diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index e08387a..c838268 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -13,6 +13,8 @@ jobs: contents: read steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Configure broken links checker run: | mkdir -p ./target diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c264ff..4cb6e4f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: strategy: fail-fast: true matrix: - java: [17, 21, 24] + java: [17, 21, 25] name: "Build with Java ${{ matrix.java }}" env: DEFAULT_JAVA: 17 @@ -27,14 +27,12 @@ jobs: - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - uses: actions/setup-java@v5 with: distribution: 'temurin' - java-version: | - 17 - 21 - 24 + java-version: ${{ matrix.java }} cache: 'maven' - name: Cache SonarQube packages @@ -45,7 +43,7 @@ jobs: restore-keys: ${{ runner.os }}-java-${{ matrix.java }}-sonar - name: Build with Maven - run: mvn --errors --batch-mode clean org.jacoco:jacoco-maven-plugin:prepare-agent install -Djava.version=${{ matrix.java }} + run: mvn --errors --batch-mode clean org.jacoco:jacoco-maven-plugin:prepare-agent install -DossindexSkip=true -Djava.version=${{ matrix.java }} - name: Build example projects run: | @@ -73,6 +71,7 @@ jobs: - name: Verify reproducible build run: | mvn --batch-mode clean verify artifact:compare -DskipTests \ + -DossindexSkip=true \ -Djava.version=${{ matrix.java }} - name: Archive aggregated reproducible build report @@ -84,8 +83,38 @@ jobs: target/*.buildinfo if-no-files-found: error - build: - needs: matrix-build + ossindex: runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions/setup-java@v5 + with: + cache: maven + distribution: temurin + java-version: 17 + server-id: ossindex + server-username: OSSINDEX_USERNAME + server-password: OSSINDEX_TOKEN + - name: Ossindex + if: ${{ env.OSSINDEX_USERNAME != null && env.OSSINDEX_TOKEN != null }} + run: | + mvn --errors --batch-mode test-compile -Djava.version=17 \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate + env: + OSSINDEX_USERNAME: ${{ secrets.OSSINDEX_USERNAME }} + OSSINDEX_TOKEN: ${{ secrets.OSSINDEX_TOKEN }} + + build: + permissions: + contents: read + needs: + - matrix-build + - ossindex + runs-on: ubuntu-slim steps: - run: echo "Build successful" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e9edfe2..ef15614 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,6 +20,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v6 + with: + persist-credentials: false - uses: actions/setup-java@v5 with: @@ -32,8 +34,9 @@ jobs: with: languages: java - - name: Autobuild - uses: github/codeql-action/autobuild@v4 + - name: Build + # gitcommitid plugin requires a newer version of maven, so we skip it here + run: mvn --batch-mode --errors -Dmaven.gitcommitid.skip=true clean compile - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 89596c3..a265298 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,11 @@ on: required: true type: boolean default: false + auto-publish-maven-central: + description: "Auto-publish to Maven Central" + required: true + type: boolean + default: true jobs: release: @@ -23,6 +28,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 + with: + persist-credentials: true - name: Fail if not running on main branch if: ${{ github.ref != 'refs/heads/main' }} @@ -37,25 +44,30 @@ jobs: distribution: "temurin" java-version: 17 cache: "maven" - server-id: ossrh + server-id: central server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE - name: Build - run: mvn --batch-mode -T 1C clean install + run: mvn --batch-mode -DossindexSkip=true clean install - name: List secret GPG keys run: gpg --list-secret-keys - name: Publish to Maven Central Repository if: ${{ !inputs.skip-deploy-maven-central }} - run: mvn --batch-mode deploy -Possrh -DstagingDescription="Deployed via GitHub workflow release.yml" + run: | + mvn --batch-mode deploy -PcentralPublishing -DossindexSkip=true \ + -DcentralPublishingSkipPublishing=false \ + -DcentralPublishingAutoPublish=${AUTO_PUBLISH} \ + -DcentralPublishingDeploymentName="Deploy OFT Maven Plugin via release.yml" env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_PORTAL_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN }} MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} + AUTO_PUBLISH: ${{ inputs.auto-publish-maven-central }} - name: Create GitHub Release run: ./.github/workflows/github_release.sh diff --git a/.vscode/settings.json b/.vscode/settings.json index 9ed545b..42b1d1c 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -6,7 +6,6 @@ "source.generate.finalModifiers": "explicit", "source.fixAll": "explicit" }, - "java.saveActions.organizeImports": true, "java.sources.organizeImports.starThreshold": 3, "java.sources.organizeImports.staticStarThreshold": 3, "java.configuration.updateBuildConfiguration": "automatic", diff --git a/CHANGELOG.md b/CHANGELOG.md index 4292a42..abe27c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [2.3.1] - Unreleased +## [2.3.2] - Unreleased -- [#75](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/75) Upgrade dependencies +## [2.3.1] - 2026-05-18 + +- [PR #75](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/75) Upgrade dependencies +- [PR #87](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/87) Upgrade to OFT 4.4.0, upgrade dependencies and Maven Central release process +- [#85](https://github.com/itsallcode/openfasttrace-maven-plugin/issues/85) Document how to run tracing with custom directories ## [2.3.0] - 2024-11-13 diff --git a/README.md b/README.md index 751cebb..44510bb 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Add the openfasttrace-maven-plugin to your `pom.xml`: org.itsallcode openfasttrace-maven-plugin - 2.3.0 + 2.3.1 trace-requirements @@ -69,7 +69,7 @@ You can use OpenFastTrace plugins to import and export requirements in additiona org.itsallcode openfasttrace-maven-plugin - 2.3.0 + 2.3.1 true @@ -110,7 +110,7 @@ The following snipped adds source directory `src/main/rust` and test source dire org.codehaus.mojo build-helper-maven-plugin - 3.6.0 + 3.6.1 add-source @@ -140,6 +140,12 @@ The following snipped adds source directory `src/main/rust` and test source dire ``` +**Important:** When you add a directory via `build-helper-maven-plugin`, you need to resolve source directories before running OFT. This happens automatically when running `mvn verify`. If you want to run only OFT tracing, you need to do the following: + +```sh +mvn generate-sources openfasttrace:trace +``` + ##### Adding Custom Resource Directories You can add additional resource directories using the [Maven Resources Plugin](https://maven.apache.org/plugins/maven-resources-plugin/examples/resource-directory.html). The following snipped adds `src/custom-resources` as additional resource directory: diff --git a/launch/OFT Maven-Plugin - Run all tests.launch b/launch/OFT Maven-Plugin - Run all tests.launch deleted file mode 100644 index 0f0549c..0000000 --- a/launch/OFT Maven-Plugin - Run all tests.launch +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/pom.xml b/pom.xml index 1293924..2207b1d 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.itsallcode openfasttrace-maven-plugin - 2.3.0 + 2.3.1 maven-plugin OpenFastTrace Maven Plugin @@ -15,14 +15,15 @@ UTF-8 17 - 4.2.0 - - 3.8.7 - true - 0.8.13 + 4.4.0 + + 3.8.9 + 0.8.14 + 3.15.2 itsallcode https://sonarcloud.io ${git.commit.time} + false @@ -56,18 +57,6 @@ https://github.com/itsallcode/openfasttrace-maven-plugin - - - ossrh - https://oss.sonatype.org/content/repositories/snapshots - - - ossrh - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - - - ${maven.core.version} @@ -88,7 +77,9 @@ org.codehaus.plexus plexus-utils - 3.6.0 + + 3.6.1 + provided org.apache.maven @@ -112,7 +103,7 @@ org.apache.commons commons-lang3 - 3.18.0 + 3.20.0 provided @@ -126,14 +117,14 @@ commons-io commons-io - 2.20.0 + 2.22.0 test org.codehaus.plexus plexus-archiver - 4.10.1 + 4.11.0 test @@ -158,31 +149,31 @@ com.exasol maven-project-version-getter - 1.2.1 + 1.2.2 test com.exasol maven-plugin-integration-testing - 1.1.3 + 1.1.5 test org.junit.jupiter - junit-jupiter-params - 5.13.4 + junit-jupiter + 6.0.3 test org.mockito mockito-junit-jupiter - 5.19.0 + 5.23.0 test org.itsallcode hamcrest-auto-matcher - 0.8.2 + 0.8.3 test @@ -196,18 +187,23 @@ - ossrh + central-publishing + + false + false + Manual deployment of OFT Maven Plugin + - org.sonatype.plugins - nexus-staging-maven-plugin - 1.7.0 + org.sonatype.central + central-publishing-maven-plugin + 0.10.0 true - ossrh - https://oss.sonatype.org/ - true + central + true + validated @@ -239,7 +235,7 @@ io.github.git-commit-id git-commit-id-maven-plugin - 9.0.2 + 10.0.0 get-the-git-infos @@ -280,7 +276,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.6.1 + 3.6.2 enforce-maven @@ -315,7 +311,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.14.0 + 3.15.0 ${java.version} ${java.version} @@ -323,7 +319,7 @@ org.apache.maven.plugins maven-plugin-plugin - 3.14.0 + ${mavenPluginPluginVersion} @@ -336,7 +332,7 @@ org.apache.maven.plugins maven-plugin-plugin - 3.15.1 + ${mavenPluginPluginVersion} openfasttrace false @@ -361,12 +357,12 @@ org.apache.maven.plugins maven-jar-plugin - 3.4.2 + 3.5.0 org.apache.maven.plugins maven-source-plugin - 3.3.1 + 3.4.0 attach-sources @@ -379,7 +375,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.11.3 + 3.12.0 attach-javadocs @@ -447,7 +443,7 @@ org.apache.maven.plugins maven-dependency-plugin - 3.8.1 + 3.10.0 copy-jacoco @@ -467,7 +463,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.4 + 3.5.5 src/test/resources/logging.properties @@ -477,7 +473,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.5.4 + 3.5.5 true @@ -496,7 +492,7 @@ org.codehaus.mojo versions-maven-plugin - 2.19.0 + 2.21.0 @@ -521,6 +517,8 @@ + ossindex + ${ossindexSkip} CVE-2023-2976 @@ -561,7 +559,7 @@ org.apache.maven.plugins maven-artifact-plugin - 3.6.0 + 3.6.1 verify-reproducible-build diff --git a/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java b/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java index 5d7719a..4a83b99 100644 --- a/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java +++ b/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java @@ -244,6 +244,7 @@ void testTracingSelectedTags(final String tags, final int expectedItemCount) thr private static void runTracingMojo(final Path projectDir) throws Exception { + LOG.info("Running tracing in " + projectDir + "..."); final Verifier verifier = mvnITEnv.getVerifier(projectDir); verifier.executeGoal(OFT_GOAL); verifier.verifyErrorFreeLog(); diff --git a/src/test/resources/project-with-multiple-languages/pom.xml b/src/test/resources/project-with-multiple-languages/pom.xml index 6a379a3..d390c44 100644 --- a/src/test/resources/project-with-multiple-languages/pom.xml +++ b/src/test/resources/project-with-multiple-languages/pom.xml @@ -22,7 +22,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.15.0 17 17 @@ -31,7 +31,7 @@ org.codehaus.mojo build-helper-maven-plugin - 3.6.0 + 3.6.1 add-source