(groovy) branch master updated: GROOVY-10993: Add CycloneDX SBOM files

Sat, 15 Jun 2024 02:47:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

sunlan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git


The following commit(s) were added to refs/heads/master by this push:
     new ca93d95e44 GROOVY-10993: Add CycloneDX SBOM files
ca93d95e44 is described below

commit ca93d95e4401b21b70d58b2453cbede927f9779c
Author: Paul King <pa...@asert.com.au>
AuthorDate: Thu Jun 13 05:52:54 2024 +1000

    GROOVY-10993: Add CycloneDX SBOM files
---
 build-logic/build.gradle                             |  1 +
 .../org.apache.groovy-published-library.gradle       | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/build-logic/build.gradle b/build-logic/build.gradle
index 1cf36e6e56..2190c95e9b 100644
--- a/build-logic/build.gradle
+++ b/build-logic/build.gradle
@@ -33,6 +33,7 @@ dependencies {
     implementation 'org.nosphere.apache:creadur-rat-gradle:0.8.1'
     implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.7'
     implementation 'me.champeau.jmh:jmh-gradle-plugin:0.7.2'
+    implementation 'org.cyclonedx:cyclonedx-gradle-plugin:1.8.2'
 }
 
 tasks.withType(Jar).configureEach {
diff --git 
a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle 
b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
index c21e4b3396..230ae4086a 100644
--- a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
+++ b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
@@ -1,10 +1,12 @@
 import groovy.swing.SwingBuilder
+import org.gradle.api.publish.maven.MavenPublication
 
 plugins {
     id 'maven-publish'
     id 'signing'
     id 'org.apache.groovy-publish-validation'
     id 'org.apache.groovy-artifactory'
+    id 'org.cyclonedx.bom'
 }
 
 def componentName
@@ -16,6 +18,16 @@ if (pluginManager.hasPlugin('java-platform')) {
     componentName = 'groovyLibrary'
 }
 
+afterEvaluate {
+    def bomTask = tasks.cyclonedxBom
+    def bomFile = new File(bomTask.outputs.files.singleFile, 
"${bomTask.outputName.get()}.${bomTask.outputFormat.get()}")
+    def mavenPublish = extensions.findByName(PublishingExtension.NAME) as 
PublishingExtension
+    mavenPublish?.publications.each {
+        it.artifact(bomFile) { classifier = "cyclonedx" }
+    }
+    tasks.matching { it.group == PublishingExtension.NAME }.configureEach { 
dependsOn(bomTask) }
+}
+
 publishing {
     repositories {
         maven {
@@ -856,3 +868,11 @@ def promptUser(String prompt) {
     }
     response
 }
+
+cyclonedxBom {
+    includeConfigs = ['runtimeClasspath']
+    skipConfigs = ['compileClasspath', 'testCompileClasspath', 'detached.*']
+    outputName = "cyclonedx"
+    outputFormat = 'json'
+    includeLicenseText = false
+}

Reply via email to