jdaugherty commented on code in PR #15099:
URL: https://github.com/apache/grails-core/pull/15099#discussion_r2389160335
##########
gradle.properties:
##########
@@ -47,8 +47,8 @@ yakworksHibernateGroovyProxyVersion=1.1
# Build dependency versions not managed by BOMs
apacheRatVersion=0.8.1
gradleChecksumPluginVersion=1.4.0
-# note: the cyclonedx 3.0.0-alpha-1 still does not set the project correctly,
so we must use the older version
-gradleCycloneDxPluginVersion=2.4.0
+# note: the cyclonedx 3 requires Gradle 9
Review Comment:
Is this documented somewhere? I thought 3.x is intended to work with Gradle
8.x. The issue is it just didn't generate the correct output. They only
recently updated their project to Gradle 9 (in the last month), but I thought
it was still compatible? .
##########
gradle/sbom-config.gradle:
##########
@@ -33,83 +33,91 @@ import java.time.temporal.ChronoUnit
apply plugin: 'org.cyclonedx.bom'
-project.ext.setProperty('sbomOutputLocation',
project.layout.buildDirectory.file("${findProperty('pomArtifactId') ?:
project.name}-${projectVersion}-sbom.json"))
+ext {
+ sbomOutputLocation = layout.buildDirectory.file(
+ "${findProperty('pomArtifactId') ?:
name}-$projectVersion-sbom.json"
+ )
+}
-def sbomTask = tasks.named('cyclonedxBom', CycloneDxTask)
-sbomTask.configure { CycloneDxTask it ->
+tasks.withType(CycloneDxTask).configureEach {
Review Comment:
I thought in 2.4.x they reuse the same task definition and we should only be
configuring the cyclonedxBom task name?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
