Bump shadow-gradle-plugin from 8.3.9 to 9.3.1

[andrross]

This dependency update does make some breaking changes in some plugin build scripts. I'm going to try to work through those before this is pushed.

• Update shadow plugin usage job-scheduler#884
• Update shadow plugin usage security#5953
• Update shadow plugin usage alerting#2022
• Update shadow plugin usage common-utils#904
• Update shadow plugin usage index-management#1587
• Update shadow plugin usage notifications#1138

Check List

• Functionality includes testing.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Updates the shadow Gradle plugin from version 8.3.9 to 9.3.1 and refactors the publication configuration to use the new component API directly instead of the extension-based component wiring.

Changes

Cohort / File(s)	Summary
Build Configuration buildSrc/build.gradle	Updates shadow plugin dependency from 8.3.9 to 9.3.1.
Publication Integration buildSrc/src/main/java/org/opensearch/gradle/PublishPlugin.java	Replaces ShadowExtension and shadow.component(publication) with publication.from(project.getComponents().getByName("shadow")) for shadow component publication wiring.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• Bump com.netflix.nebula:nebula-publishing-plugin from 21.1.0 to 23.0.0 #20477: Upgrades nebula publishing plugin which adds Shadow component support, complementing the shift to direct component-based publication wiring in this PR.

Suggested labels

dependencies, Build

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is incomplete and does not follow the required template structure, missing key sections.	Add a 'Description' section explaining what the shadow-gradle-plugin update achieves and its impact. Include the 'Related Issues' section with any issue numbers being resolved.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: bumping the shadow-gradle-plugin version from 8.3.9 to 9.3.1, which matches the actual modifications in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@buildSrc/src/main/java/org/opensearch/gradle/PublishPlugin.java`:
- Line 105: The current PublishPlugin uses
project.getComponents().getByName("shadow") without verifying the component
exists and only checks for the legacy Shadow plugin ID
("com.github.johnrengelman.shadow"), which can cause configuration failures if
Shadow is applied without a Java-style plugin or if the new ID
("com.gradleup.shadow") is used; update the logic in PublishPlugin (the block
that calls publication.from(project.getComponents().getByName("shadow"))) to (1)
accept both plugin IDs ("com.github.johnrengelman.shadow" and
"com.gradleup.shadow") when using withPlugin or check for the Java plugin (java,
kotlin.jvm, groovy) via withPlugin before attempting to access the component,
and (2) use project.getComponents().findByName("shadow") and a null check before
calling publication.from(...) so the code only adds the shadow component when
present.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b6ab06b and 4d07a30.

📒 Files selected for processing (2)

• buildSrc/build.gradle
• buildSrc/src/main/java/org/opensearch/gradle/PublishPlugin.java

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: gradle-check
• GitHub Check: detect-breaking-change
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: Analyze (java)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: Mend Security Check

🔇 Additional comments (1)

buildSrc/build.gradle (1)

114-114: shadow-gradle-plugin 9.3.1 is compatible with the current baselines.

Project uses Gradle 9.2.1 (exceeds the plugin's minimum of 9.0) and Java 21. The 9.3.1 release is a patch update containing only an ASM library fix to avoid classpath conflicts—no breaking changes affecting publishing behavior.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[github-actions]

✅ Gradle check result for 4d07a30: SUCCESS

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 73.20%. Comparing base (db0a16d) to head (55ab17e).
⚠️ Report is 39 commits behind head on main.

Files with missing lines	Patch %	Lines
...main/java/org/opensearch/gradle/PublishPlugin.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##               main   #20569    +/-   ##
==========================================
  Coverage     73.19%   73.20%            
+ Complexity    71924    71914    -10     
==========================================
  Files          5781     5781            
  Lines        329292   329395   +103     
  Branches      47514    47525    +11     
==========================================
+ Hits         241026   241131   +105     
+ Misses        68925    68859    -66     
- Partials      19341    19405    +64     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

✅ Gradle check result for 55ab17e: SUCCESS

[cwperks]

Not sure how yet, but I think this PR is causing issues in the tests in the security repo on opensearch-project/security#5963

[cwperks]

Not sure how yet, but I think this PR is causing issues in the tests in the security repo on opensearch-project/security#5963

Raised a PR to address this: opensearch-project/security#5964

[opensearch-trigger-bot]

The backport to 2.19 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.19 2.19
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.19
# Create a new branch
git switch --create backport/backport-20569-to-2.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 6b557db18f43399491f22b8391ff2ba2f29936fc
# Push it to GitHub
git push --set-upstream origin backport/backport-20569-to-2.19
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.19

Then, create a pull request where the base branch is 2.19 and the compare/head branch is backport/backport-20569-to-2.19.