diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index cd6f9e90298..65ef0c1b5e1 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -10,7 +10,7 @@ guava = "31.1-jre"
jdom2 = "2.0.6.1"
kotlinx-serialization = "1.5.0"
shadow = "8.1.1" # Should be in sync with version in kotlin-native/
-spdx = "0.1.0-dev-10"
+spdx = "0.7.0"
proguard = "7.4.2"
ktor = "2.3.7"
kotlinx-metadataJvm = "0.7.0"
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 0c82be82e6a..4db3977f789 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -121,12 +121,6 @@
-
-
-
-
-
-
@@ -541,12 +535,6 @@
-
-
-
-
-
-
@@ -559,6 +547,12 @@
+
+
+
+
+
+
@@ -577,12 +571,6 @@
-
-
-
-
-
-
@@ -595,6 +583,12 @@
+
+
+
+
+
+
@@ -613,12 +607,6 @@
-
-
-
-
-
-
@@ -631,28 +619,34 @@
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
@@ -673,12 +667,6 @@
-
-
-
-
-
-
@@ -691,6 +679,12 @@
+
+
+
+
+
+
@@ -865,6 +859,12 @@
+
+
+
+
+
+
@@ -883,6 +883,12 @@
+
+
+
+
+
+
@@ -907,6 +913,12 @@
+
+
+
+
+
+
@@ -919,12 +931,6 @@
-
-
-
-
-
-
@@ -2717,12 +2723,6 @@
-
-
-
-
-
-
@@ -2753,10 +2753,10 @@
-
-
-
-
+
+
+
+
@@ -2777,10 +2777,10 @@
-
-
-
-
+
+
+
+
@@ -2789,12 +2789,6 @@
-
-
-
-
-
-
@@ -2825,10 +2819,10 @@
-
-
-
-
+
+
+
+
@@ -2843,10 +2837,10 @@
-
-
-
-
+
+
+
+
@@ -2855,12 +2849,6 @@
-
-
-
-
-
-
@@ -2897,12 +2885,6 @@
-
-
-
-
-
-
@@ -2915,12 +2897,6 @@
-
-
-
-
-
-
@@ -2933,24 +2909,12 @@
-
-
-
-
-
-
-
-
-
-
-
-
@@ -2963,12 +2927,6 @@
-
-
-
-
-
-
@@ -2993,24 +2951,12 @@
-
-
-
-
-
-
-
-
-
-
-
-
@@ -3023,12 +2969,6 @@
-
-
-
-
-
-
@@ -3065,12 +3005,6 @@
-
-
-
-
-
-
@@ -3203,6 +3137,12 @@
+
+
+
+
+
+
@@ -3515,6 +3455,12 @@
+
+
+
+
+
+
@@ -4435,10 +4381,10 @@
-
-
-
-
+
+
+
+
@@ -4911,10 +4857,10 @@
-
-
-
-
+
+
+
+
@@ -4941,22 +4887,22 @@
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
+
@@ -4995,10 +4941,10 @@
-
-
-
-
+
+
+
+
diff --git a/kotlin-native/build.gradle b/kotlin-native/build.gradle
index 7af2548bcba..f7af8aada78 100644
--- a/kotlin-native/build.gradle
+++ b/kotlin-native/build.gradle
@@ -492,7 +492,7 @@ def sbomBundleRegular = SbomKt.configureSbom(project, "BundleRegular", "Kotlin/N
def sbomBundleRegularForPublish = tasks.register("sbomBundleRegularForPublish", Copy) {
dependsOn(sbomBundleRegular)
destinationDir = file("$buildDir/spdx/regular")
- from(sbomBundleRegular.map { it.outputDirectory.file("BundleRegular.spdx.json") }) {
+ from(sbomBundleRegular) {
rename(".*", "kotlin-native-${HostManager.platformName()}-${kotlinVersion}.spdx.json")
}
}
@@ -520,7 +520,7 @@ def sbomBundlePrebuilt = SbomKt.configureSbom(project,
def sbomBundlePrebuiltForPublish = tasks.register("sbomBundlePrebuiltForPublish", Copy) {
dependsOn(sbomBundlePrebuilt)
destinationDir = file("$buildDir/spdx/prebuilt")
- from(sbomBundlePrebuilt.map { it.outputDirectory.file("BundlePrebuilt.spdx.json") }) {
+ from(sbomBundlePrebuilt) {
rename(".*", "kotlin-native-prebuilt-${HostManager.platformName()}-${kotlinVersion}.spdx.json")
}
}
@@ -806,7 +806,7 @@ publishing {
classifier = HostManager.platformName()
extension = (PlatformInfo.isWindows()) ? 'zip' : 'tar.gz'
}
- mvn.artifact(sbomBundleRegular.map { it.outputDirectory.file("BundleRegular.spdx.json") }) {
+ mvn.artifact(sbomBundleRegular) {
classifier = HostManager.platformName()
extension = "spdx.json"
}
@@ -847,7 +847,7 @@ publishing {
classifier = HostManager.platformName()
extension = (PlatformInfo.isWindows()) ? 'zip' : 'tar.gz'
}
- mvn.artifact(sbomBundlePrebuilt.map { it.outputDirectory.file("BundlePrebuilt.spdx.json") }) {
+ mvn.artifact(sbomBundlePrebuilt) {
classifier = HostManager.platformName()
extension = "spdx.json"
}
diff --git a/prepare/compiler/build.gradle.kts b/prepare/compiler/build.gradle.kts
index a76514b951d..057ce94ed46 100644
--- a/prepare/compiler/build.gradle.kts
+++ b/prepare/compiler/build.gradle.kts
@@ -452,7 +452,7 @@ distTask("dist") {
from(buildNumber)
from(distStdlibMinimalForTests)
- from(distSbomTask.map { it.outputDirectory.file("Dist.spdx.json") }) {
+ from(distSbomTask) {
rename(".*", "${project.name}-${project.version}.spdx.json")
}
}
diff --git a/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/GradleCommon.kt b/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/GradleCommon.kt
index 2a90b0dc9a6..0c5833ea5b9 100644
--- a/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/GradleCommon.kt
+++ b/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/GradleCommon.kt
@@ -81,16 +81,15 @@ fun Project.configureCommonPublicationSettingsForGradle(
.configureEach {
configureKotlinPomAttributes(project)
if (sbom && project.name !in internalPlugins) {
- val buildDirectory = project.layout.buildDirectory
if (name == "pluginMaven") {
val sbomTask = configureSbom(target = "PluginMaven")
- artifact(buildDirectory.file("spdx/PluginMaven/PluginMaven.spdx.json")) {
+ artifact(sbomTask) {
extension = "spdx.json"
builtBy(sbomTask)
}
} else if (name == "Main") {
val sbomTask = configureSbom()
- artifact(buildDirectory.file("spdx/MainPublication/MainPublication.spdx.json")) {
+ artifact(sbomTask) {
extension = "spdx.json"
builtBy(sbomTask)
}
diff --git a/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/sbom.kt b/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/sbom.kt
index 379965d2541..9265e84a2ca 100644
--- a/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/sbom.kt
+++ b/repo/gradle-build-conventions/buildsrc-compat/src/main/kotlin/sbom.kt
@@ -60,17 +60,14 @@ fun Project.configureSbom(
})
}
- val sbomOutputDirectory = layout.buildDirectory.dir("spdx/$targetName")
val spdxSbomTask = tasks.named("spdxSbomFor$targetName") {
- outputDirectory.set(sbomOutputDirectory)
}
- val sbomFile = sbomOutputDirectory.map { it.file("$targetName.spdx.json") }
val sbomCfg = configurations.maybeCreate("sbomFor$targetName").apply {
isCanBeResolved = false
isCanBeConsumed = true
}
- val sbomArtifact = artifacts.add(sbomCfg.name, sbomFile) {
+ val sbomArtifact = artifacts.add(sbomCfg.name, spdxSbomTask) {
type = "sbom"
extension = "spdx.json"
builtBy(spdxSbomTask)