From 5b982351cfa4874b9f4f4a0003d192268e6649d0 Mon Sep 17 00:00:00 2001
From: micronaut-build <65172877+micronaut-build@users.noreply.github.com>
Date: Thu, 9 Jan 2025 15:12:45 +0100
Subject: [PATCH] Sonatype Scan Gradle Plugin (#639)

https://github.com/sonatype-nexus-community/scan-gradle-plugin
---
 .github/workflows/gradle.yml                          |  7 +++++++
 buildSrc/build.gradle                                 |  1 +
 .../io.micronaut.build.internal.flyway-module.gradle  | 11 +++++++++++
 gradle/libs.versions.toml                             |  2 ++
 4 files changed, 21 insertions(+)

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 571e79a2..32d879ad 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -30,6 +30,8 @@ jobs:
       PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
+      OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}
     steps:
        # https://github.com/actions/virtual-environments/issues/709
       - name: "🗑 Free disk space"
@@ -58,6 +60,11 @@ jobs:
         run: |
           [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
 
+      - name: "🚔 Sonatype Scan"
+        id: sonatypescan
+        run: |
+          ./gradlew ossIndexAudit --no-parallel --info
+
       - name: "🛠 Build with Gradle"
         id: gradle
         run: |
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 21e3c454..2fdd54a0 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -9,4 +9,5 @@ repositories {
 
 dependencies {
     implementation libs.gradle.micronaut
+    implementation(libs.sonatype.scan)
 }
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.flyway-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.flyway-module.gradle
index 27b81134..3b419163 100644
--- a/buildSrc/src/main/groovy/io.micronaut.build.internal.flyway-module.gradle
+++ b/buildSrc/src/main/groovy/io.micronaut.build.internal.flyway-module.gradle
@@ -1,4 +1,15 @@
 plugins {
     id 'io.micronaut.build.internal.flyway-base'
     id 'io.micronaut.build.internal.module'
+    id("org.sonatype.gradle.plugins.scan")
+}
+String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"]
+String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"]
+boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null
+if (sonatypePluginConfigured) {
+    ossIndexAudit {
+        username = ossIndexUsername
+        password = ossIndexPassword
+        excludeCompileOnly = true
+    }
 }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 16a47e5e..b554f0e2 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -16,6 +16,7 @@ graal-svm = "23.1.5"
 persistence-api = '2.2'
 groovy = "4.0.17"
 spock = "2.3-groovy-4.0"
+sonatype-scan = "3.0.0"
 
 [libraries]
 # Core
@@ -38,3 +39,4 @@ gradle-micronaut = { module = "io.micronaut.gradle:micronaut-gradle-plugin", ver
 persistence-api = { module = 'javax.persistence:javax.persistence-api', version.ref = 'persistence-api'}
 
 test-containers-spock = { module = "org.testcontainers:spock" }
+sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }