Cross-build to sbt 2

.github/workflows/ci.yml

@@ -23,11 +23,15 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        scala: [2.12.21]
-        java: [temurin@8, temurin@11, temurin@17]
+        scala: [2.12.21, 3.8.2]
+        java: [temurin@17, temurin@11, temurin@8]
         exclude:
           - java: temurin@8
             os: macos-latest
+          - scala: 3.8.2
+            java: temurin@8
+          - scala: 3.8.2
+            java: temurin@11
     runs-on: ${{ matrix.os }}
     steps:
       - name: Ignore line ending differences in git
@@ -48,12 +52,12 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Setup Java (temurin@8)
-        if: matrix.java == 'temurin@8'
+      - name: Setup Java (temurin@17)
+        if: matrix.java == 'temurin@17'
         uses: actions/setup-java@v5
         with:
           distribution: temurin
-          java-version: 8
+          java-version: 17
           cache: sbt
 
       - name: Setup Java (temurin@11)
@@ -64,12 +68,12 @@ jobs:
           java-version: 11
           cache: sbt
 
-      - name: Setup Java (temurin@17)
-        if: matrix.java == 'temurin@17'
+      - name: Setup Java (temurin@8)
+        if: matrix.java == 'temurin@8'
         uses: actions/setup-java@v5
         with:
           distribution: temurin
-          java-version: 17
+          java-version: 8
           cache: sbt
 
       - name: Setup sbt
@@ -86,16 +90,6 @@ jobs:
       - shell: bash
         run: sbt '++ ${{ matrix.scala }}' test scripted
 
-      - name: Compress target directories
-        shell: bash
-        run: tar cf targets.tar target project/target
-
-      - name: Upload target directories
-        uses: actions/upload-artifact@v5
-        with:
-          name: target-${{ matrix.os }}-${{ matrix.scala }}-${{ matrix.java }}
-          path: targets.tar
-
   publish:
     name: Publish Artifacts
     needs: [build]
@@ -104,7 +98,7 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         scala: [2.12.21]
-        java: [temurin@8]
+        java: [temurin@17]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Ignore line ending differences in git
@@ -124,12 +118,12 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Setup Java (temurin@8)
-        if: matrix.java == 'temurin@8'
+      - name: Setup Java (temurin@17)
+        if: matrix.java == 'temurin@17'
         uses: actions/setup-java@v5
         with:
           distribution: temurin
-          java-version: 8
+          java-version: 17
           cache: sbt
 
       - name: Setup Java (temurin@11)
@@ -140,27 +134,17 @@ jobs:
           java-version: 11
           cache: sbt
 
-      - name: Setup Java (temurin@17)
-        if: matrix.java == 'temurin@17'
+      - name: Setup Java (temurin@8)
+        if: matrix.java == 'temurin@8'
         uses: actions/setup-java@v5
         with:
           distribution: temurin
-          java-version: 17
+          java-version: 8
           cache: sbt
 
       - name: Setup sbt
         uses: sbt/setup-sbt@v1
 
-      - name: Download target directories (2.12.21)
-        uses: actions/download-artifact@v6
-        with:
-          name: target-${{ matrix.os }}-2.12.21-${{ matrix.java }}
-
-      - name: Inflate target directories (2.12.21)
-        run: |
-          tar xf targets.tar
-          rm targets.tar
-
       - name: Publish project
         env:
           PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}

build.sbt

@@ -6,21 +6,31 @@ ThisBuild / organization := Organization.organization
 ThisBuild / organizationName := Organization.organizationName
 ThisBuild / organizationHomepage := Organization.organizationHomepage
 val scala212 = "2.12.21"
+val scala3 = "3.8.2"
 ThisBuild / scalaVersion := scala212
-ThisBuild / crossScalaVersions := Seq(scala212)
+ThisBuild / crossScalaVersions := Seq(scala212, scala3)
 ThisBuild / homepage := Project.homepage
 ThisBuild / developers := Project.developers
 ThisBuild / licenses := Project.licenses
 ThisBuild / scmInfo := Project.scmInfo
 ThisBuild / description := Project.description
 
 lazy val root = (project in file("."))
-  .enablePlugins(ScriptedPlugin, BuildInfoPlugin)
+  .enablePlugins(SbtPlugin, ScriptedPlugin, BuildInfoPlugin)
   .settings(
     name := "sbt-sbom",
-    sbtPlugin := true,
     libraryDependencies ++= Dependencies.library,
+    // Explicit Maven artifact IDs so sbt 1.6 scripted resolution requests
+    // sbt2-compat_2.12_1.0-0.1.0.pom (addSbtPlugin can request sbt2-compat-0.1.0.pom, which 404s).
+    libraryDependencies += (scalaBinaryVersion.value match {
+      case "2.12" => "com.github.sbt" % "sbt2-compat_2.12_1.0" % "0.1.0"
+      case _      => "com.github.sbt" % "sbt2-compat_sbt2_3"   % "0.1.0"
+    }),
     buildInfoPackage := "com.github.sbt.sbom",
+    (pluginCrossBuild / sbtVersion) := (scalaBinaryVersion.value match {
+      case "2.12" => "1.10.7"
+      case _      => "2.0.0-RC11"
+    }),
     scriptedLaunchOpts := {
       scriptedLaunchOpts.value ++ Seq(
         "-Xmx1024M",
@@ -29,7 +39,10 @@ lazy val root = (project in file("."))
       )
     },
     scriptedBufferLog := false,
-    scriptedSbt := "1.6.0",
+    scriptedSbt := (scalaBinaryVersion.value match {
+      case "2.12" => "1.6.0"
+      case _      => "2.0.0-RC11"
+    }),
   )
 
 ThisBuild / pomIncludeRepository := { _ =>
@@ -43,6 +56,8 @@ ThisBuild / githubWorkflowBuildPreamble := Seq(
 
 ThisBuild / githubWorkflowBuild := Seq(WorkflowStep.Sbt(List("test", "scripted")))
 
+ThisBuild / githubWorkflowArtifactUpload := false
+
 ThisBuild / githubWorkflowTargetTags ++= Seq("v*")
 ThisBuild / githubWorkflowPublishTargetBranches :=
   Seq(
@@ -65,20 +80,30 @@ ThisBuild / githubWorkflowPublish := Seq(
 ThisBuild / githubWorkflowOSes := Seq("ubuntu-latest", "macos-latest", "windows-latest")
 
 ThisBuild / githubWorkflowJavaVersions := Seq(
-  JavaSpec.temurin("8"),
+  // Java 17 first: publish job uses the head of this list when downloading staged artifacts; sbt 2 (Scala 3 axis) needs 17+.
+  JavaSpec.temurin("17"),
   JavaSpec.temurin("11"),
-  JavaSpec.temurin("17")
+  JavaSpec.temurin("8")
+)
+
+ThisBuild / githubWorkflowBuildMatrixExclusions ++= Seq(
+  MatrixExclude(Map("java" -> "temurin@8", "os" -> "macos-latest")),
+  MatrixExclude(Map("scala" -> scala3, "java" -> "temurin@8")),
+  MatrixExclude(Map("scala" -> scala3, "java" -> "temurin@11"))
 )
 
-ThisBuild / githubWorkflowBuildMatrixExclusions += MatrixExclude(Map("java" -> "temurin@8", "os" -> "macos-latest"))
+ThisBuild / githubWorkflowScalaVersions := Seq(scala212, scala3)
 
 // scalafix specific settings
 inThisBuild(
   List(
     semanticdbEnabled := true,
     semanticdbVersion := scalafixSemanticdb.revision,
-    scalacOptions ++= Seq(
-      "-Ywarn-unused"
-    )
+    scalacOptions ++= {
+      scalaBinaryVersion.value match {
+        case "2.12" => Seq("-Ywarn-unused")
+        case _      => Seq("-Wunused:all")
+      }
+    }
   )
 )

src/main/scala-2.12/com/github/sbt/sbom/PluginCompat.scala

@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: The sbt-sbom team
+//
+// SPDX-License-Identifier: MIT
+
+package com.github.sbt.sbom
+
+import sbt.librarymanagement.Configurations
+
+private[sbt] object PluginCompat {
+  val integrationTest: sbt.Configuration = Configurations.IntegrationTest
+}

src/main/scala-3/com/github/sbt/sbom/PluginCompat.scala

@@ -0,0 +1,19 @@
+// SPDX-FileCopyrightText: The sbt-sbom team
+//
+// SPDX-License-Identifier: MIT
+
+package com.github.sbt.sbom
+
+import sbt.*
+
+private[sbt] object PluginCompat {
+  val integrationTest: Configuration =
+    Configuration.of(
+      "IntegrationTest",
+      "it",
+      "Integration tests",
+      false,
+      Vector(Runtime),
+      true
+    )
+}

src/main/scala/com/github/sbt/sbom/BomExtractor.scala

@@ -101,8 +101,8 @@ class BomExtractor(settings: BomExtractorParams, report: UpdateReport, rootModul
     configuration match {
       case Test =>
         Seq(Test, Runtime, Compile)
-      case IntegrationTest =>
-        Seq(IntegrationTest, Runtime, Compile)
+      case cfg if cfg == PluginCompat.integrationTest =>
+        Seq(PluginCompat.integrationTest, Runtime, Compile)
       case Runtime =>
         Seq(Runtime, Compile)
       case Compile =>

src/main/scala/com/github/sbt/sbom/BomSbtPlugin.scala

@@ -7,8 +7,10 @@ package com.github.sbt.sbom
 import com.github.sbt.sbom.PluginConstants.*
 import org.cyclonedx.model.Component
 import sbt.*
-import sbt.Keys.{ artifact, configuration, packagedArtifacts, version }
+import sbt.Keys.{ artifact, configuration, fileConverter, packagedArtifacts, version }
 import sbt.plugins.JvmPlugin
+import sbtcompat.PluginCompat.*
+import xsbti.FileConverter
 
 import scala.language.postfixOps
 
@@ -63,6 +65,12 @@ object BomSbtPlugin extends AutoPlugin {
     lazy val bomOutputPath: SettingKey[String] = settingKey[String](
       "Output path of the created BOM file. BOM File will be placed in target/ directory by default"
     )
+
+    /**
+     * Integration-test configuration. On sbt 2.x, `IntegrationTest` was removed from the sbt API; use this config
+     * instead of `IntegrationTest` from sbt to avoid ambiguous imports when cross-building or running on sbt 1.
+     */
+    lazy val SbomIntegrationTest: Configuration = PluginCompat.integrationTest
   }
 
   import autoImport.*
@@ -85,28 +93,39 @@ object BomSbtPlugin extends AutoPlugin {
       enableBomSha3Hashes := true,
       includeBomExternalReferences := true,
       includeBomDependencyTree := true,
-      makeBom := Def.taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, Compile)).value,
-      listBom := Def.taskDyn(BomSbtSettings.listBomTask(Classpaths.updateTask.value, Compile)).value,
-      Test / makeBom := Def.taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, Test)).value,
-      Provided / makeBom := Def.taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, Provided)).value,
-      Test / listBom := Def.taskDyn(BomSbtSettings.listBomTask(Classpaths.updateTask.value, Test)).value,
-      IntegrationTest / makeBom := Def
-        .taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, IntegrationTest))
-        .value,
-      IntegrationTest / listBom := Def
-        .taskDyn(BomSbtSettings.listBomTask(Classpaths.updateTask.value, IntegrationTest))
-        .value,
-      bomConfigurations := Def.taskDyn(BomSbtSettings.bomConfigurationTask((configuration ?).value)).value,
+      makeBom := Def.uncached(Def.taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, Compile)).value),
+      listBom := Def.uncached(Def.taskDyn(BomSbtSettings.listBomTask(Classpaths.updateTask.value, Compile)).value),
+      Test / makeBom := Def.uncached(Def.taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, Test)).value),
+      Provided / makeBom := Def.uncached(
+        Def.taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, Provided)).value
+      ),
+      Test / listBom := Def.uncached(Def.taskDyn(BomSbtSettings.listBomTask(Classpaths.updateTask.value, Test)).value),
+      SbomIntegrationTest / makeBom := Def.uncached(
+        Def
+          .taskDyn(BomSbtSettings.makeBomTask(Classpaths.updateTask.value, SbomIntegrationTest))
+          .value
+      ),
+      SbomIntegrationTest / listBom := Def.uncached(
+        Def
+          .taskDyn(BomSbtSettings.listBomTask(Classpaths.updateTask.value, SbomIntegrationTest))
+          .value
+      ),
+      bomConfigurations := Def.uncached(
+        Def.taskDyn(BomSbtSettings.bomConfigurationTask((configuration ?).value)).value
+      ),
       projectType := "library",
       bomOutputPath := "",
-      packagedArtifacts += {
-        Artifact(
-          artifact.value.name,
-          "cyclonedx",
-          BomFormat.fromSettings(bomFormat.?.value, None, bomSchemaVersion.value).string,
-          "cyclonedx"
-        ) -> makeBom.value
-      },
+      packagedArtifacts := Def.uncached({
+        implicit val conv: FileConverter = fileConverter.value
+        packagedArtifacts.value + (
+          Artifact(
+            artifact.value.name,
+            "cyclonedx",
+            BomFormat.fromSettings(bomFormat.?.value, None, bomSchemaVersion.value).string,
+            "cyclonedx"
+          ) -> toFileRef(makeBom.value)
+        )
+      }),
     )
   }
 }

src/main/scala/com/github/sbt/sbom/BomSbtSettings.scala

@@ -6,7 +6,7 @@ package com.github.sbt.sbom
 
 import com.github.sbt.sbom.BomSbtPlugin.autoImport.*
 import sbt.*
-import sbt.Keys.{ projectID, sLog, scalaBinaryVersion, scalaVersion, target }
+import sbt.Keys.{ baseDirectory, projectID, sLog, scalaBinaryVersion, scalaVersion }
 
 object BomSbtSettings {
   def makeBomTask(report: UpdateReport, currentConfiguration: Configuration): Def.Initialize[Task[sbt.File]] =
@@ -18,7 +18,7 @@ object BomSbtSettings {
       )
 
       val outputPath = if (bomOutputPath.value.isEmpty) {
-        target.value
+        baseDirectory.value / "target"
       } else {
         sbt.file(bomOutputPath.value)
       }
@@ -74,7 +74,8 @@ object BomSbtSettings {
           includeBomExternalReferences.value,
           includeBomDependencyTree.value,
           projType,
-          sbt.file(bomOutputPath.value)
+          if (bomOutputPath.value.isEmpty) baseDirectory.value / "target"
+          else sbt.file(bomOutputPath.value)
         )
       ).execute
     }
@@ -93,8 +94,8 @@ object BomSbtSettings {
       usedConfiguration match {
         case Test =>
           Seq(Test, Runtime, Compile)
-        case IntegrationTest =>
-          Seq(IntegrationTest, Runtime, Compile)
+        case cfg if cfg == PluginCompat.integrationTest =>
+          Seq(PluginCompat.integrationTest, Runtime, Compile)
         case Runtime =>
           Seq(Runtime, Compile)
         case Compile =>