Applies Dokka to any subproject using security-kotlin via DocsPlugin,
aggregates KDoc alongside Javadoc in syncAntoraAttachments, and adds
a Kotlin API entry to the reference docs navigation.
Closes gh-18968
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
All Spring projects using io.spring.convention.docs are also using Antora,
so these tasks belong in the convention rather than each project's build script.
Issue gh-18968
Previously, the `CheckExpectedBranchVersionPlugin` would crash the Gradle
configuration phase if the project was in a detached HEAD state or not
in a Git repository, e.g., downloaded as a ZIP.
This commit refactors the plugin to be lazy and adopts several Gradle best
practices:
- Prevents build crashes on Git failures by gracefully catching non-zero
exit codes, e.g., when checked out in a detached HEAD state.
- Moves the branch validation out of the task's main execution action
and into an `onlyIf` predicate, allowing Gradle to skip the task
entirely instead of executing an early return. This makes the skip
outcome and reason visible in a Build Scan, rather than making it
appear as if it executed.
- Defers the Git `exec` call to the execution phase using a lazy provider.
- Makes the task configuration cache compatible by avoiding illegal
`Project` access inside the execution-time `onlyIf` closure.
- Improves user-facing logs and adds actionable bypass instructions when
the project version doesn't match the branch version.
Signed-off-by: Eric Haag <ehaag@gradle.com>
buildSrc does not need its own Gradle wrapper and should use
the parent project's wrapper. Having a separate wrapper causes
Dependabot to detect and attempt to update it independently,
creating confusion and unnecessary PRs.
Closes gh-18692
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.
By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.
By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
To prevent future compiler warnings from being introduced, this change
applies the `compile-warnings-error` plugin to the
`spring-security-oauth2-core` module.
This ensures that any new warnings will fail the build, maintaining
code quality and preventing warning accumulation.
Fixes: gh-18434
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
Signed-off-by: paulvas <paulvas@gmail.com>
This commit addresses several build warnings and errors to prepare for
Gradle 9.0 and resolve static analysis issues.
Closes: gh-18472
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
Several method security tests rely on method parameters
being preserved, in order to demonstrate the difference
between relying on runtime reflection and using the @P
annotation.
Closes gh-15680
dependabot[bot]