This is an automated email from the ASF dual-hosted git repository. sunlan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/groovy.git
The following commit(s) were added to refs/heads/master by this push: new ca93d95e44 GROOVY-10993: Add CycloneDX SBOM files ca93d95e44 is described below commit ca93d95e4401b21b70d58b2453cbede927f9779c Author: Paul King <pa...@asert.com.au> AuthorDate: Thu Jun 13 05:52:54 2024 +1000 GROOVY-10993: Add CycloneDX SBOM files --- build-logic/build.gradle | 1 + .../org.apache.groovy-published-library.gradle | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/build-logic/build.gradle b/build-logic/build.gradle index 1cf36e6e56..2190c95e9b 100644 --- a/build-logic/build.gradle +++ b/build-logic/build.gradle @@ -33,6 +33,7 @@ dependencies { implementation 'org.nosphere.apache:creadur-rat-gradle:0.8.1' implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.7' implementation 'me.champeau.jmh:jmh-gradle-plugin:0.7.2' + implementation 'org.cyclonedx:cyclonedx-gradle-plugin:1.8.2' } tasks.withType(Jar).configureEach { diff --git a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle index c21e4b3396..230ae4086a 100644 --- a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle +++ b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle @@ -1,10 +1,12 @@ import groovy.swing.SwingBuilder +import org.gradle.api.publish.maven.MavenPublication plugins { id 'maven-publish' id 'signing' id 'org.apache.groovy-publish-validation' id 'org.apache.groovy-artifactory' + id 'org.cyclonedx.bom' } def componentName @@ -16,6 +18,16 @@ if (pluginManager.hasPlugin('java-platform')) { componentName = 'groovyLibrary' } +afterEvaluate { + def bomTask = tasks.cyclonedxBom + def bomFile = new File(bomTask.outputs.files.singleFile, "${bomTask.outputName.get()}.${bomTask.outputFormat.get()}") + def mavenPublish = extensions.findByName(PublishingExtension.NAME) as PublishingExtension + mavenPublish?.publications.each { + it.artifact(bomFile) { classifier = "cyclonedx" } + } + tasks.matching { it.group == PublishingExtension.NAME }.configureEach { dependsOn(bomTask) } +} + publishing { repositories { maven { @@ -856,3 +868,11 @@ def promptUser(String prompt) { } response } + +cyclonedxBom { + includeConfigs = ['runtimeClasspath'] + skipConfigs = ['compileClasspath', 'testCompileClasspath', 'detached.*'] + outputName = "cyclonedx" + outputFormat = 'json' + includeLicenseText = false +}