Upgrade to Gradle 9.4.1 and Micronaut 4

.sdkmanrc

@@ -2,5 +2,5 @@
 java=17.0.18-librca
 # Keep gradle version synced with gradle.properties (gradleToolingApiVersion), all gradle-wrapper.properties files,
 # and grails-forge/grails-forge-core/src/main/java/org/grails/forge/feature/build/gradle/templates/gradleWrapperProperties.rocker.raw
-gradle=8.14.4
+gradle=9.4.1
 

build-logic/docs-core/build.gradle

@@ -38,10 +38,9 @@ apply {
 dependencies {
     gradleConf gradleApi()
 
-    // grails-docs classes are used in Gradle builds,
-    // so we must compile with Groovy 3 until Gradle upgrades to Groovy 4.
-    compileOnly "org.codehaus.groovy:groovy:${GroovySystem.version}"
-    compileOnly "org.codehaus.groovy:groovy-ant:${GroovySystem.version}"
+    // grails-docs classes are used in Gradle builds, using Gradle's embedded Groovy version
+    compileOnly "org.apache.groovy:groovy:${GroovySystem.version}"
+    compileOnly "org.apache.groovy:groovy-ant:${GroovySystem.version}"
 
     api "org.apache.commons:commons-text:${gradleBomDependencyVersions['commons-text.version']}"
     api "org.apache.ant:ant:${gradleBomDependencyVersions['ant.version']}"
@@ -56,7 +55,7 @@ dependencies {
         transitive = false
     }
 
-    testImplementation "org.codehaus.groovy:groovy-test-junit5:${GroovySystem.version}"
+    testImplementation "org.apache.groovy:groovy-test-junit5:${GroovySystem.version}"
     testImplementation 'org.junit.jupiter:junit-jupiter-api:5.12.2'
     testImplementation 'org.junit.platform:junit-platform-runner:1.12.2'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher:1.12.2'

build-logic/docs-core/src/main/groovy/grails/doc/ant/DocPublisherTask.groovy

@@ -18,6 +18,7 @@
  */
 package grails.doc.ant
 
+import groovy.ant.AntBuilder
 import org.apache.tools.ant.BuildException
 import org.apache.tools.ant.Project
 import org.apache.tools.ant.Task

build-logic/gradle/wrapper/gradle-wrapper.properties

@@ -2,7 +2,7 @@
 # and grails-forge/grails-forge-core/src/main/java/org/grails/forge/feature/build/gradle/templates/gradleWrapperProperties.rocker.raw
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

build-logic/plugins/src/main/groovy/org/apache/grails/buildsrc/PublishPlugin.groovy

@@ -92,9 +92,14 @@ class PublishPlugin implements Plugin<Project> {
             task.group = 'publishing'
             task.outputs.dir(artifactsDir)
             task.dependsOn(project.tasks.withType(Jar))
+
+            // Capture publishing extension at configuration time to avoid Task.project access at execution time
+            // See: https://docs.gradle.org/current/userguide/configuration_cache.html#config_cache:requirements:use_project_during_execution
+            def publishingExtension = project.extensions.getByType(PublishingExtension)
+
             task.doLast {
                 Map<String, String> artifacts = [:]
-                project.extensions.getByType(PublishingExtension).publications.withType(MavenPublication).each { MavenPublication publication ->
+                publishingExtension.publications.withType(MavenPublication).each { MavenPublication publication ->
                     publication.artifacts.each { MavenArtifact artifact ->
                         if (!artifact.file.exists() || artifact.file.name in ['grails-plugin.xml', 'profile.yml']) {
                             return

build-logic/plugins/src/main/groovy/org/apache/grails/buildsrc/SbomPlugin.groovy

@@ -93,6 +93,7 @@ class SbomPlugin implements Plugin<Project> {
             'pkg:maven/org.jline/jline@3.23.0?type=jar'                       : 'BSD-2-Clause', // maps incorrectly because of https://github.com/CycloneDX/cyclonedx-core-java/issues/205
             'pkg:maven/org.liquibase.ext/liquibase-hibernate5@4.27.0?type=jar': 'Apache-2.0', // maps incorrectly because of https://github.com/liquibase/liquibase/issues/2445 & the base pom does not define a license
             'pkg:maven/com.oracle.coherence.ce/coherence-bom@25.03.1?type=pom': 'UPL-1.0', // does not have map based on license id
+            'pkg:maven/com.oracle.coherence.ce/coherence-bom@25.03.2?type=pom': 'UPL-1.0', // does not have map based on license id
             'pkg:maven/com.oracle.coherence.ce/coherence-bom@22.06.2?type=pom': 'UPL-1.0', // does not have map based on license id
             'pkg:maven/opensymphony/sitemesh@2.6.0?type=jar'                  : 'OpenSymphony', // custom license approved by legal LEGAL-707
             'pkg:maven/org.jruby/jzlib@1.1.5?type=jar'                        : 'BSD-3-Clause'// https://web.archive.org/web/20240822213507/http://www.jcraft.com/jzlib/LICENSE.txt shows it's a 3 clause
@@ -208,6 +209,12 @@ class SbomPlugin implements Plugin<Project> {
 
                 // cyclonedx does not support "choosing" the license placed in the sbom
                 // see: https://github.com/CycloneDX/cyclonedx-gradle-plugin/issues/16
+                // Capture project name at configuration time to avoid deprecated Task.project access at execution time
+                // See: https://docs.gradle.org/current/userguide/configuration_cache.html#config_cache:requirements:use_project_during_execution
+                def projectName = project.name
+                def projectPath = project.path
+                boolean isReproducibleBuild = lookupProperty(project, 'isReproducibleBuild')
+                ZonedDateTime buildDate = lookupProperty(project, 'buildDate')
                 doLast {
                     // json schema is documented here: https://cyclonedx.org/docs/1.6/json/
                     def rewriteSbom = { File f ->
@@ -217,9 +224,8 @@ class SbomPlugin implements Plugin<Project> {
                         // Use a fixed epoch when SOURCE_DATE_EPOCH is not set so the SBOM is identical between
                         // builds. This prevents the non-reproducible timestamp from changing the jar checksum
                         // and cascading cache misses through the compile classpath of downstream projects.
-                        boolean isReproducibleBuild = lookupProperty(project, 'isReproducibleBuild')
                         ZonedDateTime sbomTimestamp = isReproducibleBuild ?
-                                lookupProperty(project, 'buildDate') as ZonedDateTime :
+                                buildDate :
                                 Instant.EPOCH.atZone(ZoneOffset.UTC)
                         bom['metadata']['timestamp'] = DateTimeFormatter.ISO_INSTANT.format(sbomTimestamp.truncatedTo(ChronoUnit.SECONDS))
 
@@ -228,7 +234,7 @@ class SbomPlugin implements Plugin<Project> {
                         comps.each { c ->
                             // .licenses => choose a license that is compatible with ASF policy if multiple licensed
                             if (c instanceof Map && c.licenses instanceof List && !(c.licenses as List).empty) {
-                                def chosen = pickLicense(task, c['bom-ref'] as String, c.licenses as List)
+                                def chosen = pickLicense(logger, projectName, c['bom-ref'] as String, c.licenses as List)
                                 if (chosen != null) {
                                     c.licenses = [chosen]
                                 }
@@ -261,7 +267,7 @@ class SbomPlugin implements Plugin<Project> {
 
                         f.setText(JsonOutput.prettyPrint(JsonOutput.toJson(bom)), StandardCharsets.UTF_8.name())
 
-                        logger.info('Rewrote JSON SBOM ({}) to pick preferred license', project.relativePath(f))
+                        logger.info('Rewrote JSON SBOM ({}) to pick preferred license', projectPath)
                     }
 
                     sbomOutputLocation.get().with { rewriteSbom(it.asFile) }
@@ -278,29 +284,40 @@ class SbomPlugin implements Plugin<Project> {
             }
         }
     }
+
+    /**
+     * Picks the most appropriate license for a dependency from a list of license choices.
+     * This method is called at execution time and should not access Task.project.
+     *
+     * @param logger the logger to use for logging
+     * @param projectName the name of the project (captured at configuration time)
+     * @param bomRef the bom reference for the dependency
+     * @param licenseChoices the list of license choices
+     * @return the chosen license
+     */
     @CompileDynamic
-    private static Object pickLicense(CycloneDxTask task, String bomRef, List licenseChoices) {
+    private static Object pickLicense(org.gradle.api.logging.Logger logger, String projectName, String bomRef, List licenseChoices) {
         if (!bomRef) {
-            throw new GradleException("No bomRef found for a dependency of ${task.project.name}, cannot pick license")
+            throw new GradleException("No bomRef found for a dependency of ${projectName}, cannot pick license")
         }
 
-        task.logger.info('Picking license for {} from {} choices', bomRef, licenseChoices.size())
+        logger.info('Picking license for {} from {} choices', bomRef, licenseChoices.size())
         if (LICENSE_MAPPING.containsKey(bomRef)) {
             // There are several reasons that cyclone will get the license wrong, usually due to upstream not publishing information or publishing it incorrectly
             // see the licenseMapping map above for details
             def licenseId = LICENSE_MAPPING[bomRef]
-            task.logger.lifecycle('Forcing license for {} to {}', bomRef, licenseId)
+            logger.lifecycle('Forcing license for {} to {}', bomRef, licenseId)
 
             def licenseBlock = LICENSES[licenseId]
             if (!licenseBlock) {
-                throw new GradleException("Cannot find license information for id ${licenseId} to use for bomRef ${bomRef} in project ${task.project.name}")
+                throw new GradleException("Cannot find license information for id ${licenseId} to use for bomRef ${bomRef} in project ${projectName}")
             }
 
             return licenseBlock
         }
 
         if (!(licenseChoices instanceof List) || licenseChoices.isEmpty()) {
-            throw new GradleException("No License was found for dependency: ${bomRef} in project ${task.project.name}")
+            throw new GradleException("No License was found for dependency: ${bomRef} in project ${projectName}")
         }
 
         def licenseIds = licenseChoices.findAll { it instanceof Map && it.license instanceof Map && it.license.id }
@@ -312,13 +329,13 @@ class SbomPlugin implements Plugin<Project> {
         def defaultLicense = licenseChoices[0] // pick the first one found
         def defaultLicenseId = defaultLicense.license.id as String
         if (defaultLicenseId == null) {
-            throw new GradleException("Could not determine License id for dependency: ${bomRef} in project ${task.project.name} for value ${defaultLicense}")
+            throw new GradleException("Could not determine License id for dependency: ${bomRef} in project ${projectName} for value ${defaultLicense}")
         }
         if (!(defaultLicenseId in PREFERRED_LICENSES)) {
-            def projectLicenseExemptions = LICENSE_EXCEPTIONS[task.project.name] ?: [:]
+            def projectLicenseExemptions = LICENSE_EXCEPTIONS[projectName] ?: [:]
             def permittedLicense = projectLicenseExemptions.get(bomRef) == defaultLicenseId
             if (!permittedLicense) {
-                throw new GradleException("Unpermitted License found for bom dependency: ${bomRef} in project ${task.project.name} : ${defaultLicenseId}")
+                throw new GradleException("Unpermitted License found for bom dependency: ${bomRef} in project ${projectName} : ${defaultLicenseId}")
             }
         }
 

build-logic/settings.gradle

@@ -56,8 +56,8 @@ pluginManagement {
 }
 
 plugins {
-	id 'com.gradle.develocity' version '4.1.1'
-	id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.3'
+	id 'com.gradle.develocity' version '4.3.2'
+	id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.4.0'
 }
 
 def isCI = System.getenv().containsKey('CI')

dependencies.gradle

@@ -29,7 +29,7 @@ ext {
             'byte-buddy.version'            : '1.17.7',
             'commons-text.version'          : '1.13.1',
             'directory-watcher.version'     : '0.19.1',
-            'gradle-spock.version'          : '2.3-groovy-3.0',
+            'gradle-spock.version'          : '2.3-groovy-4.0',
             'grails-publish-plugin.version' : '0.0.4',
             'jansi.version'                 : '1.18',
             'javaparser-core.version'       : '3.27.0',

gradle.properties

@@ -34,7 +34,7 @@ expectitCoreVersion=0.9.0
 gparsVersion=1.2.1
 # Keep gradle version synced with .sdkmanrc, all gradle-wrapper.properties files,
 # and grails-forge/grails-forge-core/src/main/java/org/grails/forge/feature/build/gradle/templates/gradleWrapperProperties.rocker.raw
-gradleToolingApiVersion=8.14.4
+gradleToolingApiVersion=9.4.1
 hibernate5Version=5.6.15.Final
 javassistVersion=3.30.2-GA
 jnrPosixVersion=3.1.20
@@ -54,15 +54,15 @@ gradleChecksumPluginVersion=1.4.0
 gradleCycloneDxPluginVersion=2.4.1
 
 # micronaut libraries not in the bom due to the potential for spring mismatches
-micronautPlatformVersion=4.9.2
+micronautPlatformVersion=4.10.10
 
 # Libraries only specific to test apps, these should not be exposed
 ersatzVersion=4.0.1
 grailsSpringSecurityVersion=7.0.2-SNAPSHOT
 jbossTransactionApiVersion=2.0.0.Final
 # Note: we do not import the micronaut bom in our tests to avoid spring version mismatches
-micronautHttpClientVersion=4.9.9
-micronautSerdeJacksonVersion=2.11.0
+micronautHttpClientVersion=4.10.18
+micronautSerdeJacksonVersion=2.16.2
 
 # build dependencies for code quality checks
 checkstyleVersion=11.0.0

gradle/wrapper/gradle-wrapper.properties

@@ -2,7 +2,7 @@
 # and grails-forge/grails-forge-core/src/main/java/org/grails/forge/feature/build/gradle/templates/gradleWrapperProperties.rocker.raw
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

grails-data-graphql/settings.gradle

@@ -18,29 +18,37 @@
  */
 
 plugins {
-    id "com.gradle.enterprise" version "3.15.1"
-    id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.12.1'
+    id 'com.gradle.develocity' version '4.3.2'
+    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.4.0'
 }
 
-gradleEnterprise {
+def isCI = System.getenv().containsKey('CI')
+def isLocal = !isCI
+def isReproducibleBuild = System.getenv('SOURCE_DATE_EPOCH') != null
+if (isReproducibleBuild) {
+    gradle.settingsEvaluated {
+        logger.warn('*************** Remote Build Cache Disabled due to Reproducible Build ********************')
+        logger.warn("Build date will be set to (SOURCE_DATE_EPOCH=${System.getenv("SOURCE_DATE_EPOCH")})")
+    }
+}
+
+develocity {
     server = 'https://develocity.apache.org'
     buildScan {
-        publishAlwaysIf(System.getenv('CI') == 'true')
-        publishIfAuthenticated()
-        uploadInBackground = System.getenv("CI") == null
-        capture {
-            taskInputFiles = true
-        }
+        tag('grails')
+        tag('grails-data-graphql')
+        publishing.onlyIf { it.authenticated }
+        uploadInBackground = isLocal
     }
 }
 
 buildCache {
-    local { enabled = System.getenv('CI') != 'true' }
-    remote(gradleEnterprise.buildCache) {
-        def isAuthenticated = System.getenv('GRADLE_ENTERPRISE_ACCESS_KEY')
-        push = System.getenv('CI') == 'true' && isAuthenticated
-        enabled = true
-    }}
+    local { enabled = (isLocal && !isReproducibleBuild) || (isCI && isReproducibleBuild) }
+    remote(develocity.buildCache) {
+        push = isCI
+        enabled = !isReproducibleBuild
+    }
+}
 
 include 'core'
 include 'plugin'

grails-data-neo4j/build.gradle

@@ -25,7 +25,7 @@ buildscript {
     dependencies {
         classpath "org.codehaus.groovy.modules.http-builder:http-builder:0.7.2"
         classpath "org.apache.grails:grails-gradle-plugins:$grailsGradlePluginVersion"
-        classpath "org.asciidoctor:asciidoctor-gradle-jvm:4.0.2"
+        classpath "org.asciidoctor:asciidoctor-gradle-jvm:4.0.5"
         classpath "com.github.erdi:webdriver-binaries-gradle-plugin:3.2"
     }
 }