From 2db3d19c0d0777c99e478a27c8f0d3ba645fd569 Mon Sep 17 00:00:00 2001 From: "Piotr P. Karwasz" Date: Thu, 4 Jun 2026 09:38:41 +0200 Subject: [PATCH 1/4] [DIRMINA-1197] Add a Java CI workflow (branch `2.1.X`) Introduce a GitHub Actions workflow that builds and tests this branch on current runners and action versions. - Run on ubuntu-latest, windows-latest and macos-latest, testing JDK 8 and 11 on Temurin. macOS ARM has no Temurin JDK 8 build, so that single combination uses Zulu instead. - Use actions/checkout@v6 (without persisting credentials), actions/setup-java@v5 (with Maven caching), and an actions/upload-artifact@v7 step for the surefire reports. - Limit push builds to the maintained production branches so internal feature branches are not built twice. - Add a workflow-level concurrency group that cancels superseded pull request runs while letting pushes to the production branches run to completion. - Run `mvn verify` under an explicit bash shell, and set per-job permissions. Assisted-By: Claude Opus 4.8 (1M context) --- .github/workflows/ci.yaml | 80 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 .github/workflows/ci.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..1f05c1199 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,80 @@ +# SPDX-License-Identifier: Apache-2.0 +name: Java CI + +on: + # Build only the production branches on push, so internal feature branches do not trigger a build twice (once on push, once on the pull request). + push: + # Restricts push builds to these branches, even if the workflow is copied to another branch. + branches: + - 2.0.X + - 2.1.X + - 2.2.X + # Build every pull request targeting the branch this workflow lives on. + pull_request: + +# Permissions are granted per job. +permissions: { } + +# Check all pushes to production branches, but interrupt a PR job if a new commit is pushed. +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + test: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, windows-latest] + java-version: [8, 11] + distribution: [temurin] + include: + # There is no Temurin JDK 8 release for macOS ARM. + - os: macos-latest + java-version: 8 + distribution: zulu + - os: macos-latest + java-version: 11 + distribution: temurin + fail-fast: false + name: Test JDK ${{ matrix.java-version }}, ${{ matrix.os }} + + # Actions from the `actions` and `github` organizations are pinned to a major version tag rather than a commit SHA. + # This is a deliberate decision: + # + # - Those organizations have strong expertise in securing GitHub Actions. + # - A compromise of either organization would likely also compromise the GitHub Actions service itself, so pinning would not help. + # - These actions release frequently. + # + # The residual risk is deemed acceptable in exchange for less Dependabot churn across the maintained branches. + steps: + + - name: Checkout repository + uses: actions/checkout@v6 + with: + # Don't persist the GitHub token used to check out the repository. + persist-credentials: false + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + java-version: ${{ matrix.java-version }} + distribution: ${{ matrix.distribution }} + cache: maven + + - name: Test with Maven + shell: bash + run: | + mvn verify \ + --show-version --batch-mode --errors --no-transfer-progress + + # Upload the test results, even when the build failed. + - name: Upload test reports + if: always() + uses: actions/upload-artifact@v7 + with: + name: "test-report-${{matrix.os}}-${{matrix.distribution}}-${{matrix.java-version}}-${{github.run_number}}-${{github.run_attempt}}" + # Don't warn or fail when no tests ran (e.g. a compilation failure). + if-no-files-found: ignore + path: | + **/target/surefire-reports From c1f24eb38582c864aa60a260ea538461fe7b6128 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emmanuel=20L=C3=A9charny?= <2922517+elecharny@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:27:04 +0200 Subject: [PATCH 2/4] Update ci.yaml Removed Java 11 --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1f05c1199..78da4b954 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,8 @@ jobs: strategy: matrix: os: [ubuntu-latest, windows-latest] - java-version: [8, 11] + # Enforce Java 8 only, branches 2.0.X and 2.1.X won't build with any other versions + java-version: [8] distribution: [temurin] include: # There is no Temurin JDK 8 release for macOS ARM. From 892111d9e40ed6212121471551437b40872e9c08 Mon Sep 17 00:00:00 2001 From: "Piotr P. Karwasz" Date: Thu, 4 Jun 2026 10:28:14 +0200 Subject: [PATCH 3/4] fix: use `-Pserial` --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 78da4b954..567bcbe1a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -67,6 +67,7 @@ jobs: shell: bash run: | mvn verify \ + -Pserial \ --show-version --batch-mode --errors --no-transfer-progress # Upload the test results, even when the build failed. From adce98250f135fe34c95ebb5ca5c4c6f74afae45 Mon Sep 17 00:00:00 2001 From: "Piotr P. Karwasz" Date: Thu, 4 Jun 2026 10:29:11 +0200 Subject: [PATCH 4/4] fix: remove macOS JDK 11 --- .github/workflows/ci.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 567bcbe1a..e5e9b1554 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,9 +34,6 @@ jobs: - os: macos-latest java-version: 8 distribution: zulu - - os: macos-latest - java-version: 11 - distribution: temurin fail-fast: false name: Test JDK ${{ matrix.java-version }}, ${{ matrix.os }}