Fixing matrix failures for Java17

Author: krmahadevan

.github/workflows/test.yml

@@ -56,7 +56,9 @@ jobs:
       - name: Set up Java 21 and ${{ matrix.non_ea_java_version }}, ${{ matrix.java_distribution }}
         uses: actions/setup-java@v4
         with:
-          # The latest one will be the default, so we use Java 21 for launching Gradle
+          # Install multiple Java versions:
+          # - Test version (11, 17, 21, or 24/25): Used to run TestNG tests
+          # - Java 21: Default for running Gradle, building TestNG, and compiling build-logic (the last one in the list becomes default)
           java-version: |
             ${{ matrix.non_ea_java_version }}
             21
@@ -83,7 +85,7 @@ jobs:
           properties: |
             testng.test.extra.jvmargs=${{ matrix.testExtraJvmArgs }}
             testDisableCaching=${{ matrix.testDisableCaching }}
-            jdkBuildVersion=17
+            jdkBuildVersion=21
             jdkTestVersion=${{ matrix.java_version }}
             jdkTestVendor=${{ matrix.java_vendor }}
             # We provision JDKs with GitHub Actions for caching purposes, so Gradle should rather fail in case JDK is not found

build-logic-commons/gradle-plugin/build.gradle.kts

@@ -15,8 +15,8 @@ dependencies {
 }
 
 // We need to figure out a version that is supported by the current JVM, and by the Kotlin Gradle plugin
-// So we settle on 17 or 11 if the current JVM supports it
-listOf(17, 11)
+// We use Java 21 (our build JDK) or fall back to 11 (our target compatibility) if running on an older JVM
+listOf(21, 11)
     .firstOrNull { JavaVersion.toVersion(it) <= JavaVersion.current() }
     ?.let { buildScriptJvmTarget ->
         java {

build-logic-commons/gradle-plugin/src/main/kotlin/build-logic.kotlin-dsl-gradle-plugin.gradle.kts

@@ -9,8 +9,8 @@ tasks.validatePlugins {
 }
 
 // We need to figure out a version that is supported by the current JVM, and by the Kotlin Gradle plugin
-// So we settle on 17 or 11 if the current JVM supports it
-listOf(17, 11)
+// We use Java 21 (our build JDK) or fall back to 11 (our target compatibility) if running on an older JVM
+listOf(21, 11)
     .firstOrNull { JavaVersion.toVersion(it) <= JavaVersion.current() }
     ?.let { buildScriptJvmTarget ->
         java {

build-logic/jvm/build.gradle.kts

@@ -7,5 +7,5 @@ dependencies {
     api(projects.basics)
     api(projects.codeQuality)
     api("com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin:1.90")
-    api("org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:1.6.21")
+    api("org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.3.0")
 }

build-logic/jvm/src/main/kotlin/testng.kotlin-library.gradle.kts

@@ -6,15 +6,15 @@ plugins {
 }
 
 dependencies {
-    testImplementation(platform("org.jetbrains.kotlin:kotlin-bom:1.6.20"))
+    testImplementation(platform("org.jetbrains.kotlin:kotlin-bom:2.3.0"))
     testImplementation("org.jetbrains.kotlin:kotlin-stdlib")
 }
 
 tasks.withType<KotlinCompile>().configureEach {
-    kotlinOptions {
-        freeCompilerArgs += "-Xjvm-default=all"
+    compilerOptions {
+        freeCompilerArgs.add("-Xjvm-default=all")
         val jdkRelease = buildParameters.targetJavaVersion.toString()
-        freeCompilerArgs += "-Xjdk-release=$jdkRelease"
-        kotlinOptions.jvmTarget = jdkRelease
+        freeCompilerArgs.add("-Xjdk-release=$jdkRelease")
+        jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.fromTarget(jdkRelease))
     }
 }

docs/BUILD_SYSTEM.md

@@ -204,7 +204,7 @@ TestNG uses the new **Maven Central Portal API** (replacing the legacy OSSRH sys
 │ Root Project (build.gradle.kts)                          │
 │                                                          │
 │  plugins {                                               │
-│      id("com.gradleup.nmcp.aggregation") version "1.0.2" │
+│      id("com.gradleup.nmcp.aggregation") version "1.0.3" │
 │  }                                                       │
 │                                                          │
 │  nmcpAggregation {                                       │

docs/RELEASE_PROCESS.md

@@ -89,14 +89,16 @@ You need:
 
 ### Required Secrets (Already Configured)
 
-The following secrets must be configured in GitHub repository settings:
+The following secrets must be configured in GitHub repository settings. The GitHub Actions workflows automatically map these secrets to the environment variables required by the build:
 
-| Secret Name | Description | Where to Get |
-|-------------|-------------|--------------|
-| `NEXUS_USERNAME` | Central Portal username/token | https://central.sonatype.com/ → Generate User Token |
-| `NEXUS_PASSWORD` | Central Portal password/token | https://central.sonatype.com/ → Generate User Token |
-| `GPG_PRIVATE_KEY` | PGP private key for signing | Your PGP keyring |
-| `GPG_PASSPHRASE` | PGP key passphrase | Your PGP key passphrase |
+| GitHub Secret Name | Maps to Environment Variable | Description | Where to Get |
+|-------------------|------------------------------|-------------|--------------|
+| `NEXUS_USERNAME` | `CENTRAL_PORTAL_USERNAME` | Central Portal username/token | https://central.sonatype.com/ → Generate User Token |
+| `NEXUS_PASSWORD` | `CENTRAL_PORTAL_PASSWORD` | Central Portal password/token | https://central.sonatype.com/ → Generate User Token |
+| `GPG_PRIVATE_KEY` | `SIGNING_PGP_PRIVATE_KEY` | PGP private key for signing | Your PGP keyring |
+| `GPG_PASSPHRASE` | `SIGNING_PGP_PASSPHRASE` | PGP key passphrase | Your PGP key passphrase |
+
+**Note**: When publishing manually (outside of GitHub Actions), you must export the environment variable names shown in the second column (e.g., `CENTRAL_PORTAL_USERNAME`, not `NEXUS_USERNAME`).
 
 ## Release Workflow
 
@@ -121,7 +123,7 @@ This is the simplest approach - artifacts are automatically published to Maven C
 The workflow will:
 
 1. ✅ **Validate Gradle wrapper** (security check)
-2. ✅ **Set up JDK 17** (required for building and nmcp plugin)
+2. ✅ **Set up JDK 21** (required for building and nmcp plugin)
 3. ✅ **Build all artifacts** (testng.jar, sources, javadoc)
 4. ✅ **Sign artifacts** with PGP key
 5. ✅ **Upload to Central Portal**
@@ -181,7 +183,7 @@ This approach uploads artifacts to Central Portal but waits for you to manually
 The workflow will:
 
 1. ✅ **Validate Gradle wrapper** (security check)
-2. ✅ **Set up JDK 17** (required for building and nmcp plugin)
+2. ✅ **Set up JDK 21** (required for building and nmcp plugin)
 3. ✅ **Build all artifacts** (testng.jar, sources, javadoc)
 4. ✅ **Sign artifacts** with PGP key
 5. ✅ **Upload to Central Portal**
@@ -292,13 +294,15 @@ If you need to manually publish a snapshot:
   --stacktrace
 ```
 
-**Required environment variables**:
+**Required environment variables** (see the [Required Secrets](#required-secrets-already-configured) table):
 
 ```bash
 export CENTRAL_PORTAL_USERNAME="your-token-username"
 export CENTRAL_PORTAL_PASSWORD="your-token-password"
 ```
 
+**Note**: Use the environment variable names (`CENTRAL_PORTAL_*`), not the GitHub secret names (`NEXUS_*`).
+
 ---
 
 ## Post-Release Activities
@@ -409,9 +413,9 @@ If there are documentation changes:
 
 **Problem**: The nmcp plugin requires Java 17 or higher.
 
-**Solution**: The workflow already uses JDK 17. If you see this error, check:
+**Solution**: The workflow already uses JDK 21. If you see this error, check:
 
-- The workflow file uses `java-version: 17`
+- The workflow file uses `java-version: 21`
 - The setup-java step completed successfully
 
 ### Workflow Fails: "Authentication failed"
@@ -618,6 +622,8 @@ Developer                    GitHub Actions              Central Portal
 
 ### Common Commands
 
+**Note**: All publishing commands require environment variables to be set. See [Required Secrets](#required-secrets-already-configured) for details.
+
 ```bash
 # Publish release (automatic)
 ./gradlew publishAggregationToCentralPortal \
@@ -630,13 +636,21 @@ Developer                    GitHub Actions              Central Portal
   -PcentralPortal.publishingType=USER_MANAGED
 
 # Publish snapshot
-./gradlew publishAllPublicationsToCentralSnapshotsRepository \
+./gradlew publishAggregationToCentralPortalSnapshots \
   -Prelease=false
 
 # Build without publishing
 ./gradlew build -Prelease=true
 ```
 
+**Required environment variables for publishing**:
+```bash
+export CENTRAL_PORTAL_USERNAME="your-token-username"
+export CENTRAL_PORTAL_PASSWORD="your-token-password"
+export SIGNING_PGP_PRIVATE_KEY="your-pgp-private-key"
+export SIGNING_PGP_PASSPHRASE="your-pgp-passphrase"
+```
+
 ### Important URLs
 
 | Purpose | URL |

testng-core/testng-core-build.gradle.kts

@@ -41,7 +41,9 @@ dependencies {
     implementation(projects.testngRunnerApi)
     implementation("org.webjars:jquery:3.7.1")
     testImplementation(projects.testngAsserts)
-    testImplementation("org.codehaus.groovy:groovy-all:3.0.13") {
+    // Groovy 4.x is required to support Java 21 bytecode (class file major version 65)
+    // Groovy 3.x doesn't support reading Java 21 bytecode
+    testImplementation("org.apache.groovy:groovy-all:4.0.29") {
         exclude("org.testng", "testng")
     }
     testImplementation("org.apache-extras.beanshell:bsh:2.0b6")
@@ -59,9 +61,8 @@ tasks.compileTestGroovy {
     dependsOn(tasks.compileTestKotlin)
     classpath += files(tasks.compileTestKotlin)
 }
-tasks.compileTestKotlin {
-    classpath = sourceSets.test.get().compileClasspath
-}
+// Note: In Kotlin 2.3.0+, the classpath property on KotlinCompile task has been removed.
+// The classpath is now automatically managed through source sets, so no manual configuration is needed.
 
 tasks.test {
     maxParallelForks = Runtime.getRuntime().availableProcessors().div(2)