Spring Security Restore Build Scan Capability

For the 5.8.x branch, using the --scan attribute does not work per the following from Gradle:

Gradle versions older than 8.4 do not recognize the Develocity plugin as the replacement for deprecated Gradle Enterprise and Build Scan plugins. When --scan argument is used, Gradle attempts to apply its version of the plugin which may conflict with the Develocity plugin explicitly applied to your project. If the plugin applied by Gradle wins, the new functionality provided by the Develocity plugin will not be available.

As such, --scan needs to be removed for the moment and likely replaced with a recommendation like the following:

develocity {
    buildScan {
        if (System.getenv("IS_A_PULL_REQUEST")) {
            publishing.onlyIf { true }
            server = "https://scans.gradle.com"
        }
    }
}

Comment From: jzheaux

The above did not quite work since the Spring Gradle Enterprise Conventions plugin needs to set the server value and the Develocity plugin does not allow it to be overridden.

Comment From: jzheaux

Another way to do this is to only apply the Spring Gradle Enterprise Conventions plugin when enterprise credentials are present:

if (System.getenv("DEVELOCITY_ACCESS_KEY")) {
    apply plugin: "io.spring.ge.conventions"
}

This works because the DEVELOCITY_ACCESS_KEY credential is not available to PRs. GIven that, it can't exercise the Conventions feature set anyway.

Comment From: jzheaux

Closed in ca67634