Merge pull request #61 from xdev-software/develop

Release

Author: AB-xdev

.config/pmd/java/ruleset.xml

@@ -13,32 +13,32 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - run: mv .github/.lycheeignore .lycheeignore
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2
+        uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2
         with:
           fail: false # Don't fail on broken links, create an issue instead
 
       - name: Find already existing issue
         id: find-issue
         run: |
-          echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title \"Link Checker Report\"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT
+          echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title "Link Checker Report"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT
         env:
           GH_TOKEN: ${{ github.token }}
-          
+
       - name: Close issue if everything is fine
-        if: env.lychee_exit_code == 0 && steps.find-issue.outputs.number != ''
+        if: steps.lychee.outputs.exit_code == 0 && steps.find-issue.outputs.number != ''
         run: gh issue close -r 'not planned' ${{ steps.find-issue.outputs.number }}
         env:
           GH_TOKEN: ${{ github.token }}
 
       - name: Create Issue From File
-        if: env.lychee_exit_code != 0
-        uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5
+        if: steps.lychee.outputs.exit_code != 0
+        uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6
         with:
           issue-number: ${{ steps.find-issue.outputs.number }}
           title: Link Checker Report

.github/workflows/broken-links.yml

@@ -20,32 +20,45 @@ on:
       - 'assets/**'
 
 env:
-  PRIMARY_MAVEN_MODULE: ${{ github.event.repository.name }}
   DEMO_MAVEN_MODULE: ${{ github.event.repository.name }}-demo
 
 jobs:
   build:
     runs-on: ubuntu-latest
     timeout-minutes: 30
-
     strategy:
       matrix:
-        java: [17, 21]
+        java: [17, 21, 25]
         distribution: [temurin]
-
     steps:
-    - uses: actions/checkout@v4
-      
+    - uses: actions/checkout@v5
+
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
-        cache: 'maven'
-      
+
+    - name: Cache Maven
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-mvn-build-
+
+    - name: Cache Vaadin prod bundles
+      uses: actions/cache@v4
+      with:
+        path: |
+          **/bundles/prod.bundle
+        key: ${{ runner.os }}-vaadin-prod-bundles-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-vaadin-prod-bundles-
+
     - name: Build with Maven
-      run: ./mvnw -B clean package -Pproduction
-      
+      run: ./mvnw -B clean package
+
     - name: Check for uncommited changes
       run: |
         if [[ "$(git status --porcelain)" != "" ]]; then
@@ -75,21 +88,34 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
     timeout-minutes: 15
-
     strategy:
       matrix:
         java: [17]
         distribution: [temurin]
-
     steps:
-    - uses: actions/checkout@v4
-      
+    - uses: actions/checkout@v5
+
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
-        cache: 'maven'
+
+    - name: Cache Maven
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-mvn-checkstyle-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-mvn-checkstyle-
+
+    - name: CheckStyle Cache
+      uses: actions/cache@v4
+      with:
+        path: '**/target/checkstyle-cachefile'
+        key: ${{ runner.os }}-checkstyle-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-checkstyle-
 
     - name: Run Checkstyle
       run: ./mvnw -B checkstyle:check -P checkstyle -T2C
@@ -98,21 +124,34 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
     timeout-minutes: 15
-
     strategy:
       matrix:
         java: [17]
         distribution: [temurin]
-
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
-        cache: 'maven'
+
+    - name: Cache Maven
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-mvn-pmd-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-mvn-pmd-
+
+    - name: PMD Cache
+      uses: actions/cache@v4
+      with:
+        path: '**/target/pmd/pmd.cache'
+        key: ${{ runner.os }}-pmd-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-pmd-
 
     - name: Run PMD
       run: ./mvnw -B test pmd:aggregate-pmd-no-fork pmd:check -P pmd -DskipTests -T2C

.github/workflows/check-build.yml

@@ -11,20 +11,30 @@ permissions:
   contents: write
   pull-requests: write
 
+# DO NOT RESTORE CACHE for critical release steps to prevent a (extremely unlikely) scenario 
+# where a supply chain attack could be achieved due to poisoned cache
 jobs:
   check-code:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v4
-      
+    - uses: actions/checkout@v5
+
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: '17'
         distribution: 'temurin'
-        cache: 'maven'
-      
+
+    # Try to reuse existing cache from check-build
+    - name: Try restore Maven Cache
+      uses: actions/cache/restore@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-mvn-build-
+
     - name: Build with Maven
       run: ./mvnw -B clean package -Pproduction -T2C
 
@@ -51,45 +61,37 @@ jobs:
     needs: [check-code]
     timeout-minutes: 10
     outputs:
-      upload_url: ${{ steps.create_release.outputs.upload_url }}
+      upload_url: ${{ steps.create-release.outputs.upload_url }}
     steps:
-    - uses: actions/checkout@v4
-      
+    - uses: actions/checkout@v5
+
     - name: Configure Git
       run: |
         git config --global user.email "actions@github.com"
         git config --global user.name "GitHub Actions"
-  
+
     - name: Un-SNAP 
-      run: |
-        mvnwPath=$(readlink -f ./mvnw)
-        modules=("") # root
-        modules+=($(grep -oP '(?<=<module>)[^<]+' 'pom.xml'))
-        for i in "${modules[@]}"
-        do
-            echo "Processing $i/pom.xml"
-            (cd "$i" && $mvnwPath -B versions:set -DremoveSnapshot -DgenerateBackupPoms=false)
-        done
-  
+      run: ./mvnw -B versions:set -DremoveSnapshot -DprocessAllModules -DgenerateBackupPoms=false
+
     - name: Get version
       id: version
       run: |
         version=$(../mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
         echo "release=$version" >> $GITHUB_OUTPUT
         echo "releasenumber=${version//[!0-9]/}" >> $GITHUB_OUTPUT
       working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
-  
+
     - name: Commit and Push
       run: |
         git add -A
         git commit -m "Release ${{ steps.version.outputs.release }}"
         git push origin
         git tag v${{ steps.version.outputs.release }}
         git push origin --tags
-    
+
     - name: Create Release
-      id: create_release
-      uses: shogo82148/actions-create-release@4661dc54f7b4b564074e9fbf73884d960de569a3 # v1
+      id: create-release
+      uses: shogo82148/actions-create-release@7b89596097b26731bda0852f1504f813499079ee # v1
       with:
         tag_name: v${{ steps.version.outputs.release }}
         release_name: v${{ steps.version.outputs.release }}
@@ -116,27 +118,43 @@ jobs:
     needs: [prepare-release]
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v4
-    
+    - uses: actions/checkout@v5
+
     - name: Init Git and pull
       run: |
         git config --global user.email "actions@github.com"
         git config --global user.name "GitHub Actions"
         git pull
-    
+
     - name: Set up JDK
-      uses: actions/setup-java@v4
-      with: # running setup-java again overwrites the settings.xml
+      uses: actions/setup-java@v5
+      with: # running setup-java overwrites the settings.xml
+        distribution: 'temurin'
         java-version: '17'
+        server-id: github-central
+        server-password: PACKAGES_CENTRAL_TOKEN
+        gpg-passphrase: MAVEN_GPG_PASSPHRASE
+        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Only import once
+
+    - name: Publish to GitHub Packages Central
+      run: ../mvnw -B deploy -P publish -DskipTests -DaltDeploymentRepository=github-central::https://maven.pkg.github.com/xdev-software/central
+      working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
+      env:
+        PACKAGES_CENTRAL_TOKEN: ${{ secrets.PACKAGES_CENTRAL_TOKEN }}
+        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+    - name: Set up JDK
+      uses: actions/setup-java@v5
+      with: # running setup-java again overwrites the settings.xml
         distribution: 'temurin'
+        java-version: '17'
         server-id: sonatype-central-portal
         server-username: MAVEN_CENTRAL_USERNAME
         server-password: MAVEN_CENTRAL_TOKEN
         gpg-passphrase: MAVEN_GPG_PASSPHRASE
-        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 
     - name: Publish to Central Portal
-      run: ../mvnw -B deploy -P publish-sonatype-central-portal -DskipTests
+      run: ../mvnw -B deploy -P publish,publish-sonatype-central-portal -DskipTests
       env:
         MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_USERNAME }}
         MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_TOKEN }}
@@ -148,20 +166,28 @@ jobs:
     needs: [prepare-release]
     timeout-minutes: 15
     steps:
-    - uses: actions/checkout@v4
-      
+    - uses: actions/checkout@v5
+
     - name: Init Git and pull
       run: |
         git config --global user.email "actions@github.com"
         git config --global user.name "GitHub Actions"
         git pull
 
     - name: Setup - Java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: '17'
         distribution: 'temurin'
-        cache: 'maven'
+
+    # Try to reuse existing cache from check-build
+    - name: Try restore Maven Cache
+      uses: actions/cache/restore@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-mvn-build-
 
     - name: Build site
       run: ../mvnw -B compile site -DskipTests -T2C
@@ -179,31 +205,23 @@ jobs:
     needs: [publish-maven]
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v4
-      
+    - uses: actions/checkout@v5
+
     - name: Init Git and pull
       run: |
         git config --global user.email "actions@github.com"
         git config --global user.name "GitHub Actions"
         git pull
 
     - name: Inc Version and SNAP 
-      run: |
-        mvnwPath=$(readlink -f ./mvnw)
-        modules=("") # root
-        modules+=($(grep -oP '(?<=<module>)[^<]+' 'pom.xml'))
-        for i in "${modules[@]}"
-        do
-            echo "Processing $i/pom.xml"
-            (cd "$i" && $mvnwPath -B build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.nextIncrementalVersion} -DgenerateBackupPoms=false -DnextSnapshot=true -DupdateMatchingVersions=false)
-        done
+      run: ./mvnw -B versions:set -DnextSnapshot -DprocessAllModules -DgenerateBackupPoms=false
 
     - name: Git Commit and Push
       run: |
         git add -A
         git commit -m "Preparing for next development iteration"
         git push origin
-    
+
     - name: pull-request
       env:
         GH_TOKEN: ${{ github.token }}