Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
gradle-semantic-release-plugin
Advanced tools
Yet another gradle-semantic-release-plugin that invokes Gradle wrapper script to release.
To apply this semantic-release plugin, you need to fulfill the following preconditions:
gradle.properties
(not by build.gradle
nor build.gradle.kts
)../gradlew
.Follow install guide and CI configuration guide described in the semantic-release official document.
To manage version of toolset, we recommend you to have a package.json
in your project root directory. Manage both of semantic-release
and its plugins as devDependencies
.
Refer the spotbugs-gradle-plugin project as a working example.
@semantic-release/git
This plugin updates gradle.properties
to bump up project version. If you want to keep the version in this file updated, configure @semantic-release/git
to commit changes. You can configure your package.json
like below:
"release": {
"plugins": [
"gradle-semantic-release-plugin",
[
"@semantic-release/git",
{
"assets": [
"gradle.properties"
]
}
]
]
},
Users can specify an API key and secret by supplying the following environment variables:
GRADLE_PUBLISH_KEY=my-key
-Pgradle.publish.key=my-key
GRADLE_PUBLISH_SECRET=my-secret
-Pgradle.publish.secret=my-secret
Possible usage in build.gradle.kts
publishing {
repositories {
maven {
name = "OrgRepo"
url = uri("https://maven.pkg.github.com/org/repo")
credentials {
username = project.properties["gradle.publish.key"].toString()
password = project.properties["gradle.publish.secret"].toString()
}
}
}
}
That is a Gradle plugin implemented by Java. It can use Gradle's feature and ecosystem. However, it emulates semantic-release
and cannot use other semantic-release plugin at the same time.
Our plugin is a semantic-release plugin. It can work with other plugin implemented on node.js, but it just invokes Gradle and cannot handle so complex requirements by own.
Copyright (c) 2019-2024 Kengo TODA
FAQs
Automated release management for Gradle project
The npm package gradle-semantic-release-plugin receives a total of 5,298 weekly downloads. As such, gradle-semantic-release-plugin popularity was classified as popular.
We found that gradle-semantic-release-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.