

Features

The following are included in this repository:

• Provides lint, OWASP dependency checking, and Gradle setup for Java projects.
• Contains GitHub action Workflows for writing code and performing security audits.
• Manages Java patches and GitHub actions via Dependabot.
• Generate and validate licenses reports for dependencies.
• Updates the Gradle wrapper using gradle-update/update-gradle-wrapper-action

  [!NOTE]
  If you are facing Error: Github Actions is not permitted to create pull request., then please check GitHub action permission settings.

• To implement automatic version management, use conventional commits.

  [!NOTE]
  You need to create the following pull request labels to make sure patch management works properly

  • dependabot
  • dependencies
  • java
  • github-actions
  • gradle

Prerequisites

• Java 17

Verifications

To run all the verifications:

./gradlew clean check

Formatting

This project uses the following tools to follow specific style guide

• spotless for Java files

To run format:

./gradlew spotlessJavaApply

Security Checks

This project uses the following tools to find security vulnerabilities

• org.owasp.dependencycheck to find vulnerable dependencies

To run OWASP dependency check:

./gradlew clean dependencyCheckAnalyze

License Checks

This project uses com.github.jk1.dependency-license-report to validate licenses for dependencies.

Generate License Report

To generate license report:

./gradlew generateLicenseReport

Validate Licences

To validate licenses for dependencies:

./gradlew checkLicense

Note

Allowed licenses are present at allowedLicence.json.

Commits

This repository follows Conventional Commits. Therefor whenever you are committing the changes make sure to use proper type.

Types

• feat for a new feature for the user, not a new feature for build script. Such commit will trigger a release bumping a MINOR version.
• fix for a bug fix for the user, not a fix to a build script. Such commit will trigger a release bumping a PATCH version.
• chore for Update something without impacting the user (ex: bump a dependency in package.json).
• perf for performance improvements. Such commit will trigger a release bumping a PATCH version.
• docs for changes to the documentation.
• style for formatting changes, missing semicolons, etc.
• refactor for refactoring production code, e.g. renaming a variable.
• test for adding missing tests, refactoring tests; no production code change.
• build for updating build configuration, development tools or other changes irrelevant to the user.

Note

Add ! just after type to indicate breaking changes

Release new version

To publish a new version to GitHub Packages follow the following steps:

• Create a new release version by running following command

./gradlew tag -Prelease -Dmessage="$(git log -1 --format=%s)"

• Push the newly created tag to GitHub

git push origin "$(git describe --tags)"

Note

We are following semantic versioning strategy using io.alcide:gradle-semantic-build-versioning plugin