info.offthecob.platform:bom

Release 1.0.17

Bill of Materials (BOM) for info.offthecob.platform

Homepage Maven Groovy Download

License
MIT

Documentation

Offthecob Platform

This project contains a series of best practices around managing dependencies and building code for the JVM. For examples of this ecosystem, check out the Offthecob Platform Examples repository.

Catalog

Produces an artifact containing the library versions maintained in gradle/libs.versions.toml. This artifact can be used downstream in other projects with the gradle versionsCatalog API. Essentially the catalog helps keep the list of approved libraries maintained in one place. Inside settings.gradle.kts:

dependencyResolutionManagement {
    repositories {
        mavenCentral()
    }
    versionCatalogs {
        create("libs") {
            from("info.offthecob.platform:catalog:1.0.9")
        }
    }
}

Plugins

A list of best practices around dependency locking, linting, and other build best practices. This subproject also allows me to do all the things I do in every project in one place, cleaning up the downstream consumer’s gradle files.

If a version catalog exists with the following version definitions, the plugins below will use those version instead of the defaults.

  • kotlin manages the version of the kotlin toolchain.
  • dgs the version of Netflix DGS BOM to expose to the dependency management plugin.
  • spring-boot the version of Spring Boot BOM to expose to the dependency management plugin.

Settings

This plugin auto imports submodules, adds foojay for gradle 9 toolchain api support, and updates the submodule gradle file naming.

/build.gradle.kts
/settings.gradle.kts
/my-service/my-service.gradle.kts
/my-library/my-library.gradle.kts

Add the following to the top of the settings.gradle.kts file:

plugins {
    id("info.offthecob.Settings") version "1.0.9"
}

Using the Settings plugin with other plugins in this system

If a project uses settings and other info.offthecob plugins, the version only needs to be declared on the settings plugin, because once the jar is in the classpath, gradle will implicitly know to use it. Declaring the version in more than one place could also lead to built time conflicts.

Base

This plugin contains a bunch of best practices around how to build projects for the JVM. This includes dependency locking by default, kotlin support, groovy support (for testing), wiring up the junit platform, null away, and linting.

The Base plugin also offers a task to help update lock files: ./gradlew resolveAndLockAll --write-locks

plugins {
    id("info.offthecob.Base")
}

Library

This includes everything in base, but enables the java-library plugin, adding the API configuration as well as the jar task

plugins {
    id("info.offthecob.Library")
}

Service

Similar to library, where it is based on the base plugin, but this plugin adds jib (a java native container builder).

plugins {
    id("info.offthecob.Service")
}

Spring Service

This uses everything in Service, but also adds the Spring special sauce. Specifically, it adds the spring-boot, dependency-management and kotlin-spring plugins into scope, and customizes them with best practices. It also applies the jib extension for Spring.

plugins {
    id("info.offthecob.SpringService")
}

Development

./gradlew check

Releasing

When doing a GitHub release for this project, plugins are pushed to the gradle plugin portal, and other artifacts are published to the SonaType OSSRH staging server. To complete the release to maven central:

  • Login to the nexus repository manager
  • Find the staging repositories section
  • Find the latest staging repository object
  • Verify it has the expected items in it
  • “close” the repository (making it available to release)
  • Finally, click the “release” button

Notes on Maven Central signing

Generate subkey:

gpg --edit-key KEY_ID
gpg> addkey
Secret parts of primary key are stored on-card.
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
  (10) ECC (sign only)
  (12) ECC (encrypt only)
  (14) Existing key from card
Your selection? 10
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y

Export the public key:

gpg --armor --export KEY_ID

Upload to the Open PGP Key Server, and update github actions secrets.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
7
Latest release
First release
Stars
0
Forks
0
Watchers
4
Contributors
2
Repository size
275 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.17
1.0.16
1.0.15
1.0.14
1.0.13
1.0.12
1.0.11

Contributors

whodevil dependabot[bot]


See all contributors

Login to resync this project