Conversation
… a staged version of Groovy
…fined in a repository settings plugin
… many repos instead of one.
…n grails-forge-cli
…dependency-management-plugin#368 being fixed to correctly pull in bom overrides
…spring dependency management plugin, the correct version is chosen
…o groovy-json & spring-mvc are not exposed anymore
Groovy 4.0.30, staged groovy verison support, multiple repo support in GRAILS_REPO_URL, & profile support for GRAILS_REPO_URL
Bumped asset-pipeline-gradle and asset-pipeline-bom versions to 5.0.28 in dependencies.gradle. Updated all asset require paths in JavaScript and CSS files to use explicit WebJars package/version wildcards for jQuery, Bootstrap, and Bootstrap Icons, improving compatibility with newer WebJars conventions.
Update asset-pipeline and WebJars require paths
…or grails-shell created apps
…s to prevent stepping on each workflows / causing release builds to fail
This release includes several important bug fixes and dependency upgrades: Bug Fixes: - Improved bean condition evaluation performance and reporting - Fixed /info endpoint for Java 25 Native Image (VirtualThreadSchedulerMXBean) - Fixed DataSourceBuilder native image support for Oracle UCP - Fixed reproducibility of application JARs created by extract command - Fixed AOT processing when skipTests is set Key Dependency Upgrades: - Hibernate 6.6.41.Final - Logback 1.5.25 - Micrometer 1.15.8 - PostgreSQL 42.7.9 - Spring Data BOM 2025.0.8 - Spring Integration 6.5.6 - Spring Kafka 3.3.12 - Reactor BOM 2024.0.14 For full release notes see: https://github.com/spring-projects/spring-boot/releases/tag/v3.5.10
Update spring-boot.version to 3.5.10
Minor fixes post 7.0.6
Update Gradle wrapper to 8.14.4 across all modules: - gradle/wrapper/gradle-wrapper.properties - grails-forge/gradle/wrapper/gradle-wrapper.properties - build-logic/gradle/wrapper/gradle-wrapper.properties - grails-gradle/gradle/wrapper/gradle-wrapper.properties - grails-profiles/base/skeleton/gradle/wrapper/gradle-wrapper.properties - grails-profiles/profile/skeleton/gradle/wrapper/gradle-wrapper.properties - .sdkmanrc Gradle 8.14.4 addresses two security vulnerabilities: - GHSA-mqwm-5m85-gmcv: Failure to disable repositories failing to answer - GHSA-w78c-w6vf-rw82: Failure to disable repositories with unknown host Additional fixes in 8.14.4: - #34365: Gradle doesn't stop forked processes - #35125: Precompiled script plugin with @file annotation - #35184: Different fingerprints in compile classpath - #35228: Fix dependency resolution issues - #35288: Include GradleDslBaseScriptModel - #36326: Improve repository disabling logic - #36396: Add partial cgroups v2 support - #36420: Improve Java 25 support Update Java version from 24 to 25: - GitHub workflows: CI matrix now tests against Java 17, 21, 25 - grails-forge: JdkVersion enum updated from JDK_24 to JDK_25 - SpringBootVirtualThreads: Updated threshold for virtual threads Release: https://github.com/gradle/gradle/releases/tag/v8.14.4
Upgrade to Gradle 8.14.4 and support Java 25 on Forge
There was a problem hiding this comment.
Pull request overview
This PR merges changes from the 7.0.x branch into 7.1.x, bringing improvements and fixes from the stable branch into the development branch.
Changes:
- Consolidates repository configuration into a centralized Gradle plugin (
GrailsRepoSettingsPlugin) to eliminate duplication across settings.gradle files - Adds support for multiple repository URLs in
GRAILS_REPO_URLenvironment variable using semicolon (;) as separator - Updates dependencies: Gradle 8.14.3→8.14.4, Spring Boot 3.5.9→3.5.10, Groovy 4.0.29→4.0.30, asset-pipeline 5.0.22→5.0.29
- Updates webjar asset paths to include version wildcard (
%) for better compatibility - Changes JDK version support from JDK 24 to JDK 25 (LTS release)
- Refactors wrapper repository handling with new
GrailsReleaseNotFoundExceptionfor better error handling - Code style improvements (formatting, brace consistency)
Reviewed changes
Copilot reviewed 77 out of 82 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| settings.gradle (multiple) | Removes duplicated repository configuration in favor of new plugin |
| build-logic/plugins/src/main/groovy/.../GrailsRepoSettingsPlugin.groovy | New centralized plugin for repository configuration |
| grails-wrapper/src/main/java/grails/init/*.java | Multi-repo support and exception handling improvements |
| grails-shell-cli/.../CreateAppCommand.groovy | Repository handling refactoring with new helper classes |
| dependencies.gradle | Version updates for multiple dependencies |
| grails-forge/.../JdkVersion.java | JDK 24→25 update |
| .github/workflows/*.yml | Concurrency configuration and JDK version updates |
| gradle/wrapper/*.properties (multiple) | Gradle wrapper version update |
| grails-profiles//grails-app/assets/.{js,css} | Webjar path updates with version wildcard |
| grails-gsp/plugin/build.gradle | Dependency exclusion adjustments |
| grails-bom/build.gradle | Gradle project coordinate mapping refactoring |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| repository.includeOnly('org[.]apache[.](grails|groovy).*', '.*', '.*-SNAPSHOT') | ||
| configuredRepositories.add(repository) | ||
| } | ||
| configuredRepositories.unique() |
There was a problem hiding this comment.
The method createRepositoryList is missing a return statement. The method is declared to return List<GrailsGradleRepository> but only calls configuredRepositories.unique() without returning the result. This will cause the method to return null, leading to potential NullPointerException when the result is used later.
| } | ||
| if (variables['grails.version'].endsWith('-SNAPSHOT')) { | ||
| GrailsGradleRepository repository = new GrailsGradleRepository(url: 'https://repository.apache.org/content/groups/snapshots', snapshotsOnly: true) | ||
| repository.includeOnly('org[.]apache[.](grails|groovy).*', '.*', '.*-SNAPSHOT') |
There was a problem hiding this comment.
The regex pattern 'org[.]apache[.](grails|groovy).*' uses alternation with parentheses, which should be escaped as \( and \) in a regex pattern. However, since this is being passed to Gradle's includeVersionByRegex method, it's unclear if the parentheses are intended as grouping in the regex or as literal characters. Looking at similar patterns elsewhere in the codebase (e.g., GradleRepository.java lines 61-64), the pattern is split into separate filters: one for org[.]apache[.]grails.* and another for org[.]apache[.]groovy.*. Consider using the same approach for consistency and correctness.
| repo.maven { | ||
| url = 'https://repo.grails.org/grails/restricted' | ||
| mavenContent { | ||
| it.releasesOnly() | ||
| } | ||
| } | ||
| repo.maven { | ||
| url = 'https://repository.apache.org/content/groups/snapshots' | ||
| content { | ||
| it.includeVersionByRegex('org[.]apache[.]grails.*', '.*', '.*-SNAPSHOT') | ||
| it.includeVersionByRegex('org[.]apache[.]groovy.*', '.*', '.*-SNAPSHOT') | ||
| } | ||
| mavenContent { | ||
| it.snapshotsOnly() | ||
| } | ||
| } | ||
| repo.maven { | ||
| url = 'https://central.sonatype.com/repository/maven-snapshots' | ||
| content { | ||
| it.includeVersionByRegex('cloud[.]wondrify.*', '.*', '.*-SNAPSHOT') | ||
| } | ||
| mavenContent { | ||
| it.snapshotsOnly() | ||
| } | ||
| } | ||
| repo.maven { | ||
| url = 'https://repository.apache.org/content/groups/staging' | ||
| content { | ||
| it.includeModuleByRegex('org[.]apache[.]grails[.]gradle', 'grails-publish') | ||
| it.includeModuleByRegex('org[.]apache[.]groovy[.]geb', 'geb.*') | ||
| it.includeModuleByRegex('org[.]apache[.]groovy', 'groovy.*') | ||
| } | ||
| mavenContent { | ||
| it.releasesOnly() | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
The dependencyResolutionManagement configuration in the new GrailsRepoSettingsPlugin is missing a call to repo.mavenCentral(). Looking at the removed configurations in other settings.gradle files, they included mavenCentral() in the dependency resolution management. This could cause dependency resolution failures if dependencies are not available in the other configured repositories.
| # queue jobs and only allow 1 run per branch due to the likelihood of hitting GitHub resource limits | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| group: release-pipeline |
There was a problem hiding this comment.
The concurrency group for the release-notes workflow has been changed from ${{ github.workflow }}-${{ github.ref }} to release-pipeline, which is the same as the release workflow. This means both workflows will now share the same concurrency group. This could cause unintended queueing behavior where the release-notes workflow (triggered by push/PR events) blocks or is blocked by the release workflow (triggered by release events). The original configuration used a branch-specific concurrency group which allowed parallel execution across branches. Consider using distinct concurrency groups for these workflows or reverting to the branch-specific pattern.
| group: release-pipeline | |
| group: ${{ github.workflow }}-${{ github.ref }} |
3 participants
No description provided.