diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 0786ce3ef470..3982c296a43f 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,8 +1 @@
-# These are supported funding model platforms
-
-github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
custom: https://junit.org/sponsoring
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
deleted file mode 100644
index f1ce8b0c8472..000000000000
--- a/.github/ISSUE_TEMPLATE.md
+++ /dev/null
@@ -1,23 +0,0 @@
-## Overview
-
-_Replace the following bullet points with your issue description,
-after answering yourself: **"What kind of issue is this?"**_
-
-- ( ) **Question.** This issue tracker is not the place for questions.
-If you want to ask how to do something, or to understand why
-something isn't working the way you expect it to, please first use Stack
-Overflow or Gitter.
-https://stackoverflow.com/questions/tagged/junit5
-
-- ( ) **Bug report.** Please provide us the version of JUnit 5 you are
-using and, if possible, a failing unit test with your bug report. Don't
-forget to describe the rationale for this issue (e.g. expected vs.
-actual behavior).
-
-- ( ) **Feature request.** Start by telling us what problem you’re trying
-to solve. Often a solution already exists! Please, don’t send pull requests
-to implement new features without first getting our support.
-
-## Deliverables
-
-- [ ] ...
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 8d847d251231..57a6f10876d6 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,10 +1,11 @@
---
-name: Bug report
+name: Report a bug or regression
about: Create a report to help us improve
-
+type: Bug
+labels: ["type: bug"]
---
-
+
## Steps to reproduce
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 000000000000..eeb371ed465e
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+ - name: Ask a question
+ url: https://github.com/junit-team/junit-framework/discussions/categories/q-a
+ about: Please ask and answer questions here
+ - name: Ask a question (Stack Overflow)
+ url: https://stackoverflow.com/questions/tagged/junit5
+ about: Alternatively, ask questions here
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
index 24e26904931e..6b6b28087cbb 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,7 +1,8 @@
---
-name: Feature request
+name: Request a feature or enhancement
about: Suggest an idea for this project
-
+type: Feature
+labels: ["type: new feature"]
---
diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md
deleted file mode 100644
index 23c796b2d20d..000000000000
--- a/.github/ISSUE_TEMPLATE/question.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-name: Question
-about: Please first ask on Gitter or StackOverflow before creating an issue
----
-
-This issue tracker is not the place for questions.
-If you want to ask how to do something, or to understand why
-something isn't working the way you expect it to, please use Gitter [1] or Stack Overflow [2].
-
-[1] https://gitter.im/junit-team/junit5
-[2] https://stackoverflow.com/questions/tagged/junit5
diff --git a/.github/ISSUE_TEMPLATE/task.md b/.github/ISSUE_TEMPLATE/task.md
new file mode 100644
index 000000000000..fa7b782ac41b
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/task.md
@@ -0,0 +1,12 @@
+---
+name: Create a task
+about: Create a task for a specific piece of work
+type: Task
+labels: ["type: task"]
+---
+
+
+
+## Deliverables
+
+- [ ] ...
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 90d0d4bdaed2..cfeb6a90b3ee 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -4,15 +4,15 @@
---
-I hereby agree to the terms of the [JUnit Contributor License Agreement](https://github.com/junit-team/junit5/blob/002a0052926ddee57cf90580fa49bc37e5a72427/CONTRIBUTING.md#junit-contributor-license-agreement).
+I hereby agree to the terms of the [JUnit Contributor License Agreement](https://github.com/junit-team/junit-framework/blob/002a0052926ddee57cf90580fa49bc37e5a72427/CONTRIBUTING.md#junit-contributor-license-agreement).
---
### Definition of Done
- [ ] There are no TODOs left in the code
-- [ ] Method [preconditions](https://junit.org/junit5/docs/snapshot/api/org.junit.platform.commons/org/junit/platform/commons/util/Preconditions.html) are checked and documented in the method's Javadoc
-- [ ] [Coding conventions](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#coding-conventions) (e.g. for logging) have been followed
-- [ ] Change is covered by [automated tests](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#tests) including corner cases, errors, and exception handling
-- [ ] Public API has [Javadoc](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#javadoc) and [`@API` annotations](https://apiguardian-team.github.io/apiguardian/docs/current/api/org/apiguardian/api/API.html)
-- [ ] Change is documented in the [User Guide](https://junit.org/junit5/docs/snapshot/user-guide/) and [Release Notes](https://junit.org/junit5/docs/snapshot/user-guide/#release-notes)
+- [ ] Method [preconditions](https://docs.junit.org/snapshot/api/org.junit.platform.commons/org/junit/platform/commons/util/Preconditions.html) are checked and documented in the method's Javadoc
+- [ ] [Coding conventions](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#coding-conventions) (e.g. for logging) have been followed
+- [ ] Change is covered by [automated tests](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#tests) including corner cases, errors, and exception handling
+- [ ] Public API has [Javadoc](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#javadoc) and [`@API` annotations](https://apiguardian-team.github.io/apiguardian/docs/current/api/org/apiguardian/api/API.html)
+- [ ] Change is documented in the [User Guide](https://docs.junit.org/snapshot/user-guide/) and [Release Notes](https://docs.junit.org/snapshot/user-guide/#release-notes)
diff --git a/.github/actions/main-build/action.yml b/.github/actions/main-build/action.yml
index b9acd2f3c045..338667f8d39b 100644
--- a/.github/actions/main-build/action.yml
+++ b/.github/actions/main-build/action.yml
@@ -4,7 +4,10 @@ inputs:
arguments:
required: true
description: Gradle arguments
- default: :platform-tooling-support-tests:test build
+ default: :platform-tooling-support-tests:test build --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
+ encryptionKey:
+ required: true
+ description: Gradle cache encryption key
runs:
using: "composite"
steps:
@@ -12,3 +15,9 @@ runs:
- uses: ./.github/actions/run-gradle
with:
arguments: ${{ inputs.arguments }}
+ encryptionKey: ${{ inputs.encryptionKey }}
+ - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ if: ${{ always() }}
+ with:
+ name: Open Test Reports (${{ github.job }})
+ path: '**/build/reports/open-test-report.html'
diff --git a/.github/actions/maven-central-user-token/action.yml b/.github/actions/maven-central-user-token/action.yml
new file mode 100644
index 000000000000..37266d5e86a0
--- /dev/null
+++ b/.github/actions/maven-central-user-token/action.yml
@@ -0,0 +1,17 @@
+name: Prepare Maven Central user token
+description: Compute the Maven Central user token from username and password
+inputs:
+ username:
+ required: true
+ description: Maven Central username
+ password:
+ required: true
+ description: Maven Central password
+runs:
+ using: "composite"
+ steps:
+ - shell: bash
+ run: |
+ USER_TOKEN=$(printf "${{ inputs.username }}:${{ inputs.password }}" | base64)
+ echo "::add-mask::$USER_TOKEN"
+ echo "MAVEN_CENTRAL_USER_TOKEN=$USER_TOKEN" >> $GITHUB_ENV
diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml
index 4103d29bab8d..90bd8082b59c 100644
--- a/.github/actions/run-gradle/action.yml
+++ b/.github/actions/run-gradle/action.yml
@@ -5,23 +5,29 @@ inputs:
required: true
description: Gradle arguments
default: build
+ encryptionKey:
+ required: true
+ description: Gradle cache encryption key
runs:
using: "composite"
steps:
- - uses: actions/setup-java@v4
+ - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
id: setup-gradle-jdk
with:
distribution: temurin
java-version: 21
check-latest: true
- - uses: gradle/actions/setup-gradle@v4
+ - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0
+ with:
+ cache-encryption-key: ${{ inputs.encryptionKey }}
- shell: bash
env:
JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }}
run: |
./gradlew \
-Porg.gradle.java.installations.auto-download=false \
- -Pjunit.develocity.predictiveTestSelection.enabled=${{ github.event_name == 'pull_request' }} \
+ -Pjunit.develocity.predictiveTestSelection.enabled=true \
+ -Pjunit.develocity.predictiveTestSelection.selectRemainingTests=${{ github.event_name != 'pull_request' }} \
"-Dscan.value.GitHub job=${{ github.job }}" \
javaToolchains \
${{ inputs.arguments }}
diff --git a/.github/actions/setup-test-jdk/action.yml b/.github/actions/setup-test-jdk/action.yml
index 70a571e59a7f..b2d6b1dbc46b 100644
--- a/.github/actions/setup-test-jdk/action.yml
+++ b/.github/actions/setup-test-jdk/action.yml
@@ -8,7 +8,7 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/setup-java@v4
+ - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: ${{ inputs.distribution }}
java-version: 8
diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 000000000000..d256a62d0f55
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,36 @@
+{
+ $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+ extends: [
+ 'github>junit-team/renovate-config',
+ ],
+ baseBranches: ["main", "/^develop\\/.*/"],
+ packageRules: [
+ {
+ matchCurrentValue: '/^2\\./',
+ allowedVersions: '(,3.0)',
+ matchPackageNames: [
+ 'org.codehaus.groovy:{/,}**',
+ ],
+ },
+ {
+ matchCurrentValue: '/^4\\./',
+ allowedVersions: '(,5.0)',
+ matchPackageNames: [
+ 'org.apache.groovy:{/,}**',
+ ],
+ },
+ {
+ matchCurrentValue: '/^1\\./',
+ allowedVersions: '/^1\\..*-groovy-2\\.*/',
+ matchPackageNames: [
+ 'org.spockframework:{/,}**',
+ ],
+ },
+ {
+ allowedVersions: '!/-SNAPSHOT$/',
+ matchPackageNames: [
+ 'org.opentest4j.reporting:{/,}**',
+ ],
+ },
+ ],
+}
diff --git a/gradle/scripts/checkBuildReproducibility.sh b/.github/scripts/checkBuildReproducibility.sh
similarity index 79%
rename from gradle/scripts/checkBuildReproducibility.sh
rename to .github/scripts/checkBuildReproducibility.sh
index c434fc778a44..60f2bd165022 100755
--- a/gradle/scripts/checkBuildReproducibility.sh
+++ b/.github/scripts/checkBuildReproducibility.sh
@@ -1,8 +1,9 @@
#!/bin/bash -e
-rm -rf checksums*
+rm -f checksums-1.txt checksums-2.txt
-export SOURCE_DATE_EPOCH=$(date +%s)
+SOURCE_DATE_EPOCH=$(date +%s)
+export SOURCE_DATE_EPOCH
function calculate_checksums() {
OUTPUT=$1
@@ -19,7 +20,7 @@ function calculate_checksums() {
| grep '/build/libs/' \
| grep --invert-match 'javadoc' \
| sort \
- | xargs sha256sum > "${OUTPUT}"
+ | xargs sha512sum > "${OUTPUT}"
}
diff --git a/.github/scripts/waitForUrl.sh b/.github/scripts/waitForUrl.sh
new file mode 100755
index 000000000000..e7ae8715c055
--- /dev/null
+++ b/.github/scripts/waitForUrl.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+URL=$1
+printf 'Waiting for %s' "$URL"
+until curl --output /dev/null --silent --location --head --fail "$URL"; do
+ printf '.'
+ sleep 5
+done
+echo ' OK'
diff --git a/.github/workflows/close-inactive-issues.yml b/.github/workflows/close-inactive-issues.yml
index fef88e94d267..2a76f9cd147d 100644
--- a/.github/workflows/close-inactive-issues.yml
+++ b/.github/workflows/close-inactive-issues.yml
@@ -3,6 +3,7 @@ on:
schedule:
- cron: "30 1 * * *"
workflow_dispatch:
+permissions: {}
jobs:
close-issues:
runs-on: ubuntu-latest
@@ -10,7 +11,7 @@ jobs:
issues: write
pull-requests: write
steps:
- - uses: actions/stale@v9
+ - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
only-labels: "status: waiting-for-feedback"
days-before-stale: 14
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql.yml
similarity index 51%
rename from .github/workflows/codeql-analysis.yml
rename to .github/workflows/codeql.yml
index 264bcc0a79f7..08f5a64c5be9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql.yml
@@ -13,35 +13,46 @@ on:
schedule:
- cron: '0 19 * * 3'
+permissions: {}
+
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
jobs:
analyze:
- name: Analyze
+ name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
security-events: write
strategy:
fail-fast: false
matrix:
- language:
- - java
- - javascript
+ include:
+ - language: actions
+ build-mode: none
+ - language: java-kotlin
+ build-mode: manual
+ - language: javascript
+ build-mode: none
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
with:
languages: ${{ matrix.language }}
- tools: latest
+ build-mode: ${{ matrix.build-mode }}
+ tools: linked
- name: Build
+ if: matrix.build-mode == 'manual'
uses: ./.github/actions/run-gradle
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
--no-build-cache \
-Dscan.tag.CodeQL \
allMainClasses
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+ with:
+ category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/combine-prs.yml b/.github/workflows/combine-prs.yml
deleted file mode 100644
index 29df14a19746..000000000000
--- a/.github/workflows/combine-prs.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-name: Combine PRs
-
-on:
- schedule:
- - cron: '0 0 * * *' # Every day at 00:00 UTC
- workflow_dispatch:
-
-jobs:
- combine-prs:
- if: github.repository == 'junit-team/junit5'
- runs-on: ubuntu-latest
- steps:
- - name: combine-prs
- uses: github/combine-prs@v5.1.0
- with:
- github_token: ${{ secrets.GH_TOKEN }}
diff --git a/.github/workflows/cross-version.yml b/.github/workflows/cross-version.yml
index 97b19e9ed8b5..a9f1805eb156 100644
--- a/.github/workflows/cross-version.yml
+++ b/.github/workflows/cross-version.yml
@@ -1,13 +1,17 @@
name: Cross-Version
on:
+ schedule:
+ - cron: '0 0 * * 6' # Every Saturday at 00:00 UTC
push:
branches:
- main
- 'releases/**'
pull_request:
branches:
- - '*'
+ - '**'
+
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
@@ -18,36 +22,53 @@ jobs:
fail-fast: false
matrix:
jdk:
- - version: 22
- - version: 23
- - version: 24
- version: 24
- release: leyden
- name: "OpenJDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || 'ea' }})"
+ type: ga
+ - version: 25
+ type: ea
+ - version: 26
+ type: ea
+ name: "OpenJDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || matrix.jdk.type }})"
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Set up Test JDK
uses: ./.github/actions/setup-test-jdk
- name: "Set up JDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || 'ea' }})"
- uses: oracle-actions/setup-java@v1
+ if: matrix.jdk.type == 'ea'
+ uses: oracle-actions/setup-java@8fb9d7717810ccde9f8d4bef1e6f43d180f506b5 # v1.4.1
with:
website: jdk.java.net
release: ${{ matrix.jdk.release || matrix.jdk.version }}
version: latest
+ - name: "Set up JDK ${{ matrix.jdk.version }} (${{ matrix.jdk.distribution || 'temurin' }})"
+ if: matrix.jdk.type == 'ga'
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ with:
+ distribution: ${{ matrix.jdk.distribution || 'temurin' }}
+ java-version: ${{ matrix.jdk.version }}
+ check-latest: true
- name: 'Prepare JDK${{ matrix.jdk.version }} env var'
shell: bash
run: echo "JDK${{ matrix.jdk.version }}=$JAVA_HOME" >> $GITHUB_ENV
- name: Build
uses: ./.github/actions/run-gradle
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
+ -Ptesting.enableJaCoCo=false \
-PjavaToolchain.version=${{ matrix.jdk.version }} \
-Dscan.tag.JDK_${{ matrix.jdk.version }} \
- build
+ build \
+ --no-configuration-cache #Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
+ - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ if: ${{ always() }}
+ with:
+ name: Open Test Reports (${{ github.job }} ${{ matrix.jdk.version }} (${{ matrix.jdk.release || matrix.jdk.type }}))
+ path: '**/build/reports/open-test-report.html'
openj9:
strategy:
fail-fast: false
@@ -57,7 +78,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Set up Test JDK
@@ -65,7 +86,7 @@ jobs:
with:
distribution: semeru
- name: 'Set up JDK ${{ matrix.jdk }}'
- uses: actions/setup-java@v4
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: semeru
java-version: ${{ matrix.jdk }}
@@ -76,9 +97,17 @@ jobs:
- name: Build
uses: ./.github/actions/run-gradle
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
+ -Ptesting.enableJaCoCo=false \
-PjavaToolchain.version=${{ matrix.jdk }} \
-PjavaToolchain.implementation=j9 \
-Dscan.tag.JDK_${{ matrix.jdk }} \
-Dscan.tag.OpenJ9 \
- build
+ build \
+ --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
+ - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ if: ${{ always() }}
+ with:
+ name: Open Test Reports (${{ github.job }})
+ path: '**/build/reports/open-test-report.html'
diff --git a/.github/workflows/gradle-dependency-submission.yml b/.github/workflows/gradle-dependency-submission.yml
index 63f483f77f70..d53be2bbc338 100644
--- a/.github/workflows/gradle-dependency-submission.yml
+++ b/.github/workflows/gradle-dependency-submission.yml
@@ -5,23 +5,27 @@ on:
branches:
- main
-permissions:
- contents: write
+permissions: {}
+
+env:
+ DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
jobs:
dependency-submission:
- if: github.repository == 'junit-team/junit5'
+ if: github.repository == 'junit-team/junit-framework'
runs-on: ubuntu-latest
+ permissions:
+ contents: write
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Setup Java
- uses: actions/setup-java@v4
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: temurin
java-version: 21
check-latest: true
- name: Generate and submit dependency graph
- uses: gradle/actions/dependency-submission@v4
+ uses: gradle/actions/dependency-submission@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0
diff --git a/.github/workflows/issue-labels.yml b/.github/workflows/issue-labels.yml
deleted file mode 100644
index b91cf84c462b..000000000000
--- a/.github/workflows/issue-labels.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: Label new issues
-on:
- issues:
- types:
- - opened
-jobs:
- label_issues:
- runs-on: ubuntu-latest
- permissions:
- issues: write
- steps:
- - uses: actions/github-script@v7
- with:
- script: |
- github.rest.issues.addLabels({
- issue_number: context.issue.number,
- owner: context.repo.owner,
- repo: context.repo.repo,
- labels: ["status: new"]
- })
diff --git a/.github/workflows/label-opened-issues.yml b/.github/workflows/label-opened-issues.yml
new file mode 100644
index 000000000000..10a5dee96dee
--- /dev/null
+++ b/.github/workflows/label-opened-issues.yml
@@ -0,0 +1,30 @@
+name: Add label to opened issues
+on:
+ issues:
+ types:
+ - opened
+permissions: {}
+jobs:
+ label_issues:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ steps:
+ - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const issue = await github.rest.issues.get({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ });
+ const originalLabels = issue.data.labels.map(l => l.name);
+ const statusLabels = originalLabels.filter(l => l.startsWith("status: "));
+ if (statusLabels.length === 0 && !originalLabels.includes("up-for-grabs")) {
+ github.rest.issues.addLabels({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ labels: ["status: new"]
+ })
+ }
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index bb456f95beb3..63b28786a446 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -5,9 +5,13 @@ on:
branches:
- main
- 'releases/**'
+ tags-ignore:
+ - '**'
pull_request:
branches:
- - '*'
+ - '**'
+
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
@@ -17,26 +21,26 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Install GraalVM
- uses: graalvm/setup-graalvm@v1
+ uses: graalvm/setup-graalvm@01ed653ac833fe80569f1ef9f25585ba2811baab # v1.3.3
with:
distribution: graalvm-community
version: 'latest'
java-version: '21'
- github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build
uses: ./.github/actions/main-build
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
- -Ptesting.enableJaCoCo \
:platform-tooling-support-tests:test \
build \
- jacocoRootReport
+ jacocoRootReport \
+ --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
- name: Upload to Codecov.io
- uses: codecov/codecov-action@v4
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
token: ${{ secrets.CODECOV_TOKEN }}
@@ -44,60 +48,64 @@ jobs:
runs-on: windows-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Build
uses: ./.github/actions/main-build
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
macOS:
runs-on: macos-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Build
uses: ./.github/actions/main-build
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
publish_artifacts:
name: Publish Snapshot Artifacts
- needs: linux
+ needs: macOS
runs-on: ubuntu-latest
permissions:
attestations: write # required for build provenance attestation
id-token: write # required for build provenance attestation
- if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main')
+ if: github.event_name == 'push' && github.repository == 'junit-team/junit-framework' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main')
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Publish
uses: ./.github/actions/run-gradle
env:
- ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }}
- ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
+ ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+ ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
publish -x check \
- prepareGitHubAttestation \
- --no-configuration-cache
+ prepareGitHubAttestation
- name: Generate build provenance attestations
- uses: actions/attest-build-provenance@210c1913531870065f03ce1f9440dd87bc0938cd # v1.4.0
+ uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
with:
subject-path: documentation/build/attestation/*.jar
documentation:
name: Build Documentation
concurrency:
- group: github-pages
+ group: github-pages-${{ github.ref }}
cancel-in-progress: true
- needs: Linux
+ needs: macOS
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Install Graphviz
@@ -107,17 +115,23 @@ jobs:
- name: Build Documentation
uses: ./.github/actions/run-gradle
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
prepareDocsForUploadToGhPages \
- -Dscan.tag.Documentation \
- --no-configuration-cache
+ -Dscan.tag.Documentation
+ - name: Configure Git
+ shell: bash
+ run: |
+ git config --global user.name "JUnit Team"
+ git config --global user.email "team@junit.org"
- name: Upload Documentation
- if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && github.ref == 'refs/heads/main'
+ if: github.event_name == 'push' && github.repository == 'junit-team/junit-framework' && github.ref == 'refs/heads/main'
uses: ./.github/actions/run-gradle
with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
gitPublishPush \
- -Dscan.tag.Documentation \
- --no-configuration-cache
+ -Dscan.tag.Documentation
env:
- GRGIT_USER: ${{ secrets.GH_TOKEN }}
+ GIT_USERNAME: git
+ GIT_PASSWORD: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_DOCS_REPO }}
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
new file mode 100644
index 000000000000..0653e6106ee1
--- /dev/null
+++ b/.github/workflows/ossf-scorecard.yml
@@ -0,0 +1,62 @@
+name: OpenSSF Scorecard supply-chain security analysis
+
+on:
+ branch_protection_rule:
+ schedule:
+ - cron: '31 20 * * 6'
+ push:
+ branches: [ "main" ]
+
+permissions: {}
+
+jobs:
+ analysis:
+ name: Scorecard analysis
+ runs-on: ubuntu-latest
+ permissions:
+ # Needed to upload the results to code-scanning dashboard.
+ security-events: write
+ # Needed to publish results and get a badge (see publish_results below).
+ id-token: write
+
+ steps:
+ - name: "Checkout code"
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
+
+ - name: "Run analysis"
+ uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+ with:
+ results_file: results.sarif
+ results_format: sarif
+ # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+ # - you want to enable the Branch-Protection check on a *public* repository, or
+ # - you are installing Scorecard on a *private* repository
+ # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
+ # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+ # Public repositories:
+ # - Publish results to OpenSSF REST API for easy access by consumers
+ # - Allows the repository to include the Scorecard badge.
+ # - See https://github.com/ossf/scorecard-action#publishing-results.
+ # For private repositories:
+ # - `publish_results` will always be set to `false`, regardless
+ # of the value entered here.
+ publish_results: true
+
+ # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+ # format to the repository Actions tab.
+ - name: "Upload artifact"
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ with:
+ name: SARIF file
+ path: results.sarif
+ retention-days: 5
+
+ # Upload the results to GitHub's code scanning dashboard (optional).
+ # Commenting out will disable upload of results to your repo's Code Scanning dashboard
+ - name: "Upload to code-scanning"
+ uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+ with:
+ sarif_file: results.sarif
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000000..6501dd44dad3
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,300 @@
+name: Release
+
+on:
+ workflow_dispatch:
+ inputs:
+ releaseVersion:
+ description: Version to be released (e.g. "5.12.0-M1")
+ required: true
+ deploymentId:
+ description: ID of the Maven Central Publish Portal deployment
+ required: true
+ dryRun:
+ type: boolean
+ description: Enable dry-run mode
+ required: false
+ default: false
+
+permissions: {}
+
+env:
+ DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+ STAGING_REPO_URL: https://central.sonatype.com/api/v1/publisher/deployment/${{ inputs.deploymentId }}/download
+ RELEASE_TAG: r${{ inputs.releaseVersion }}
+
+jobs:
+
+ verify_reproducibility:
+ name: Verify reproducibility
+ runs-on: ubuntu-latest
+ permissions:
+ attestations: write # required for build provenance attestation
+ id-token: write # required for build provenance attestation
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 1
+ ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ - name: Prepare Maven Central user token
+ uses: ./.github/actions/maven-central-user-token
+ with:
+ username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+ password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+ - name: Download reference JAR from staging repository
+ id: referenceJar
+ run: |
+ curl --silent --fail --location --output /tmp/reference.jar \
+ --header "Authorization: Bearer $MAVEN_CENTRAL_USER_TOKEN" \
+ "${{ env.STAGING_REPO_URL }}/org/junit/jupiter/junit-jupiter-api/${{ inputs.releaseVersion }}/junit-jupiter-api-${{ inputs.releaseVersion }}.jar"
+ sudo apt-get update && sudo apt-get install --yes jc
+ unzip -c /tmp/reference.jar META-INF/MANIFEST.MF | jc --jar-manifest | jq '.[0]' > /tmp/manifest.json
+ echo "createdBy=$(jq --raw-output .Created_By /tmp/manifest.json)" >> "$GITHUB_OUTPUT"
+ echo "buildTimestamp=$(jq --raw-output .Build_Date /tmp/manifest.json) $(jq --raw-output .Build_Time /tmp/manifest.json)" >> "$GITHUB_OUTPUT"
+ - name: Verify artifacts
+ uses: ./.github/actions/run-gradle
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+ arguments: |
+ --rerun-tasks \
+ -Pmanifest.buildTimestamp="${{ steps.referenceJar.outputs.buildTimestamp }}" \
+ -Pmanifest.createdBy="${{ steps.referenceJar.outputs.createdBy }}" \
+ :verifyArtifactsInStagingRepositoryAreReproducible \
+ --remote-repo-url=${{ env.STAGING_REPO_URL }}
+ - name: Generate build provenance attestations
+ if: ${{ inputs.dryRun == false }}
+ uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
+ with:
+ subject-path: build/repo/**/*.jar
+
+ verify_consumability:
+ name: Verify consumability
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 1
+ ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ path: junit-framework
+ - name: Check out examples repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ repository: ${{ github.repository_owner }}/junit-examples
+ token: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_EXAMPLES_REPO }}
+ fetch-depth: 1
+ path: junit-examples
+ - name: Set up JDK
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ with:
+ java-version: 24
+ distribution: temurin
+ - uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7
+ - name: Update JUnit dependencies in examples
+ run: java src/Updater.java ${{ inputs.releaseVersion }}
+ working-directory: junit-examples
+ - name: Prepare Maven Central user token
+ uses: ./junit-framework/.github/actions/maven-central-user-token
+ with:
+ username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+ password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+ - name: Inject staging repository URL
+ run: java src/StagingRepoInjector.java ${{ env.STAGING_REPO_URL }}
+ working-directory: junit-examples
+ - name: Build examples
+ run: java src/Builder.java --exclude=junit-jupiter-starter-bazel,junit-jupiter-starter-sbt
+ working-directory: junit-examples
+ env:
+ MAVEN_ARGS: --settings ${{ github.workspace }}/junit-examples/src/central-staging-maven-settings.xml --activate-profiles central-staging
+
+ close_github_milestone:
+ name: Close GitHub milestone
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ steps:
+ - name: Close GitHub milestone
+ if: ${{ inputs.dryRun == false }}
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ result-encoding: string
+ script: |
+ const query = `
+ query ($owner: String!, $repo: String!, $title: String!) {
+ repository(owner: $owner, name: $repo) {
+ milestones(first: 100, query: $title) {
+ nodes {
+ title
+ number
+ openIssueCount
+ }
+ }
+ }
+ }
+ `;
+ const {repository} = await github.graphql(query, {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ title: "${{ inputs.releaseVersion }}"
+ });
+ const [milestone] = repository.milestones.nodes.filter(it => it.title === "${{ inputs.releaseVersion }}")
+ if (!milestone) {
+ throw new Error('Milestone "${{ inputs.releaseVersion }}" not found');
+ }
+ if (milestone.openIssueCount > 0) {
+ throw new Error(`Milestone "${{ inputs.releaseVersion }}" has ${milestone.openIssueCount} open issue(s)`);
+ }
+ const requestBody = {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ milestone_number: milestone.number,
+ state: 'closed',
+ due_on: new Date().toISOString()
+ };
+ console.log(requestBody);
+ await github.rest.issues.updateMilestone(requestBody);
+
+ publish_deployment:
+ name: Publish to Maven Central
+ needs: [ verify_reproducibility, verify_consumability, close_github_milestone ]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 1
+ ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ - name: Release staging repository
+ if: ${{ inputs.dryRun == false }}
+ uses: ./.github/actions/run-gradle
+ env:
+ ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+ ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+ JRELEASER_MAVENCENTRAL_STAGE: PUBLISH
+ JRELEASER_MAVENCENTRAL_DEPLOYMENT_ID: ${{ inputs.deploymentId }}
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+ arguments: jreleaserDeploy
+
+ publish_documentation:
+ name: Publish documentation
+ needs: publish_deployment
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 1
+ ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ - name: Install Graphviz and Poppler
+ run: |
+ sudo apt-get update
+ sudo apt-get install --yes graphviz poppler-utils
+ - name: Configure Git
+ run: |
+ git config --global user.name "JUnit Team"
+ git config --global user.email "team@junit.org"
+ - name: Build documentation
+ uses: ./.github/actions/run-gradle
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+ arguments: |
+ --no-build-cache \
+ --no-configuration-cache \
+ clean \
+ gitPublishCopy \
+ -Pdocumentation.replaceCurrentDocs=${{ contains(inputs.releaseVersion, '-') && 'false' || 'true' }}
+ - name: Publish documentation
+ if: ${{ inputs.dryRun == false }}
+ uses: ./.github/actions/run-gradle
+ env:
+ GIT_USERNAME: git
+ GIT_PASSWORD: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_DOCS_REPO }}
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+ arguments: |
+ --no-build-cache \
+ --no-configuration-cache \
+ gitPublishPush \
+ -Pdocumentation.replaceCurrentDocs=${{ contains(inputs.releaseVersion, '-') && 'false' || 'true' }}
+ - name: Wait for deployment to GitHub Pages
+ if: ${{ inputs.dryRun == false }}
+ id: pagesDeployment
+ timeout-minutes: 20
+ run: |
+ URL="https://docs.junit.org/${{ inputs.releaseVersion }}/user-guide/junit-user-guide-${{ inputs.releaseVersion }}.pdf"
+ ./.github/scripts/waitForUrl.sh "$URL"
+ echo "pdfUrl=$URL" >> "$GITHUB_OUTPUT"
+ - name: Verify integrity of PDF version of User Guide
+ if: ${{ inputs.dryRun == false }}
+ run: |
+ curl --silent --fail --location --output /tmp/junit-user-guide.pdf "${{ steps.pagesDeployment.outputs.pdfUrl }}"
+ pdfinfo /tmp/junit-user-guide.pdf
+
+ update_examples:
+ name: Update examples
+ needs: publish_deployment
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out examples repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ repository: ${{ github.repository_owner }}/junit-examples
+ token: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_EXAMPLES_REPO }}
+ fetch-depth: 1
+ - name: Set up JDK
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ with:
+ java-version: 24
+ distribution: temurin
+ - uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7
+ - name: Update JUnit dependencies in examples
+ run: java src/Updater.java ${{ inputs.releaseVersion }}
+ - name: Build examples
+ if: ${{ inputs.dryRun == false }}
+ run: java src/Builder.java
+ - name: Create release branch
+ run: |
+ git config user.name "JUnit Team"
+ git config user.email "team@junit.org"
+ git switch -c "${{ env.RELEASE_TAG }}"
+ git status
+ git commit -a -m "Use ${{ inputs.releaseVersion }}"
+ - name: Push release branch
+ if: ${{ inputs.dryRun == false }}
+ run: |
+ git push origin "${{ env.RELEASE_TAG }}"
+ - name: Update main branch (only for GA releases)
+ if: ${{ inputs.dryRun == false && !contains(inputs.releaseVersion, '-') }}
+ run: |
+ git switch main
+ git merge --ff-only "${{ env.RELEASE_TAG }}"
+ git push origin main
+
+ create_github_release:
+ name: Create GitHub release
+ if: ${{ inputs.dryRun == false }}
+ needs: [ publish_documentation, update_examples ]
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ steps:
+ - name: Create GitHub release
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const releaseVersion = "${{ inputs.releaseVersion }}";
+ const jupiterVersion = releaseVersion;
+ const vintageVersion = releaseVersion;
+ const platformVersion = "1." + releaseVersion.substring(2);
+ const requestBody = {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ tag_name: `r${releaseVersion}`,
+ name: `JUnit ${releaseVersion}`,
+ generate_release_notes: true,
+ body: `JUnit ${jupiterVersion} = Platform ${platformVersion} + Jupiter ${jupiterVersion} + Vintage ${vintageVersion}\n\nSee [Release Notes](https://docs.junit.org/${releaseVersion}/release-notes/).`,
+ prerelease: releaseVersion.includes("-"),
+ };
+ console.log(requestBody);
+ await github.rest.repos.createRelease(requestBody);
diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml
index 5866318d1356..9b7fa596f125 100644
--- a/.github/workflows/reproducible-build.yml
+++ b/.github/workflows/reproducible-build.yml
@@ -7,7 +7,9 @@ on:
- 'releases/**'
pull_request:
branches:
- - '*'
+ - '**'
+
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
@@ -18,14 +20,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Restore Gradle cache and display toolchains
uses: ./.github/actions/run-gradle
with:
- arguments: --quiet
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+ arguments: |
+ --quiet \
+ --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
- name: Build and compare checksums
shell: bash
- run: |
- ./gradle/scripts/checkBuildReproducibility.sh
+ run: ./.github/scripts/checkBuildReproducibility.sh
diff --git a/.github/workflows/sanitize-closed-issues.yml b/.github/workflows/sanitize-closed-issues.yml
new file mode 100644
index 000000000000..ca77b2bd4f9d
--- /dev/null
+++ b/.github/workflows/sanitize-closed-issues.yml
@@ -0,0 +1,80 @@
+name: Sanitizes assigned labels and milestone on closed issues
+on:
+ issues:
+ types:
+ - closed
+permissions: {}
+jobs:
+ label_issues:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ steps:
+ - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const issue = await github.rest.issues.get({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ });
+ const originalLabels = issue.data.labels.map(l => l.name);
+ const newLabels = originalLabels.filter(l => l !== "status: in progress" && l !== "status: new");
+ if (newLabels.length !== originalLabels.length) {
+ await github.rest.issues.update({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ labels: newLabels,
+ });
+ }
+ if (issue.data.state_reason === "not_planned" || issue.data.state_reason === "duplicate") {
+ if (issue.data.milestone) {
+ await github.rest.issues.update({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ milestone: null,
+ });
+ }
+ const statusLabels = newLabels.filter(l => l.startsWith("status: "));
+ if (statusLabels.length === 0) {
+ if (issue.data.state_reason === "not_planned") {
+ await github.rest.issues.createComment({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: "Please assign a status label to this issue.",
+ });
+ await github.rest.issues.update({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ state: "open",
+ });
+ } else {
+ newLabels.push("status: duplicate");
+ await github.rest.issues.update({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ labels: newLabels,
+ });
+ }
+ }
+ } else {
+ if (!(newLabels.includes("type: task") || newLabels.includes("type: question")) && !issue.data.milestone) {
+ await github.rest.issues.createComment({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: "Please assign a milestone to this issue or label it with `type: task` or `type: question`.",
+ });
+ await github.rest.issues.update({
+ issue_number: issue.data.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ state: "open",
+ });
+ }
+ }
diff --git a/.gitignore b/.gitignore
index 2764c9175b99..2ff2b321ef5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
# Gradle
.gradle
+.kotlin
build
# Ignore Gradle GUI config
@@ -30,5 +31,10 @@ gradle-app.setting
coverage.db*
.metadata
/.sdkmanrc
+/.tool-versions
checksums*
+
+# snapshot-tests
+*.snapshot_actual
+*.snapshot_raw
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
index e6094d409c45..da9a350c8e4c 100644
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@@ -7,12 +7,13 @@