Merge branch '5.8.x' into 6.0.x

buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java

@@ -21,50 +21,30 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
+import org.gradle.api.DefaultTask;
 import org.gradle.api.Plugin;
 import org.gradle.api.Project;
-import org.gradle.api.Task;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.ModuleVersionIdentifier;
+import org.gradle.api.plugins.JavaBasePlugin;
+import org.gradle.api.tasks.TaskAction;
 import org.gradle.api.tasks.TaskProvider;
 
 public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
 
 	@Override
 	public void apply(Project project) {
-		TaskProvider<Task> provider = project.getTasks().register("verifyDependenciesVersions", (verifyDependenciesVersionsTask) -> {
-			verifyDependenciesVersionsTask.setGroup("Verification");
-			verifyDependenciesVersionsTask.setDescription("Verify that specific dependencies are using the same version");
+		TaskProvider<VerifyDependenciesVersionsTask> verifyDependenciesVersionsTaskProvider = project.getTasks().register("verifyDependenciesVersions", VerifyDependenciesVersionsTask.class, (task) -> {
+			task.setGroup("Verification");
+			task.setDescription("Verify that specific dependencies are using the same version");
 			List<Configuration> allConfigurations = new ArrayList<>();
 			allConfigurations.addAll(getConfigurations(project));
 			allConfigurations.addAll(getSubprojectsConfigurations(project.getSubprojects()));
-			verifyDependenciesVersionsTask.getInputs().property("dependenciesVersions", new DependencySupplier(allConfigurations));
-			verifyDependenciesVersionsTask.doLast((task) -> {
-				DependencySupplier dependencies = (DependencySupplier) task.getInputs().getProperties().get("dependenciesVersions");
-				Map<String, List<Artifact>> artifacts = dependencies.get();
-				List<Artifact> oauth2OidcSdk = artifacts.get("oauth2-oidc-sdk");
-				List<Artifact> nimbusJoseJwt = artifacts.get("nimbus-jose-jwt");
-				if (oauth2OidcSdk.size() > 1) {
-					throw new IllegalStateException("Found multiple versions of oauth2-oidc-sdk: " + oauth2OidcSdk);
-				}
-				Artifact oauth2OidcSdkArtifact = oauth2OidcSdk.get(0);
-				String nimbusJoseJwtVersion = TransitiveDependencyLookupUtils.lookupJwtVersion(oauth2OidcSdkArtifact.version());
-				List<Artifact> differentVersions = nimbusJoseJwt.stream()
-						.filter((artifact) -> !artifact.version().equals(nimbusJoseJwtVersion))
-						.filter((artifact -> !artifact.configurationName().contains("spring-security-cas"))) // CAS uses a different version
-						.toList();
-				if (!differentVersions.isEmpty()) {
-					String message = "Found transitive nimbus-jose-jwt version [" + nimbusJoseJwtVersion + "] in oauth2-oidc-sdk " + oauth2OidcSdkArtifact
-							+ ", but the project contains a different version of nimbus-jose-jwt " + differentVersions
-							+ ". Please align the versions of nimbus-jose-jwt.";
-					throw new IllegalStateException(message);
-				}
-			});
+			task.setConfigurations(allConfigurations);
 		});
-		project.getTasks().getByName("build").dependsOn(provider);
+		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(verifyDependenciesVersionsTaskProvider));
 	}
 
 	private List<Configuration> getConfigurations(Project project) {
@@ -86,20 +66,34 @@ public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
 		return subprojectConfigurations;
 	}
 
-	private record Artifact(String name, String version, String configurationName) {
-	}
+	public static class VerifyDependenciesVersionsTask extends DefaultTask {
 
-	private static final class DependencySupplier implements Supplier<Map<String, List<Artifact>>> {
+		private List<Configuration> configurations;
 
-		private final List<Configuration> configurations;
-
-		private DependencySupplier(List<Configuration> configurations) {
+		public void setConfigurations(List<Configuration> configurations) {
 			this.configurations = configurations;
 		}
 
-		@Override
-		public Map<String, List<Artifact>> get() {
-			return getDependencies(this.configurations);
+		@TaskAction
+		public void verify() {
+			Map<String, List<Artifact>> artifacts = getDependencies(this.configurations);
+			List<Artifact> oauth2OidcSdk = artifacts.get("oauth2-oidc-sdk");
+			List<Artifact> nimbusJoseJwt = artifacts.get("nimbus-jose-jwt");
+			if (oauth2OidcSdk.size() > 1) {
+				throw new IllegalStateException("Found multiple versions of oauth2-oidc-sdk: " + oauth2OidcSdk);
+			}
+			Artifact oauth2OidcSdkArtifact = oauth2OidcSdk.get(0);
+			String nimbusJoseJwtVersion = TransitiveDependencyLookupUtils.lookupJwtVersion(oauth2OidcSdkArtifact.version());
+			List<Artifact> differentVersions = nimbusJoseJwt.stream()
+					.filter((artifact) -> !artifact.version().equals(nimbusJoseJwtVersion))
+					.filter((artifact -> !artifact.configurationName().contains("spring-security-cas"))) // CAS uses a different version
+					.toList();
+			if (!differentVersions.isEmpty()) {
+				String message = "Found transitive nimbus-jose-jwt version [" + nimbusJoseJwtVersion + "] in oauth2-oidc-sdk " + oauth2OidcSdkArtifact
+						+ ", but the project contains a different version of nimbus-jose-jwt " + differentVersions
+						+ ". Please align the versions of nimbus-jose-jwt.";
+				throw new IllegalStateException(message);
+			}
 		}
 
 		private Map<String, List<Artifact>> getDependencies(List<Configuration> configurations) {
@@ -113,6 +107,10 @@ public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
 					.distinct()
 					.collect(Collectors.groupingBy(Artifact::name));
 		}
+
+	}
+
+	private record Artifact(String name, String version, String configurationName) {
 	}
 
 }