Backport of #21.

Here's a (rather contrived) example:

repositories {
	mavenCentral()
}

configurations {
	loader
}

dependencies {
	loader platform("org.springframework.session:spring-session-bom:Bean-SR1")
	loader "org.springframework.boot:spring-boot-loader:2.1.0.RELEASE"
}

task resolveLoaderJar {
	doLast {
		println configurations.loader.files
		println configurations.loader.singleFile
	}
}

If you run resolveLoaderJar with Gradle 5.0 it will fail:

$ ./gradlew resolveLoaderJar

> Task :resolveLoaderJar FAILED
[/Users/awilkinson/.gradle/caches/modules-2/files-2.1/org.springframework.session/spring-session-bom/Bean-SR1/ca5b7eae6cc4fc4e77b159ddd89fa44644f5c38d/spring-session-bom-Bean-SR1.jar, /Users/awilkinson/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-loader/2.1.0.RELEASE/e487a0f91576e79a686dde29c7c34b6cfdd44496/spring-boot-loader-2.1.0.RELEASE.jar]

FAILURE: Build failed with an exception.

* Where:
Build file '/Users/awilkinson/dev/temp/enforced-platform-pollution/build.gradle' line: 17

* What went wrong:
Execution failed for task ':resolveLoaderJar'.
> Expected configuration ':loader' to contain exactly one file, however, it contains more than one file.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 0s
1 actionable task: 1 executed

The bom's jar artifact has resulted in the loader configuration being polluted with a jar file that the author of a build should not have to care about. I don't think the jar serves any purpose so would it be possible to stop publishing it?

A workaround is to filter the configuration:

task resolveLoaderJar {
	doLast {
		println configurations.loader.files
		println configurations.loader.filter{it.name.startsWith("spring-boot-loader-")}.singleFile
	}
}

Update the Spring Session Module Versions

/cc @gregturn

/cc @jxblum - current plan is to have Bean-RELEASE on October 12th.

Superseeded by #22.

We should leverage deploy artifacts which will conditionally deploy to artifactory or maven central depending on if it is a release or not

See https://github.com/spring-projects/spring-session/blob/4eb64e81404f6f081fbdbea54ded7567620632e7/Jenkinsfile#L43-L59

We should validate that Spring Session Data Geode can be added to the BOM w/ Boot and/or Platform Team. If we get the go ahead from the appropriate team(s) we should add it

Backport of #20.

We should let the Boot team know that we have a bom and submit a ticket for them to use it

For Spring Session BOM Bean.

SSDG 2.1.4.RELEASE will be available immediately after the SD Lovelace-SR9 release is made available.

For Spring Session BOM Corn.

SSDG 2.2.0.M2 will be available immediately after the SD Moore-RC1 release is made available.

The BOM published to Maven Central has a different set of customizations applied (including missing package type) vs the snapshot BOM published to Artifactory:

https://repo1.maven.org/maven2/org/springframework/session/spring-session-bom/Apple-RELEASE/spring-session-bom-Apple-RELEASE.pom

https://repo.spring.io/libs-snapshot-local/org/springframework/session/spring-session-bom/Apple-BUILD-SNAPSHOT/spring-session-bom-Apple-BUILD-SNAPSHOT.pom