ci: audit and update GitHub Actions to ASF-approved versions Pin every external GitHub Action to a full commit SHA from the ASF approved actions allow-list, with a trailing comment naming the version it resolves to. Mirrors the grails-core audit in apache/grails-core#15690. - actions/checkout -> de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (was v4, v5) - actions/setup-java -> be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 (was v4, v5) - gradle/actions/setup-gradle -> 50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 (was 0723195856401067f7a2779048b490ace7a47d7c # v5.0.2) - actions/upload-artifact -> 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 (was 50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0) - release-drafter/release-drafter -> e1247478eabc9f6d9cf5ec2b3547469b0e1d2767 # v7.3.1 (was 6a93d829887aa2e0748befe2e808c66c0ec6e4c7 # v6.4.0) - softprops/action-gh-release -> b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 (was 153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1) Add cache-provider: basic to all 7 setup-gradle steps so caching stays on the MIT-licensed provider rather than the proprietary enhanced provider introduced in gradle/actions v6 (Gradle commercial Terms of Use). First-party apache/grails-github-actions/* and local ./.github/actions/* references are intentionally left unchanged. Assisted-by: claude-code:claude-4.8-opus
See documentation for detailed information.
To build this project from source, first bootstrap gradle:
cd gradle-bootstrap gradle cd -
After bootstrap the project, you can build it with the command:
./gradlew build
To run the build only, and skip the tests, run:
./gradlew build -PskipTests
Then publish the jar files to mavenLocal for usage:
./gradlew publishToMavenLocal
7.0.x compatible with Grails 76.0.x compatible with Grails 65.0.x compatible with Grails 54.0.x compatible with Grails 43.3.x compatible with Grails 3.3.x3.2.x compatible with Grails 3.2.xThe plugin automatically excludes 7 Spring Boot security auto-configuration classes that conflict with the Grails Spring Security plugin. No manual spring.autoconfigure.exclude entries are needed.
To disable this automatic exclusion (e.g. if you want to use Spring Boot's security auto-configuration directly), add the following to application.yml:
grails: plugin: springsecurity: excludeSpringSecurityAutoConfiguration: false
If you are on an older version of the plugin that does not support automatic exclusion, you can manually exclude the conflicting classes:
spring: autoconfigure: exclude: - org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration - org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfiguration - org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration - org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration - org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientAutoConfiguration - org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration - org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration