(groovy) branch master updated: try alpha cyclonedx plugin version

Sat, 18 Oct 2025 01:28:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

paulk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git


The following commit(s) were added to refs/heads/master by this push:
     new adf9eeb784 try alpha cyclonedx plugin version
adf9eeb784 is described below

commit adf9eeb7843e39d95e610b468ead7c9b52ed8ddf
Author: Paul King <[email protected]>
AuthorDate: Tue Sep 23 17:02:31 2025 +1000

    try alpha cyclonedx plugin version
---
 build-logic/build.gradle                                  |  3 ++-
 .../groovy/org.apache.groovy-published-library.gradle     |  7 ++++---
 build.gradle                                              | 15 +++++++++++++++
 gradle/verification-metadata.xml                          |  6 +++---
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/build-logic/build.gradle b/build-logic/build.gradle
index d30d97a85d..525365e781 100644
--- a/build-logic/build.gradle
+++ b/build-logic/build.gradle
@@ -33,9 +33,10 @@ dependencies {
     implementation 'org.nosphere.apache:creadur-rat-gradle:0.8.1'
     implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.2.4'
     implementation 'me.champeau.jmh:jmh-gradle-plugin:0.7.2'
-    implementation 'org.cyclonedx:cyclonedx-gradle-plugin:2.4.0'
+    implementation 'org.cyclonedx:cyclonedx-gradle-plugin:3.0.0-alpha-1'
     implementation "com.fasterxml.jackson:jackson-bom:2.20.0" // later version 
for cyclonedx
     implementation "org.slf4j:slf4j-api:2.0.17" // later version for cyclonedx
+    implementation "org.apache.commons:commons-lang3:3.18.0" // later version 
for cyclonedx
     implementation 'org.apache.maven:maven-core:3.9.11'
 }
 
diff --git 
a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle 
b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
index cccb53c6a6..b84a8b0774 100644
--- a/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
+++ b/build-logic/src/main/groovy/org.apache.groovy-published-library.gradle
@@ -3,7 +3,6 @@ plugins {
     id 'signing'
     id 'org.apache.groovy-publish-validation'
     id 'org.apache.groovy-artifactory'
-    id 'org.cyclonedx.bom'
 }
 
 def componentName
@@ -16,7 +15,7 @@ if (pluginManager.hasPlugin('java-platform')) {
 }
 
 afterEvaluate {
-    def bomTask = tasks.cyclonedxBom
+    def bomTask = tasks.cyclonedxDirectBom
     def bomFile = file(bomTask.jsonOutput.get())
     def mavenPublish = extensions.findByName(PublishingExtension.NAME) as 
PublishingExtension
     mavenPublish?.publications.each {
@@ -845,7 +844,8 @@ String promptUser(String prompt) {
     response
 }
 
-cyclonedxBom {
+/*
+cyclonedxDirectBom {
     includeConfigs = ['runtimeClasspath']
        skipConfigs = ['compileClasspath', 'detached.*', 'test.*']
 
@@ -855,3 +855,4 @@ cyclonedxBom {
     xmlOutput.unsetConvention()
     jsonOutput.set(file("build/reports/cyclonedx/${project.name}.json"))
 }
+*/
diff --git a/build.gradle b/build.gradle
index 20393f729b..58f6d768d9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -25,6 +25,7 @@ plugins {
     id 'org.apache.groovy-core'
     id 'java-test-fixtures'
     id 'org.apache.groovy-jacoco-aggregation'
+    id 'org.cyclonedx.bom' version '3.0.0-alpha-1'
 }
 
 base {
@@ -277,3 +278,17 @@ artifacts {
     gparsRuntimeElements file: jar.archiveFile.get().asFile, type: 'jar'
     loggingRuntimeElements file: jar.archiveFile.get().asFile, type: 'jar'
 }
+
+// this really belongs in org.apache.groovy-published-library.gradle but 
currently gives errors
+allprojects { p ->
+    tasks.cyclonedxDirectBom {
+        includeConfigs = ['runtimeClasspath']
+        skipConfigs = ['compileClasspath', 'detached.*', 'test.*']
+
+        includeLicenseText = false
+        includeMetadataResolution = false
+
+        xmlOutput.unsetConvention()
+        jsonOutput.set(file("build/reports/cyclonedx/${p.name}.json"))
+    }
+}
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index d3cff1d9a3..f7ddcf9183 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -1316,9 +1316,9 @@
             <sha512 
value="a43be061a75cb1f3a5b175fbd41437b4c2360050993bcb3c85acc52168b9e96c41f8436f178c0a5156db09b80fa0dfd84db60f3d575bb3679bcac7c3c8a83375"
 origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
          </artifact>
       </component>
-      <component group="org.cyclonedx" name="cyclonedx-gradle-plugin" 
version="2.4.0">
-         <artifact name="cyclonedx-gradle-plugin-2.4.0.jar">
-            <sha512 
value="26f3c928669d6bef1724b99c74a065920d3fc8ffd004ac0001d3499cb683f4915a8318700f4dc218f0a7213a6d88eaa0ecc981f97be79292151806b210ae10f5"
 origin="Generated by Gradle" reason="Artifact is not signed"/>
+      <component group="org.cyclonedx" name="cyclonedx-gradle-plugin" 
version="3.0.0-alpha-1">
+         <artifact name="cyclonedx-gradle-plugin-3.0.0-alpha-1.jar">
+            <sha512 
value="724bccf1749a9ae38e969a3a598ea06ca62d56488f46d0750e5598c6e169469ff5f4adf29efe4eab2a43937817b117bbff5d93238d285ef5b96eb2001017631d"
 origin="Generated by Gradle" reason="Artifact is not signed"/>
          </artifact>
       </component>
       <component group="org.dom4j" name="dom4j" version="2.2.0">

Reply via email to