From cb0965b00050636a270bdb7d2b376b8c8c3d3665 Mon Sep 17 00:00:00 2001
From: clouless <12599965+clouless@users.noreply.github.com>
Date: Fri, 13 Feb 2026 18:10:19 +0100
Subject: [PATCH 1/2] release assets upload

---
 .github/workflows/build-on-pull-request.yml |  5 ----
 .github/workflows/build-on-release.yml      | 26 +++++++++++++++++++++
 2 files changed, 26 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/build-on-release.yml

diff --git a/.github/workflows/build-on-pull-request.yml b/.github/workflows/build-on-pull-request.yml
index 9088e55..b8328fc 100644
--- a/.github/workflows/build-on-pull-request.yml
+++ b/.github/workflows/build-on-pull-request.yml
@@ -14,8 +14,3 @@ jobs:
           distribution: "temurin"
           architecture: x64
       - run: mvn package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
-      - run: mkdir staging && cp target/*.jar staging
-      - uses: actions/upload-artifact@v4
-        with:
-          name: Package
-          path: staging
diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml
new file mode 100644
index 0000000..dca0304
--- /dev/null
+++ b/.github/workflows/build-on-release.yml
@@ -0,0 +1,26 @@
+name: build and test on release
+on:
+  push:
+    tags:
+      - "*"
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Set up JDK 8 for x64
+        uses: actions/setup-java@v4
+        with:
+          java-version: "8"
+          distribution: "temurin"
+          architecture: x64
+      - run: mvn package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
+      - name: "upload release assets"
+        uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477 #https://github.com/softprops/action-gh-release/issues/216
+        if: github.ref_type == 'tag'
+        with:
+          body: |
+            :closed_book: File 1 of 1 uploaded: junit-xml-merger.jar
+          files: |
+            target/junit-xml-merger.jar
+          append_body: true

From 3c079b84ef862b17987621df4f188d0fcacffb26 Mon Sep 17 00:00:00 2001
From: clouless <12599965+clouless@users.noreply.github.com>
Date: Fri, 13 Feb 2026 18:21:15 +0100
Subject: [PATCH 2/2] sast for later

---
 .github/workflows/build-on-pull-request.yml | 26 +++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.github/workflows/build-on-pull-request.yml b/.github/workflows/build-on-pull-request.yml
index b8328fc..aa45bf5 100644
--- a/.github/workflows/build-on-pull-request.yml
+++ b/.github/workflows/build-on-pull-request.yml
@@ -3,10 +3,36 @@ on:
   pull_request:
     branches: [master]
 jobs:
+  #  sast-scan:
+  #    runs-on: ubuntu-latest
+  #    # Skip any PR created by dependabot to avoid permission issues:
+  #    if: (github.actor != 'dependabot[bot]')
+  #    steps:
+  #      - uses: actions/checkout@v5
+  #      - uses: actions/setup-node@v4
+  #        with:
+  #          node-version: "22"
+  #      - run: npm install -g snyk
+  #      - run: snyk config set api=${{ secrets.SNYK_API_KEY }}
+  #      - run: snyk code test src/main
+  malware-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Malware Scanner # https://github.com/dell/common-github-actions/blob/main/malware-scanner/README.md
+        uses: dell/common-github-actions/malware-scanner@main
+        with:
+          directories: .
+          options: -ri
   build-and-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: Malware Scanner # https://github.com/dell/common-github-actions/blob/main/malware-scanner/README.md
+        uses: dell/common-github-actions/malware-scanner@main
+        with:
+          directories: .
+          options: -ri
       - name: Set up JDK 8 for x64
         uses: actions/setup-java@v4
         with: