This is an automated email from the ASF dual-hosted git repository.
paulk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git
The following commit(s) were added to refs/heads/master by this push:
new acace2e399 CycloneDX 2.4.0 (build dependency)
acace2e399 is described below
commit acace2e399cb96c20cde38b804882ead15ea5482
Author: Eric Milles <[email protected]>
AuthorDate: Thu Sep 18 12:38:46 2025 -0500
CycloneDX 2.4.0 (build dependency)
---
build-logic/build.gradle | 2 +-
.../org.apache.groovy-published-library.gradle | 35 +++++++++++-----------
gradle/verification-metadata.xml | 11 -------
3 files changed, 19 insertions(+), 29 deletions(-)
diff --git a/build-logic/build.gradle b/build-logic/build.gradle
index 857be2414e..3ba08cd365 100644
--- a/build-logic/build.gradle
+++ b/build-logic/build.gradle
@@ -33,7 +33,7 @@ dependencies {
implementation 'org.nosphere.apache:creadur-rat-gradle:0.8.1'
implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.2.4'
implementation 'me.champeau.jmh:jmh-gradle-plugin:0.7.2'
- implementation 'org.cyclonedx:cyclonedx-gradle-plugin:1.10.0'
+ implementation 'org.cyclonedx:cyclonedx-gradle-plugin:2.4.0'
implementation 'org.apache.maven:maven-core:3.9.11'
}
diff --git
a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
index eef00341f3..cccb53c6a6 100644
--- a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
+++ b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
@@ -17,10 +17,10 @@ if (pluginManager.hasPlugin('java-platform')) {
afterEvaluate {
def bomTask = tasks.cyclonedxBom
- def bomFile = new File(bomTask.outputs.files.singleFile,
"${bomTask.outputName.get()}.${bomTask.outputFormat.get()}")
+ def bomFile = file(bomTask.jsonOutput.get())
def mavenPublish = extensions.findByName(PublishingExtension.NAME) as
PublishingExtension
mavenPublish?.publications.each {
- it.artifact(bomFile) { classifier = "cyclonedx" }
+ it.artifact(bomFile) { classifier = 'cyclonedx' }
}
tasks.matching { it.group == PublishingExtension.NAME }.configureEach {
dependsOn(bomTask) }
}
@@ -28,11 +28,11 @@ afterEvaluate {
publishing {
repositories {
maven {
- name = "LocalFile"
- url =
rootProject.layout.buildDirectory.dir("repo").get().asFile.absolutePath
+ name = 'LocalFile'
+ url =
rootProject.layout.buildDirectory.dir('repo').get().asFile.absolutePath
}
maven {
- name = "Apache"
+ name = 'Apache'
url = findProperty('groovyVersion').contains('SNAPSHOT')
?
'https://repository.apache.org/content/repositories/snapshots'
:
'https://repository.apache.org/service/local/staging/deploy/maven2'
@@ -808,8 +808,8 @@ gradle.taskGraph.whenReady { taskGraph ->
if (sharedConfiguration.signing.shouldSign(gradle.taskGraph)) {
// Use Java 6's console or Swing to read input (not suitable for CI)
if (!sharedConfiguration.signing.hasAllKeyDetails()) {
- printf "\n\nWe have to sign some things in this build." +
- "\n\nPlease enter your signing details.\n\n"
+ printf '\n\nWe have to sign some things in this build.' +
+ '\n\nPlease enter your signing details.\n\n'
System.out.flush()
if (!sharedConfiguration.signing.keyId.present) {
@@ -823,23 +823,22 @@ gradle.taskGraph.whenReady { taskGraph ->
}
allprojects {
- project.properties.put("signing.keyId",
sharedConfiguration.signing.keyId.get())
- project.properties.put("signing.secretKeyRingFile",
sharedConfiguration.signing.secretKeyRingFile.get())
- project.properties.put("signing.password",
sharedConfiguration.signing.password.get())
+ project.properties.put('signing.keyId',
sharedConfiguration.signing.keyId.get())
+ project.properties.put('signing.secretKeyRingFile',
sharedConfiguration.signing.secretKeyRingFile.get())
+ project.properties.put('signing.password',
sharedConfiguration.signing.password.get())
}
- printf "\nThanks.\n\n"
+ printf '\nThanks.\n\n'
System.out.flush()
}
}
}
-def promptUser(String prompt) {
+String promptUser(String prompt) {
def response = ''
if (System.console() != null) {
- response = new String(System.console().readPassword("\n$prompt: "))
+ response = String.valueOf(System.console().readPassword("\n$prompt: "))
}
-
if (!response) {
throw new InvalidUserDataException("Null response detected!")
}
@@ -848,9 +847,11 @@ def promptUser(String prompt) {
cyclonedxBom {
includeConfigs = ['runtimeClasspath']
- skipConfigs = ['compileClasspath', 'testCompileClasspath', 'detached.*']
- outputName = "cyclonedx"
- outputFormat = 'json'
+ skipConfigs = ['compileClasspath', 'detached.*', 'test.*']
+
includeLicenseText = false
includeMetadataResolution = false
+
+ xmlOutput.unsetConvention()
+ jsonOutput.set(file("build/reports/cyclonedx/${project.name}.json"))
}
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 157bc70d9e..7083cbd473 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -1320,17 +1320,6 @@
<pgp value="851264C36365D4FF9427625F38362FD5CFA2668B"/>
</artifact>
</component>
- <component group="org.cyclonedx" name="cyclonedx-core-java"
version="9.0.5">
- <artifact name="cyclonedx-core-java-9.0.5.jar">
- <pgp value="5D283C23D9D9DC2D9C2130E6AADF2C18DCF95764"/>
- <sha512
value="f1bfda4b731415cb8aee80305f649e21ba325b9595035f73fa6d13358bbc21685089b616300042c66b5860d92b1025bb2ed190f8106a437ed9a613dfce5b5204"
origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
- </artifact>
- </component>
- <component group="org.cyclonedx" name="cyclonedx-gradle-plugin"
version="1.10.0">
- <artifact name="cyclonedx-gradle-plugin-1.10.0.jar">
- <sha512
value="2632a17252f6a0ea7efd2531a61bdf2fff865b77162b1087d14f108f4df95a232886a72ad4f5f1f940c8993d7ee6ce5256398d8cd74b5a0d51ea8e80df183322"
origin="Generated by Gradle" reason="Artifact is not signed"/>
- </artifact>
- </component>
<component group="org.dom4j" name="dom4j" version="2.2.0">
<artifact name="dom4j-2.2.0.jar">
<pgp value="8F9A3C6D105B9F57844A721D79E193516BE7998F"/>
