zec
/
secant-android-wallet
mirror of https://github.com/zcash/secant-android-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[#8] Restrict maven repositories 

This improves security by ensuring that Google's dependencies only from the Google Maven repo.

A dependency on Jitpack has also been removed.
This commit is contained in:
Carter Jernigan 2021-10-19 13:52:50 -04:00 committed by Carter Jernigan
parent f3c425e68a
commit 7d305dc953
7 changed files with 95 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
build-conventions/settings.gradle.kts
View File

@ -1,14 +1,32 @@
pluginManagement {
repositories {
gradlePluginPortal()
}
}
@Suppress("UnstableApiUsage")
dependencyResolutionManagement {
repositories {
mavenCentral()
google()
val isRepoRestrictionEnabled = true
maven("https://dl.google.com/dl/android/maven2/") { //google()
if (isRepoRestrictionEnabled) {
content {
includeGroup("androidx.navigation")
includeGroup("com.android.tools")
includeGroup("com.google.testing.platform")
includeGroupByRegex("androidx.*")
includeGroupByRegex("com\\.android.*")
includeGroupByRegex("com\\.android\\.tools.*")
}
}
}
maven("https://repo.maven.apache.org/maven2/") { // mavenCentral()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("androidx.navigation")
excludeGroup("com.android.tools")
excludeGroup("com.google.testing.platform")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
excludeGroupByRegex("com\\.android\\.tools.*")
}
}
}
}
}

44
build.gradle.kts
View File

@ -1,11 +1,43 @@
import org.gradle.internal.impldep.org.junit.experimental.categories.Categories.CategoryFilter.exclude
buildscript {
repositories {
google()
mavenCentral()
maven("https://jitpack.io")
gradlePluginPortal()
val isRepoRestrictionEnabled = true
maven("https://dl.google.com/dl/android/maven2/") { //google()
if (isRepoRestrictionEnabled) {
content {
includeGroup("androidx.navigation")
includeGroup("com.android.tools")
includeGroup("com.google.testing.platform")
includeGroupByRegex("androidx.*")
includeGroupByRegex("com\\.android.*")
includeGroupByRegex("com\\.android\\.tools.*")
}
}
}
maven("https://plugins.gradle.org/m2/") { // gradlePluginPortal()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("androidx.navigation")
excludeGroup("com.android.tools")
excludeGroup("com.google.testing.platform")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
excludeGroupByRegex("com\\.android\\.tools.*")
}
}
}
maven("https://repo.maven.apache.org/maven2/") { // mavenCentral()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("androidx.navigation")
excludeGroup("com.android.tools")
excludeGroup("com.google.testing.platform")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
excludeGroupByRegex("com\\.android\\.tools.*")
}
}
}
}
dependencies {
classpath("com.android.tools.build:gradle:${properties["ANDROID_GRADLE_PLUGIN_VERSION"]}")

7
docs/Architecture.md
View File

@ -6,6 +6,7 @@ _Note: This document will continue to be updated as the app is implemented._
* Much of the Gradle configuration lives in [build-conventions](../build-conventions/) to prevent repetitive configuration as additional modules are added to the project
* Build scripts are written in Kotlin, so that a single language is used across build and the app code bases
* Only Gradle, Google, and JetBrains plug-ins are included in the critical path. Third party plug-ins can be used, but they're outside the critical path. For example, the Gradle Versions Plugin could be removed and wouldn't negative impact building, testing, or deploying the app
* Repository restrictions are enabled in [build-conventions](../build-conventions/settings.gradle.kts), [settings.gradle.kts](../settings.gradle.kts), and [build.gradle.kts](../build.gradle.kts) to reduce likelihood of pulling in an incorrect dependency. If adding a new dependency, these restrictions may need to be changed otherwise an error that the dependency cannot be found will be displayed
# Multiplatform
While this repository is for an Android application, efforts are made to give multiplatform flexibility in the future. Specific adaptions that are being made:
@ -26,6 +27,6 @@ The logical components of the app are implemented as a number of Gradle modules.
* build-info-lib — Collects information from the build environment (e.g. Git SHA, Git commit count) and compiles them into the application. Can also be used for injection of API keys or other secrets.
* ui-lib — User interface that the user interacts with. This contains 99% of the UI code, along with localizations, icons, and other assets.
* preference
* preference-api-lib — Multiplatform interfaces for key-value storage of preferences
* preference-impl-android-lib — Android-specific implementation for preference storage
* test-lib — Provides common test utilities
* preference-api-lib — Multiplatform interfaces for key-value storage of preferences.
* preference-impl-android-lib — Android-specific implementation for preference storage.
* test-lib — Provides common test utilities.

1
docs/Setup.md
View File

@ -34,6 +34,7 @@ Start by making sure the command line with Gradle works first, because **all the
3. Run Gradle with the argument `--rerun-tasks` which will effectively disable the build cache by re-running tasks and repopulating the cache. E.g. `./gradlew assemble --rerun-tasks`
4. Reboot your computer, which will ensure that Gradle and Kotlin daemons are completely killed and relaunched
5. Delete the global Gradle cache under `~/.gradle/caches`
6. If adding a new dependency or updating a dependency, a warning that a dependency cannot be found may indicate the Maven repository restrictions need adjusting
## Gradle Tasks
A variety of Gradle tasks are set up within the project, and these tasks are also accessible in Android Studio as run configurations.

2
gradle.properties
View File

@ -47,7 +47,7 @@ ANDROID_NDK_VERSION=23.0.7599858
ANDROID_GRADLE_PLUGIN_VERSION=7.0.3
DETEKT_VERSION=1.18.1
GRADLE_VERSIONS_PLUGIN_VERSION=0.38.0
GRADLE_VERSIONS_PLUGIN_VERSION=0.39.0
KTLINT_VERSION=0.42.1
JGIT_VERSION=5.12.0.202106070339-r

32
settings.gradle.kts
View File

@ -2,11 +2,6 @@ enableFeaturePreview("VERSION_CATALOGS")
enableFeaturePreview("TYPESAFE_PROJECT_ACCESSORS")
pluginManagement {
repositories {
gradlePluginPortal()
google()
}
plugins {
val detektVersion = extra["DETEKT_VERSION"].toString()
val gradleVersionsPluginVersion = extra["GRADLE_VERSIONS_PLUGIN_VERSION"].toString()
@ -22,9 +17,30 @@ pluginManagement {
dependencyResolutionManagement {
@Suppress("UnstableApiUsage")
repositories {
google()
mavenCentral()
maven("https://jitpack.io")
val isRepoRestrictionEnabled = true
maven("https://dl.google.com/dl/android/maven2/") { // google()
if (isRepoRestrictionEnabled) {
content {
includeGroup("android.arch.lifecycle")
includeGroup("android.arch.core")
includeGroup("com.google.android.material")
includeGroupByRegex("androidx.*")
includeGroupByRegex("com\\.android.*")
}
}
}
maven("https://repo.maven.apache.org/maven2/") { // mavenCentral()
if (isRepoRestrictionEnabled) {
content {
excludeGroup("android.arch.lifecycle")
excludeGroup("android.arch.core")
excludeGroup("com.google.android.material")
excludeGroupByRegex("androidx.*")
excludeGroupByRegex("com\\.android.*")
}
}
}
}
@Suppress("UnstableApiUsage", "MaxLineLength")