bump cyclonedx-gradle-plugin to 3.0.0-alpha-2 (additional refactoring)

Author: paulk-asert

build-logic/build.gradle

@@ -33,7 +33,7 @@ dependencies {
  implementation 'org.nosphere.apache:creadur-rat-gradle:0.8.1'
  implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.4.2'
  implementation 'me.champeau.jmh:jmh-gradle-plugin:0.7.2'
- implementation 'org.cyclonedx:cyclonedx-gradle-plugin:3.0.0-alpha-1'
+ implementation 'org.cyclonedx:cyclonedx-gradle-plugin:3.0.0-alpha-2'
  implementation "com.fasterxml.jackson:jackson-bom:2.20.0" // later version for cyclonedx
  implementation "org.slf4j:slf4j-api:2.0.17" // later version for cyclonedx
  implementation "org.apache.commons:commons-lang3:3.19.0" // later version for cyclonedx

build-logic/src/main/groovy/org.apache.groovy-published-library.gradle

@@ -1,8 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import org.cyclonedx.model.ExternalReference
+import org.cyclonedx.model.License
+import org.cyclonedx.model.LicenseChoice
+import org.cyclonedx.model.OrganizationalContact
+import org.cyclonedx.model.OrganizationalEntity
+
 plugins {
  id 'maven-publish'
  id 'signing'
  id 'org.apache.groovy-publish-validation'
  id 'org.apache.groovy-artifactory'
+ id 'org.cyclonedx.bom'
 }
 
 def componentName
@@ -844,15 +869,26 @@ String promptUser(String prompt) {
  response
 }
 
-/*
+def oe = new OrganizationalEntity(name: 'Apache Software Foundation',
+ urls: ['https://www.apache.org/', 'https://security.apache.org/'])
+oe.addContact(new OrganizationalContact(name: 'Apache Groovy Development Team',
+ email: 'dev@groovy.apache.org'))
+def lc = new LicenseChoice()
+lc.addLicense(new License(name: 'Apache-2.0',
+ url: 'https://www.apache.org/licenses/LICENSE-2.0.txt'))
+def er = new ExternalReference(url: 'https://groovy.apache.org/', type: ExternalReference.Type.WEBSITE)
+
 cyclonedxDirectBom {
  includeConfigs = ['runtimeClasspath']
-  skipConfigs = ['compileClasspath', 'detached.*', 'test.*']
+ skipConfigs = ['compileClasspath', 'detached.*', 'test.*']
 
  includeLicenseText = false
  includeMetadataResolution = false
 
+ organizationalEntity = oe
+ licenseChoice = lc
+ externalReferences = [er]
+
  xmlOutput.unsetConvention()
  jsonOutput.set(file("build/reports/cyclonedx/${project.name}.json"))
 }
-*/

build.gradle

@@ -16,12 +16,6 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import org.cyclonedx.model.ExternalReference
-import org.cyclonedx.model.License
-import org.cyclonedx.model.LicenseChoice
-import org.cyclonedx.model.OrganizationalContact
-import org.cyclonedx.model.OrganizationalEntity
-
 plugins {
  id 'com.github.ben-manes.versions' version '0.53.0'
  id 'io.github.goooler.osgi' version '0.8.6'
@@ -30,7 +24,6 @@ plugins {
  id 'org.apache.groovy-core'
  id 'java-test-fixtures'
  id 'org.apache.groovy-jacoco-aggregation'
- id 'org.cyclonedx.bom' version '3.0.0-alpha-2'
 }
 
 base {
@@ -283,30 +276,3 @@ artifacts {
  gparsRuntimeElements file: jar.archiveFile.get().asFile, type: 'jar'
  loggingRuntimeElements file: jar.archiveFile.get().asFile, type: 'jar'
 }
-
-// below here really belongs in org.apache.groovy-published-library.gradle but currently gives errors
-def oe = new OrganizationalEntity(name: 'Apache Software Foundation',
- urls: ['https://www.apache.org/', 'https://security.apache.org/'])
-oe.addContact(new OrganizationalContact(name: 'Apache Groovy Development Team',
- email: 'dev@groovy.apache.org'))
-def lc = new LicenseChoice()
-lc.addLicense(new License(name: 'Apache-2.0',
- url: 'https://www.apache.org/licenses/LICENSE-2.0.txt'))
-def er = new ExternalReference(url: 'https://groovy.apache.org/', type: ExternalReference.Type.WEBSITE)
-
-allprojects { p ->
- tasks.cyclonedxDirectBom {
- includeConfigs = ['runtimeClasspath']
- skipConfigs = ['compileClasspath', 'detached.*', 'test.*']
-
- includeLicenseText = false
- includeMetadataResolution = false
-
- organizationalEntity = oe
- licenseChoice = lc
- externalReferences = [er]
-
- xmlOutput.unsetConvention()
- jsonOutput.set(file("build/reports/cyclonedx/${p.name}.json"))
- }
-}

gradle/verification-metadata.xml

@@ -315,10 +315,10 @@
  <sha512 value="cbf03668b3ae43c163ab74acec3081c0c714098387ab432c4468aec6b25d0b3a5a3c9a9b7be94e7801c56f86544294d38f8afa81518c9e824b433d2aede76059" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
  </artifact>
  </component>
- <component group="com.ethlo.time" name="itu" version="1.10.3">
- <artifact name="itu-1.10.3.jar">
+ <component group="com.ethlo.time" name="itu" version="1.14.0">
+ <artifact name="itu-1.14.0.jar">
  <pgp value="B18679A17A21DE79FF9DE8B0636D10E7975B6E6F"/>
- <sha512 value="c44852b434ccb29830b2e6b4857fb26d4a726daf6bace94bf4ae5412efd819d498f83cef71ae97963a318c6ee1b3f61490fa0374fd20fc423fd1aabacc64f4c3" origin="Generated by Gradle"/>
+ <sha512 value="aa69a6af3a7123eb41425bbaf6834e16dc3323172709e2338b8a21b970fd21333d996515f42da4aa0225251e30542ad7d9c8332bdf7d62ed96b42fadc8a1520d" origin="Generated by Gradle"/>
  </artifact>
  </component>
  <component group="com.fasterxml.jackson.core" name="jackson-annotations" version="2.20">
@@ -627,10 +627,10 @@
  <sha512 value="b6827d8de471682fd11744080663aea77612a03774e2ebcc3357c7c493d5df50d4ec9c8d52c4fcc928bdfdd75b62b40d3c60f184da8a7b8aba44c92afecee7a5" origin="Generated by Gradle" reason="Artifact is not signed"/>
  </artifact>
  </component>
- <component group="com.networknt" name="json-schema-validator" version="1.5.6">
- <artifact name="json-schema-validator-1.5.6.jar">
+ <component group="com.networknt" name="json-schema-validator" version="1.5.9">
+ <artifact name="json-schema-validator-1.5.9.jar">
  <pgp value="AEB1E1AEC035C66FA39589D13EFC46EE83C40224"/>
- <sha512 value="a9bfd40b46ea8ab74977832338103fb0df45f75647d3dca894a30097bc1841b392209eef0f1c42780f3c9f4c81624a63652055eb7fac498f3bac6dc3f5045d0d" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
+ <sha512 value="5ba210c135717a6ed043e0889d96f6381b3668f9e2a011bd0def8138ad327813f792259858ae5ed192cb8ec0645308113769aa8ebee903db1ccd82e98cb3009d" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
  </artifact>
  </component>
  <component group="com.puppycrawl.tools" name="checkstyle" version="11.0.1">
@@ -1530,14 +1530,14 @@
  <pgp value="851264C36365D4FF9427625F38362FD5CFA2668B"/>
  </artifact>
  </component>
- <component group="org.cyclonedx" name="cyclonedx-core-java" version="10.2.1">
- <artifact name="cyclonedx-core-java-10.2.1.jar">
- <sha512 value="a43be061a75cb1f3a5b175fbd41437b4c2360050993bcb3c85acc52168b9e96c41f8436f178c0a5156db09b80fa0dfd84db60f3d575bb3679bcac7c3c8a83375" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
+ <component group="org.cyclonedx" name="cyclonedx-core-java" version="11.0.0">
+ <artifact name="cyclonedx-core-java-11.0.0.jar">
+ <sha512 value="20d3c3b839fd2a5597665ee6e48f0f6bbd32168f275b851551230437aa25d80e22d6e7da760f05ebd17ddc92cec5a4c2c45e3280631da67478d77e16b612f00e" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
  </artifact>
  </component>
- <component group="org.cyclonedx" name="cyclonedx-gradle-plugin" version="3.0.0-alpha-1">
- <artifact name="cyclonedx-gradle-plugin-3.0.0-alpha-1.jar">
- <sha512 value="724bccf1749a9ae38e969a3a598ea06ca62d56488f46d0750e5598c6e169469ff5f4adf29efe4eab2a43937817b117bbff5d93238d285ef5b96eb2001017631d" origin="Generated by Gradle" reason="Artifact is not signed"/>
+ <component group="org.cyclonedx" name="cyclonedx-gradle-plugin" version="3.0.0-alpha-2">
+ <artifact name="cyclonedx-gradle-plugin-3.0.0-alpha-2.jar">
+ <sha512 value="539cc070289c606e214b4af3596ed2cf90481aa9bdb7fe72b727cee67dbdb359eaa92a5096e602f4eaabef2e617c42c8009acfe28ee9152a20d7906213479cc4" origin="Generated by Gradle" reason="Artifact is not signed"/>
  </artifact>
  </component>
  <component group="org.dom4j" name="dom4j" version="2.2.0">