[PR] GEODE-10481: Implement Plugin Foundation & Compatibility Validation [geode]

Tue, 30 Sep 2025 16:52:11 -0700 


sboorlagadda opened a new pull request, #7938:
URL: https://github.com/apache/geode/pull/7938

   This commit implements the foundation for SBOM generation in Apache Geode
   as part of the GEODE-10481 initiative. This is PR 1 of 15 in the planned 
   implementation sequence.
          
          Changes:
          - Add CycloneDX BOM plugin v1.8.2 to root build.gradle (apply false)
          - Implement validateGradleCompatibility task for version validation
          - Add comprehensive SBOM configuration structure (disabled by default)
          - Create test framework with Gradle TestKit integration
          - Add automated validation script for CI/testing
          Key Features:
          - Zero impact on existing builds (plugin not applied)
          - Validates Gradle 7.3.3+ and Java 8+ compatibility
          - Future-ready for Gradle 8.5+ and Java 21+
          - Comprehensive test coverage with SbomCompatibilityTest and 
SbomPluginIntegrationTest
          - Complete documentation in SBOM-PR1-README.md
          Safety:
          - All SBOM functionality disabled (sbomEnabled = false)
          - No functional changes to existing build processes
          - Easy rollback capability
          - Performance impact < 3 seconds
          This establishes the foundation for subsequent PRs:
          - PR 2: Context Detection & Environment Analysis
          - PR 3: Basic SBOM Generation
          - PRs 4-15: Advanced features and enterprise integration
          Tested: All tests pass, no regressions detected
          Documentation: Complete implementation guide included (and want to 
also maintain a log in `proposal/GEODE-10481/pr-log`
   
   <!-- Thank you for submitting a contribution to Apache Geode. -->
   
   <!-- In order to streamline review of your contribution we ask that you
   ensure you've taken the following steps. -->
   
   ### For all changes, please confirm:
   - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in 
the commit message?
   - [ ] Has your PR been rebased against the latest commit within the target 
branch (typically `develop`)?
   - [ ] Is your initial contribution a single, squashed commit?
   - [ ] Does `gradlew build` run cleanly?
   - [ ] Have you written or updated unit tests to verify your changes?
   - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to