This is an automated email from the ASF dual-hosted git repository. emilles pushed a commit to branch cyclonedx2 in repository https://gitbox.apache.org/repos/asf/groovy.git
commit f1961ab982d9539c2d854f27cb855047d5fb9776 Author: Eric Milles <[email protected]> AuthorDate: Thu Sep 18 12:38:46 2025 -0500 CycloneDX 2.4.0 (build dependency) --- build-logic/build.gradle | 2 +- .../org.apache.groovy-published-library.gradle | 35 +++++++++++----------- gradle/verification-metadata.xml | 11 ------- 3 files changed, 19 insertions(+), 29 deletions(-) diff --git a/build-logic/build.gradle b/build-logic/build.gradle index 857be2414e..3ba08cd365 100644 --- a/build-logic/build.gradle +++ b/build-logic/build.gradle @@ -33,7 +33,7 @@ dependencies { implementation 'org.nosphere.apache:creadur-rat-gradle:0.8.1' implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.2.4' implementation 'me.champeau.jmh:jmh-gradle-plugin:0.7.2' - implementation 'org.cyclonedx:cyclonedx-gradle-plugin:1.10.0' + implementation 'org.cyclonedx:cyclonedx-gradle-plugin:2.4.0' implementation 'org.apache.maven:maven-core:3.9.11' } diff --git a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle index eef00341f3..cccb53c6a6 100644 --- a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle +++ b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle @@ -17,10 +17,10 @@ if (pluginManager.hasPlugin('java-platform')) { afterEvaluate { def bomTask = tasks.cyclonedxBom - def bomFile = new File(bomTask.outputs.files.singleFile, "${bomTask.outputName.get()}.${bomTask.outputFormat.get()}") + def bomFile = file(bomTask.jsonOutput.get()) def mavenPublish = extensions.findByName(PublishingExtension.NAME) as PublishingExtension mavenPublish?.publications.each { - it.artifact(bomFile) { classifier = "cyclonedx" } + it.artifact(bomFile) { classifier = 'cyclonedx' } } tasks.matching { it.group == PublishingExtension.NAME }.configureEach { dependsOn(bomTask) } } @@ -28,11 +28,11 @@ afterEvaluate { publishing { repositories { maven { - name = "LocalFile" - url = rootProject.layout.buildDirectory.dir("repo").get().asFile.absolutePath + name = 'LocalFile' + url = rootProject.layout.buildDirectory.dir('repo').get().asFile.absolutePath } maven { - name = "Apache" + name = 'Apache' url = findProperty('groovyVersion').contains('SNAPSHOT') ? 'https://repository.apache.org/content/repositories/snapshots' : 'https://repository.apache.org/service/local/staging/deploy/maven2' @@ -808,8 +808,8 @@ gradle.taskGraph.whenReady { taskGraph -> if (sharedConfiguration.signing.shouldSign(gradle.taskGraph)) { // Use Java 6's console or Swing to read input (not suitable for CI) if (!sharedConfiguration.signing.hasAllKeyDetails()) { - printf "\n\nWe have to sign some things in this build." + - "\n\nPlease enter your signing details.\n\n" + printf '\n\nWe have to sign some things in this build.' + + '\n\nPlease enter your signing details.\n\n' System.out.flush() if (!sharedConfiguration.signing.keyId.present) { @@ -823,23 +823,22 @@ gradle.taskGraph.whenReady { taskGraph -> } allprojects { - project.properties.put("signing.keyId", sharedConfiguration.signing.keyId.get()) - project.properties.put("signing.secretKeyRingFile", sharedConfiguration.signing.secretKeyRingFile.get()) - project.properties.put("signing.password", sharedConfiguration.signing.password.get()) + project.properties.put('signing.keyId', sharedConfiguration.signing.keyId.get()) + project.properties.put('signing.secretKeyRingFile', sharedConfiguration.signing.secretKeyRingFile.get()) + project.properties.put('signing.password', sharedConfiguration.signing.password.get()) } - printf "\nThanks.\n\n" + printf '\nThanks.\n\n' System.out.flush() } } } -def promptUser(String prompt) { +String promptUser(String prompt) { def response = '' if (System.console() != null) { - response = new String(System.console().readPassword("\n$prompt: ")) + response = String.valueOf(System.console().readPassword("\n$prompt: ")) } - if (!response) { throw new InvalidUserDataException("Null response detected!") } @@ -848,9 +847,11 @@ def promptUser(String prompt) { cyclonedxBom { includeConfigs = ['runtimeClasspath'] - skipConfigs = ['compileClasspath', 'testCompileClasspath', 'detached.*'] - outputName = "cyclonedx" - outputFormat = 'json' + skipConfigs = ['compileClasspath', 'detached.*', 'test.*'] + includeLicenseText = false includeMetadataResolution = false + + xmlOutput.unsetConvention() + jsonOutput.set(file("build/reports/cyclonedx/${project.name}.json")) } diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml index 157bc70d9e..7083cbd473 100644 --- a/gradle/verification-metadata.xml +++ b/gradle/verification-metadata.xml @@ -1320,17 +1320,6 @@ <pgp value="851264C36365D4FF9427625F38362FD5CFA2668B"/> </artifact> </component> - <component group="org.cyclonedx" name="cyclonedx-core-java" version="9.0.5"> - <artifact name="cyclonedx-core-java-9.0.5.jar"> - <pgp value="5D283C23D9D9DC2D9C2130E6AADF2C18DCF95764"/> - <sha512 value="f1bfda4b731415cb8aee80305f649e21ba325b9595035f73fa6d13358bbc21685089b616300042c66b5860d92b1025bb2ed190f8106a437ed9a613dfce5b5204" origin="Generated by Gradle" reason="A key couldn't be downloaded"/> - </artifact> - </component> - <component group="org.cyclonedx" name="cyclonedx-gradle-plugin" version="1.10.0"> - <artifact name="cyclonedx-gradle-plugin-1.10.0.jar"> - <sha512 value="2632a17252f6a0ea7efd2531a61bdf2fff865b77162b1087d14f108f4df95a232886a72ad4f5f1f940c8993d7ee6ce5256398d8cd74b5a0d51ea8e80df183322" origin="Generated by Gradle" reason="Artifact is not signed"/> - </artifact> - </component> <component group="org.dom4j" name="dom4j" version="2.2.0"> <artifact name="dom4j-2.2.0.jar"> <pgp value="8F9A3C6D105B9F57844A721D79E193516BE7998F"/>
