Grails 7 Migration - Rundeck 6.0 Compatibility

.github/workflows/gradle.yml

@@ -8,23 +8,24 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Get Fetch Tags
         run: git -c protocol.version=2 fetch --tags --progress --no-recurse-submodules origin
         if: "!contains(github.ref, 'refs/tags')"
-      - name: Set up JDK 1.8
-        uses: actions/setup-java@v1
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
         with:
-          java-version: 11
+          java-version: '17'
+          distribution: 'zulu'
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
       - name: Build with Gradle
         run: ./gradlew build
       - name: Get Release Version
         id: get_version
-        run: VERSION=$(./gradlew currentVersion -q -Prelease.quiet) && echo ::set-output name=VERSION::$VERSION
+        run: VERSION=$(./gradlew currentVersion -q -Prelease.quiet) && echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
       - name: Upload plugin jar
         uses: actions/upload-artifact@v4
         with:

.github/workflows/release.yml

@@ -1,46 +1,42 @@
 on:
   push:
-    # Sequence of patterns matched against refs/tags
     tags:
-      - '*' # Push events to matching v*, i.e. v1.0, v20.15.10
+      - '*.*.*'
 
-name: Upload Release Asset
+name: Publish Release
 
 jobs:
   build:
-    name: Upload Release Asset
+    name: Publish Release
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: set up JDK 1.8
-        uses: actions/setup-java@v1
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
         with:
-          java-version: 11
+          java-version: '17'
+          distribution: 'zulu'
       - name: Build with Gradle
         run: ./gradlew build
       - name: Get Release Version
         id: get_version
-        run: VERSION=$(./gradlew currentVersion -q -Prelease.quiet) && echo ::set-output name=VERSION::$VERSION
+        run: VERSION=$(./gradlew currentVersion -q -Prelease.quiet) && echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
       - name: Create Release
-        id: create_release
-        uses: actions/create-release@v1.0.0
+        run: |
+          gh release create \
+            --generate-notes \
+            --title 'Release ${{ steps.get_version.outputs.VERSION }}' \
+            ${{ github.ref_name }} \
+            build/libs/http-step-${{ steps.get_version.outputs.VERSION }}.jar
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ github.ref }}
-          release_name: Release ${{ steps.get_version.outputs.VERSION }}
-          draft: false
-          prerelease: false
-      - name: Upload Release Asset (jar)
-        id: upload-release-asset
-        uses: actions/upload-release-asset@v1
+      - name: Publish to Maven Central
+        run: ./gradlew -PsigningKey=${SIGNING_KEY_B64} -PsigningPassword=${SIGNING_PASSWORD} -PsonatypeUsername=${SONATYPE_USERNAME} -PsonatypePassword=${SONATYPE_PASSWORD} publishToSonatype closeAndReleaseSonatypeStagingRepository
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: build/libs/http-step-${{ steps.get_version.outputs.VERSION }}.jar
-          asset_name: http-step-${{ steps.get_version.outputs.VERSION }}.jar
-          asset_content_type: application/octet-stream
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SIGNING_KEY_B64: ${{ secrets.SIGNING_KEY_B64 }}
+          SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}

build.gradle

@@ -1,30 +1,55 @@
 plugins {
     id 'pl.allegro.tech.build.axion-release' version '1.17.2'
     id 'java'
-    id 'maven-publish'
+    id 'io.github.gradle-nexus.publish-plugin' version '2.0.0'
 }
 
-apply plugin: 'java'
-
-sourceCompatibility = 1.11
+java {
+    sourceCompatibility = JavaVersion.VERSION_17
+    targetCompatibility = JavaVersion.VERSION_17
+    withSourcesJar()
+    withJavadocJar()
+}
 ext.rundeckPluginVersion = '1.2'
 ext.pluginClassNames='edu.ohio.ais.rundeck.HttpWorkflowStepPlugin,edu.ohio.ais.rundeck.HttpWorkflowNodeStepPlugin'
 ext.pluginName = 'Rundeck Http Step'
 ext.pluginDescription = 'A workflow plugin that makes HTTP requests'
-group = 'com.github.rundeck-plugins'
+group = 'org.rundeck.plugins'
+
+ext.publishName = "Rundeck Http Step ${project.version}"
+ext.githubSlug = 'rundeck-plugins/http-step'
+ext.developers = [
+        [id: 'gschueler', name: 'Greg Schueler', email: 'greg@rundeck.com']
+]
 
 scmVersion {
-    ignoreUncommittedChanges = true
+    ignoreUncommittedChanges = false
     tag {
-        prefix = ''
+        prefix = ''           // NO "v" prefix - see PLUGIN_TAGGING_ARCHITECTURE.md
         versionSeparator = ''
     }
 }
-project.version = scmVersion.version
 
+version = scmVersion.version  // Dynamic version from git tag
 
 repositories {
     mavenLocal()
+    maven {
+        name = 'Central Portal Snapshots'
+        url = 'https://central.sonatype.com/repository/maven-snapshots/'
+        content {
+            includeGroup('org.rundeck')
+        }
+    }
+    maven {
+        name = 'Central Portal Snapshots'
+        url = 'https://central.sonatype.com/repository/maven-snapshots/'
+
+        // Only search this repository for org.rundeck snapshots
+        content {
+            includeGroup('org.rundeck')
+        }
+    }
     mavenCentral()
 }
 
@@ -39,16 +64,18 @@ configurations{
 }
 
 dependencies {
-    implementation 'org.rundeck:rundeck-core:5.14.0-rc1-20250722'
+    compileOnly 'org.rundeck:rundeck-core:6.0.0-alpha1-20260407'
+    testImplementation 'org.rundeck:rundeck-core:6.0.0-alpha1-20260407'
 
     // Add secure commons-lang3 to provide alternative to vulnerable commons-lang 2.6
-    implementation 'org.apache.commons:commons-lang3:3.18.0'
+    // Version 3.20.0 fixes CVE-2025-48924 (StackOverflowError in ClassUtils)
+    pluginLibs 'org.apache.commons:commons-lang3:3.20.0'
 
     pluginLibs group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.14'
     pluginLibs group: 'com.google.code.gson', name: 'gson', version:'2.10.1'
 
     testImplementation group: 'com.github.tomakehurst', name: 'wiremock-standalone', version:'2.23.2'
-    testImplementation group: 'junit', name: 'junit', version:'4.13.1'
+    testImplementation group: 'junit', name: 'junit', version:'4.13.2'
 
     testImplementation (
             'org.mockito:mockito-all:1.9.5',
@@ -60,22 +87,32 @@ dependencies {
 configurations.all {
     resolutionStrategy {
         // Replace vulnerable commons-lang with secure commons-lang3
+        // Version 3.18.0 fixes CVE-2025-48924 (StackOverflowError in ClassUtils)
         dependencySubstitution {
             substitute module('commons-lang:commons-lang') using module('org.apache.commons:commons-lang3:3.18.0')
         }
     }
 }
 
 
-// task to copy plugin libs to output/lib dir
-task copyToLib(type: Copy) {
-    into "$buildDir/output/lib"
-    from configurations.pluginLibs
+test {
+    useJUnit()
+
+    // Java 17+ module access for reflection/mocking
+    jvmArgs = [
+        '--add-opens=java.base/java.lang=ALL-UNNAMED',
+        '--add-opens=java.base/java.util=ALL-UNNAMED',
+        '--add-opens=java.base/java.lang.reflect=ALL-UNNAMED',
+        '--add-opens=java.base/java.net=ALL-UNNAMED'
+    ]
 }
 
-
 jar {
-    from "$buildDir/output"
+    // Include plugin dependencies in lib/ directory
+    into('lib') {
+        from configurations.pluginLibs
+    }
+
     manifest {
         def libList = configurations.pluginLibs.collect{'lib/'+it.name}.join(' ')
 
@@ -86,22 +123,22 @@ jar {
         attributes 'Rundeck-Plugin-Rundeck-Compatibility-Version': '3.x'
         attributes 'Rundeck-Plugin-Tags': 'java,WorkflowStep'
         attributes 'Rundeck-Plugin-License': 'Apache 2.0'
-        attributes 'Rundeck-Plugin-Source-Link': 'https://github.com/rundeck-plugins/http-notification'
+        attributes 'Rundeck-Plugin-Source-Link': 'https://github.com/rundeck-plugins/http-step'
         attributes 'Rundeck-Plugin-Target-Host-Compatibility': 'all'
         attributes 'Rundeck-Plugin-Version': rundeckPluginVersion
         attributes 'Rundeck-Plugin-Archive': 'true'
         attributes 'Rundeck-Plugin-Libs': "${libList}"
-
     }
-    dependsOn(copyToLib)
-
 }
 
-publishing {
-    publications {
-        maven(MavenPublication) {
-            artifactId = 'http-step'
-            from components.java
+nexusPublishing {
+    packageGroup = 'org.rundeck.plugins'
+    repositories {
+        sonatype {
+            nexusUrl.set(uri("https://ossrh-staging-api.central.sonatype.com/service/local/"))
+            snapshotRepositoryUrl.set(uri("https://central.sonatype.com/repository/maven-snapshots/"))
         }
     }
-}
+}
+
+apply from: "${rootDir}/gradle/publishing.gradle"

gradle/publishing.gradle

@@ -0,0 +1,86 @@
+/**
+ * Define project extension values in the project gradle file before including this file:
+ *
+ * publishName = 'Name of Package'
+ * publishDescription = 'description' (optional)
+ * githubSlug = Github slug e.g. 'rundeck/rundeck-cli'
+ * developers = [ [id:'id', name:'name', email: 'email' ] ] list of developers
+ *
+ * Define project properties to sign and publish when invoking publish task:
+ *
+ *     ./gradlew \
+ *     -PsigningKey="base64 encoded gpg key" \
+ *     -PsigningPassword="password for key" \
+ *     -PsonatypeUsername="sonatype token user" \
+ *     -PsonatypePassword="sonatype token password" \
+ *     publishToSonatype closeAndReleaseSonatypeStagingRepository
+ */
+apply plugin: 'maven-publish'
+apply plugin: 'signing'
+
+publishing {
+    publications {
+        "${project.name}"(MavenPublication) { publication ->
+            from components.java
+
+            pom {
+                name = publishName
+                description = project.ext.hasProperty('publishDescription') ? project.ext.publishDescription :
+                        project.description ?: publishName
+                url = "https://github.com/${githubSlug}"
+                licenses {
+                    license {
+                        name = 'The Apache Software License, Version 2.0'
+                        url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
+                        distribution = 'repo'
+                    }
+                }
+                scm {
+                    url = "https://github.com/${githubSlug}"
+                    connection = "scm:git:git@github.com/${githubSlug}.git"
+                    developerConnection = "scm:git:git@github.com:${githubSlug}.git"
+                }
+                if (project.ext.developers) {
+                    developers {
+                        project.ext.developers.each { dev ->
+                            developer {
+                                id = dev.id
+                                name = dev.name
+                                email = dev.email
+                            }
+                        }
+                    }
+                }
+            }
+
+        }
+    }
+    repositories {
+        def pkgcldWriteToken = System.getenv("PKGCLD_WRITE_TOKEN") ?: project.findProperty("pkgcldWriteToken")
+        if (pkgcldWriteToken) {
+            maven {
+                name = "PackageCloudTest"
+                url = uri("https://packagecloud.io/pagerduty/rundeckpro-test/maven2")
+                authentication {
+                    header(HttpHeaderAuthentication)
+                }
+                credentials(HttpHeaderCredentials) {
+                    name = "Authorization"
+                    value = "Bearer " + pkgcldWriteToken
+                }
+            }
+        }
+    }
+}
+def base64Decode = { String prop ->
+    project.findProperty(prop) ?
+            new String(Base64.getDecoder().decode(project.findProperty(prop).toString())).trim() :
+            null
+}
+
+if (project.hasProperty('signingKey') && project.hasProperty('signingPassword')) {
+    signing {
+        useInMemoryPgpKeys(base64Decode("signingKey"), project.signingPassword)
+        sign(publishing.publications)
+    }
+}

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists