Align package versions to Renovate changes in Core#616
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the Gradle version catalog to align dependency/plugin versions with Renovate-driven changes from Core, ensuring this repo pulls the same upstream component versions.
Changes:
- Bump Groovy from 4.0.30 to 4.0.32
- Update several build/runtime dependencies (Axion Release plugin, Jackson Databind, Byte Buddy)
- Switch Rundeck dependency from
6.0.0-alpha1-20260407to6.1.0-SNAPSHOT
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The Get RPM Version step used sed 's/-/./' which only replaces the first
dash, while build.gradle names packages with replaceAll('-', '.'). On
branches whose axion version contains multiple dashes (e.g.
2.1.2-renovate-alignment-SNAPSHOT) the computed path no longer matched the
built .deb/.rpm, so upload-artifact found no files and the install-test
jobs failed to download the artifacts. Use the global sed flag so the
version matches the packaged filenames.
Add if-no-files-found: error to the release artifact upload steps so a version/path mismatch fails the build job loudly instead of silently uploading nothing and breaking the downstream install-test jobs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release Notes
Updated the Rundeck CLI's build dependencies and plugins to match the versions managed by Renovate in Rundeck Core, keeping the CLI in step with Core (now tracking the 6.1 line) and incorporating routine maintenance updates to its underlying libraries.
PR Details
Version alignment (
gradle/libs.versions.toml)Aligns the version catalog with Renovate-driven changes in Core:
4.0.30→4.0.321.15.5→1.21.22.21.2→2.22.01.15.11→1.18.106.0.0-alpha1-20260407→6.1.0-SNAPSHOTDependency verification updates (
gradle/verification-metadata.xml)The version bumps required regenerating Gradle's dependency verification metadata. While doing so, the verification policy was tuned to eliminate recurring, non-security-related build breakage:
strictmode.org.rundeck*-SNAPSHOTartifacts. Core snapshots are republished with a new checksum on every build, so pinning them is inherently fragile and caused repeated failures; they're now trusted via their source repository instead of a pinned checksum..module) files served by the plugin classpath repository (junit-bom,spring-framework-bom,groovy-bom, Jackson BOMs) are captured — fixing strict-verification failures that only surface on fresh CI environments.Verification
./gradlew build --dependency-verification strictpasses against a clean Gradle user home, reproducing CI conditions.