From 1eb9e2f3b85b5700add919dc31b63ded67c9d684 Mon Sep 17 00:00:00 2001
From: Baron Roberts <baron@cthing.com>
Date: Fri, 1 Mar 2024 23:22:58 -0800
Subject: [PATCH] Add dependency analysis plugin.

---
 CHANGELOG.md              |  9 +++++++++
 build.gradle.kts          | 18 +++++++++++++++++-
 gradle/libs.versions.toml |  1 +
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f30772..4b44440 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+### Added
+
+- [Dependency analysis Gradle plugin](https://github.com/autonomousapps/dependency-analysis-gradle-plugin)
+- The `check` task now depends on the `buildHealth` task and will fail the build on health violations
+
+### Changed
+
+- Changed JSR-305 dependency from `implementation` to `api`
+
 ## [2.0.1] - 2023-12-23
 
 ### Added
diff --git a/build.gradle.kts b/build.gradle.kts
index ff09bee..ccf67aa 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -13,6 +13,7 @@ plugins {
     jacoco
     `maven-publish`
     signing
+    alias(libs.plugins.dependencyAnalysis)
     alias(libs.plugins.spotbugs)
     alias(libs.plugins.versions)
 }
@@ -33,8 +34,9 @@ java {
 }
 
 dependencies {
+    api(libs.jsr305)
+
     implementation(libs.cthingAnnots)
-    implementation(libs.jsr305)
 
     testImplementation(libs.junitApi)
     testImplementation(libs.junitParams)
@@ -68,6 +70,16 @@ jacoco {
     toolVersion = libs.versions.jacoco.get()
 }
 
+dependencyAnalysis {
+    issues {
+        all {
+            onAny {
+                severity("fail")
+            }
+        }
+    }
+}
+
 fun isNonStable(version: String): Boolean {
     val stableKeyword = listOf("RELEASE", "FINAL", "GA").any { version.uppercase().contains(it) }
     val regex = "^[0-9,.v-]+(-r)?$".toRegex()
@@ -99,6 +111,10 @@ tasks {
         }
     }
 
+    check {
+        dependsOn(buildHealth)
+    }
+
     spotbugsMain {
         reports.create("html").required = true
     }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 0ec7c52..2eea002 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -7,6 +7,7 @@ junit = "5.10.2"
 spotbugs = "4.8.3"
 
 [plugins]
+dependencyAnalysis = { id = "com.autonomousapps.dependency-analysis", version = "1.30.0" }
 spotbugs = { id = "com.github.spotbugs", version = "6.0.7" }
 versions = { id = "com.github.ben-manes.versions", version = "0.51.0" }