Arconia CLI is a versatile tool designed to enhance the development experience with Spring Boot applications, providing intuitive commands for building, testing, and running projects. It streamlines common tasks, including upgrading Spring Boot applications to the latest version with a single command, and simplifies containerization using both Cloud Native Buildpacks and Dockerfiles.
Note
The Arconia CLI is currently in active development. We're working hard to improve it and appreciate your patience as we refine the tool. Feel free to try it out and share your feedback!
brew install arconia-io/tap/arconia-cliscoop bucket add arconia https://github.com/arconia-io/scoop-bucket.git
scoop install arconia-cliDownload the appropriate binary for your operating system from the latest Arconia CLI release. Then, follow the instructions below to install it on your system.
macOS and Linux
- Move the downloaded binary to a directory in your system PATH:
mv ~/Downloads/arconia-[version]-[os]/bin/ /usr/local/bin/- Make the binary executable:
chmod +x /usr/local/bin/arconiaWindows
Run the following commands in PowerShell with administrator privileges:
# Create a directory for Arconia CLI
New-Item -ItemType Directory -Path "$env:ProgramFiles\arconia-cli" -Force
# Move the executable to the new directory
Move-Item -Path "$env:USERPROFILE\Downloads\arconia-[version]-[os]\bin\arconia.exe" -Destination "$env:ProgramFiles\arconia-cli\arconia.exe"
# Add the new directory to the system PATH
$currentPath = [Environment]::GetEnvironmentVariable("Path", "Machine")
$newPath = "$currentPath;$env:ProgramFiles\arconia-cli"
[Environment]::SetEnvironmentVariable("Path", $newPath, "Machine")
# Refresh the current PowerShell session's PATH
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")To get started with Arconia CLI, you can view the available commands and options by running:
arconia helpThis will display a list of commands and their descriptions, helping you navigate the CLI's functionality.
AVAILABLE COMMANDS
Built-In Commands
help: Display help about available commands
version: Show version info
Development
build: Build the current project.
run: Run the application.
test: Run tests for the current project.
Image
image build buildpacks: Build a container image using Buildpacks.
image build dockerfile: Build a container image using Dockerfile.
Migration
update java: Update project to new Java version.
update gradle: Update project to new Gradle version.
update maven: Update project to new Maven version.
update spring-boot: Update project to new Spring Boot version.
All Arconia CLI release artifacts are signed with PGP. Follow these steps to verify the authenticity of the downloads.
- Download the Arconia public key and save it as
arconia.asc. - Verify the key fingerprint matches the following:
$ gpg --show-keys arconia.asc
pub ed25519 2024-01-16 [SC] [expires: 2026-01-15]
36DD645BC7818CF5C884DE8F2E64062497575B2D
uid Thomas Vitale (MavenCentral) <oss@************.io>
sub cv25519 2024-01-16 [E] [expires: 2026-01-15]- Import the public key into your GPG keyring:
$ gpg --import arconia.asc- Download the Arconia CLI binary archive and its corresponding signature file from the desired release For example:
arconia-cli-0.0.1-SNAPSHOT-linux-amd64.ziparconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip.asc.
- Verify the signature against the downloaded binary:
$ gpg --verify arconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip.asc arconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip
gpg: Signature made Mar 17 Set 23:29:59 2024 CEST
gpg: using EDDSA key 2E64062497575B2D
gpg: Good signature from "Thomas Vitale (MavenCentral) <oss@************.io>" [ultimate]A successful verification will display "Good signature" in the output, confirming the authenticity and integrity of the downloaded binary.
Every Arconia CLI release includes SLSA provenance attestations for all release artifacts. Follow these steps to verify the provenance.
- Install the slsa-verifier tool
- Download the SLSA provenance attestation file from the desired release.
Example:
arconia-cli-0.0.1-SNAPSHOT.intoto.jsonl. - Download the corresponding Arconia CLI binary archive from the same release.
Example:
arconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip. - Use the slsa-verifier to verify the SLSA provenance attestation against the binary:
$ slsa-verifier verify-artifact arconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip \
--provenance-path arconia-cli-0.0.1-SNAPSHOT.intoto.jsonl \
--source-uri github.com/arconia-io/arconia-cliA successful verification will output a message similar to:
Verified signature against tlog entry index 131481633 at URL: https://rekor.sigstore.dev/api/v1/log/entries/108e9186e8c5677a1631335a14958734e5e0a00b4105b318339d4571b91a1ab8a8b2a90b1704d6d0
Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v2.0.0" at commit 10d734affc77f0f4d0f1087fe66bd7eeb3a61f8a
Verifying artifact arconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip: PASSED
PASSED: SLSA verification passed
This process ensures the authenticity and integrity of the Arconia CLI release artifacts.
Every Arconia CLI release includes a comprehensive CycloneDX Software Bill of Materials (SBOM) for all release artifacts. The SBOM provides a detailed inventory of components, libraries, and dependencies used in the Arconia CLI, enhancing transparency, security, and compliance efforts.
To access and review the SBOM for a specific release:
- Visit the Arconia CLI releases page on GitHub.
- Download the binary archive for your desired release and platform.
Example:
arconia-cli-0.0.1-SNAPSHOT-linux-amd64.zip. - Extract the contents of the archive to a local directory.
- Locate the file named
sbom.cdx.jsonwithin the extracted directory. This JSON file contains the comprehensive SBOM for the release.
You can use various SBOM analysis tools to examine the sbom.cdx.json file and gain valuable insights into the components and dependencies of the Arconia CLI. Some recommended tools include:
- OWASP Dependency-Track: An intelligent component analysis platform that allows you to identify and reduce risk in your software supply chain.
- Trivy: A comprehensive and versatile security scanner for containers and other artifacts.
By reviewing the SBOM, you can better understand the composition of the Arconia CLI, identify potential vulnerabilities, and ensure compliance with licensing requirements.
- Java 23 (GraalVM)
To package the Arconia CLI as a native executable, run:
./gradlew nativeCompileThis command compiles the project and generates a standalone native executable. The resulting file will be located at build/native/nativeCompile/arconia.
You can run the CLI directly from its build location or install it system-wide for easier access. To install it globally on macOS or Linux:
sudo cp build/native/nativeCompile/arconia /usr/local/bin/arconiaThis command copies the executable to a directory typically included in the system PATH, making it accessible from anywhere in the terminal.
If you've installed the CLI globally, you can run it by simply typing:
arconia helpIf you haven't installed it globally, you'll need to specify the full path to the executable:
./build/native/nativeCompile/arconia helpReplace help with any other valid command or option to use different features of the CLI.
The security process for reporting vulnerabilities is described in SECURITY.md.
This project is licensed under the Apache License 2.0. See LICENSE for more information.
- This project is built upon Spring Shell, a powerful framework for creating CLI applications, and compiled to a native executable using GraalVM.
- The release and distribution process is managed via JReleaser.
- Thanks to the Quarkus CLI for leading the way in how to design exceptional developer experiences.