From fd4469eb781c47caeab8b79cea57aa9454bb94e9 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 06:42:38 +0200 Subject: [PATCH 01/10] Upgrade dependencies --- .github/workflows/broken_links_checker.yml | 2 + .github/workflows/build.yml | 38 ++++++++- .github/workflows/codeql-analysis.yml | 2 + .github/workflows/release.yml | 16 +++- .vscode/settings.json | 1 - CHANGELOG.md | 5 +- README.md | 12 ++- .../OFT Maven-Plugin - Run all tests.launch | 22 ------ pom.xml | 78 +++++++++---------- .../project-with-multiple-languages/pom.xml | 4 +- 10 files changed, 105 insertions(+), 75 deletions(-) delete mode 100644 launch/OFT Maven-Plugin - Run all tests.launch diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index e08387a..c838268 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -13,6 +13,8 @@ jobs: contents: read steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Configure broken links checker run: | mkdir -p ./target diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c264ff..e2f63d9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,7 @@ jobs: - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - uses: actions/setup-java@v5 with: @@ -45,7 +46,7 @@ jobs: restore-keys: ${{ runner.os }}-java-${{ matrix.java }}-sonar - name: Build with Maven - run: mvn --errors --batch-mode clean org.jacoco:jacoco-maven-plugin:prepare-agent install -Djava.version=${{ matrix.java }} + run: mvn --errors --batch-mode clean org.jacoco:jacoco-maven-plugin:prepare-agent install -DossindexSkip=true -Djava.version=${{ matrix.java }} - name: Build example projects run: | @@ -73,6 +74,7 @@ jobs: - name: Verify reproducible build run: | mvn --batch-mode clean verify artifact:compare -DskipTests \ + -DossindexSkip=true \ -Djava.version=${{ matrix.java }} - name: Archive aggregated reproducible build report @@ -84,8 +86,38 @@ jobs: target/*.buildinfo if-no-files-found: error - build: - needs: matrix-build + ossindex: runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions/setup-java@v5 + with: + cache: maven + distribution: temurin + java-version: 17 + server-id: ossindex + server-username: OSSINDEX_USERNAME + server-password: OSSINDEX_TOKEN + - name: Ossindex + if: ${{ env.OSSINDEX_USERNAME != null && env.OSSINDEX_TOKEN != null }} + run: | + mvn --errors --batch-mode test-compile -Djava.version=17 \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate + env: + OSSINDEX_USERNAME: ${{ secrets.OSSINDEX_USERNAME }} + OSSINDEX_TOKEN: ${{ secrets.OSSINDEX_TOKEN }} + + build: + permissions: + contents: read + needs: + - matrix-build + - ossindex + runs-on: ubuntu-slim steps: - run: echo "Build successful" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e9edfe2..8615f2d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,6 +20,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v6 + with: + persist-credentials: false - uses: actions/setup-java@v5 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 89596c3..5d5f61e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,11 @@ on: required: true type: boolean default: false + auto-publish-maven-central: + description: "Auto-publish to Maven Central" + required: true + type: boolean + default: true jobs: release: @@ -23,6 +28,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 + with: + persist-credentials: true - name: Fail if not running on main branch if: ${{ github.ref != 'refs/heads/main' }} @@ -44,18 +51,23 @@ jobs: gpg-passphrase: MAVEN_GPG_PASSPHRASE - name: Build - run: mvn --batch-mode -T 1C clean install + run: mvn --batch-mode -DossindexSkip=true clean install - name: List secret GPG keys run: gpg --list-secret-keys - name: Publish to Maven Central Repository if: ${{ !inputs.skip-deploy-maven-central }} - run: mvn --batch-mode deploy -Possrh -DstagingDescription="Deployed via GitHub workflow release.yml" + run: | + mvn --batch-mode deploy -PcentralPublishing -DossindexSkip=true \ + -DcentralPublishingSkipPublishing=false \ + -DcentralPublishingAutoPublish=${AUTO_PUBLISH} \ + -DcentralPublishingDeploymentName="Deploy OFT Maven Plugin via release.yml" env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} + AUTO_PUBLISH: ${{ inputs.auto-publish-maven-central }} - name: Create GitHub Release run: ./.github/workflows/github_release.sh diff --git a/.vscode/settings.json b/.vscode/settings.json index 9ed545b..42b1d1c 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -6,7 +6,6 @@ "source.generate.finalModifiers": "explicit", "source.fixAll": "explicit" }, - "java.saveActions.organizeImports": true, "java.sources.organizeImports.starThreshold": 3, "java.sources.organizeImports.staticStarThreshold": 3, "java.configuration.updateBuildConfiguration": "automatic", diff --git a/CHANGELOG.md b/CHANGELOG.md index 4292a42..d643266 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [2.3.1] - Unreleased +## [2.3.2] - Unreleased + +## [2.3.1] - 2026-05-?? - [#75](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/75) Upgrade dependencies +- [#]() Upgrade to OFT 4.4.0, upgrade dependencies and Maven Central release process ## [2.3.0] - 2024-11-13 diff --git a/README.md b/README.md index 751cebb..44510bb 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Add the openfasttrace-maven-plugin to your `pom.xml`: org.itsallcode openfasttrace-maven-plugin - 2.3.0 + 2.3.1 trace-requirements @@ -69,7 +69,7 @@ You can use OpenFastTrace plugins to import and export requirements in additiona org.itsallcode openfasttrace-maven-plugin - 2.3.0 + 2.3.1 true @@ -110,7 +110,7 @@ The following snipped adds source directory `src/main/rust` and test source dire org.codehaus.mojo build-helper-maven-plugin - 3.6.0 + 3.6.1 add-source @@ -140,6 +140,12 @@ The following snipped adds source directory `src/main/rust` and test source dire ``` +**Important:** When you add a directory via `build-helper-maven-plugin`, you need to resolve source directories before running OFT. This happens automatically when running `mvn verify`. If you want to run only OFT tracing, you need to do the following: + +```sh +mvn generate-sources openfasttrace:trace +``` + ##### Adding Custom Resource Directories You can add additional resource directories using the [Maven Resources Plugin](https://maven.apache.org/plugins/maven-resources-plugin/examples/resource-directory.html). The following snipped adds `src/custom-resources` as additional resource directory: diff --git a/launch/OFT Maven-Plugin - Run all tests.launch b/launch/OFT Maven-Plugin - Run all tests.launch deleted file mode 100644 index 0f0549c..0000000 --- a/launch/OFT Maven-Plugin - Run all tests.launch +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/pom.xml b/pom.xml index 1293924..02d923d 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.itsallcode openfasttrace-maven-plugin - 2.3.0 + 2.3.1 maven-plugin OpenFastTrace Maven Plugin @@ -16,13 +16,14 @@ UTF-8 17 4.2.0 - - 3.8.7 - true - 0.8.13 + + 3.8.9 + 0.8.14 + 3.15.2 itsallcode https://sonarcloud.io ${git.commit.time} + false @@ -56,18 +57,6 @@ https://github.com/itsallcode/openfasttrace-maven-plugin - - - ossrh - https://oss.sonatype.org/content/repositories/snapshots - - - ossrh - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - - - ${maven.core.version} @@ -112,7 +101,7 @@ org.apache.commons commons-lang3 - 3.18.0 + 3.20.0 provided @@ -126,7 +115,7 @@ commons-io commons-io - 2.20.0 + 2.22.0 test @@ -158,13 +147,13 @@ com.exasol maven-project-version-getter - 1.2.1 + 1.2.2 test com.exasol maven-plugin-integration-testing - 1.1.3 + 1.1.5 test @@ -196,18 +185,23 @@ - ossrh + central-publishing + + false + false + Manual deployment of OFT Maven Plugin + - org.sonatype.plugins - nexus-staging-maven-plugin - 1.7.0 + org.sonatype.central + central-publishing-maven-plugin + 0.10.0 true - ossrh - https://oss.sonatype.org/ - true + central + true + validated @@ -239,7 +233,7 @@ io.github.git-commit-id git-commit-id-maven-plugin - 9.0.2 + 10.0.0 get-the-git-infos @@ -280,7 +274,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.6.1 + 3.6.2 enforce-maven @@ -315,7 +309,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.14.0 + 3.15.0 ${java.version} ${java.version} @@ -323,7 +317,7 @@ org.apache.maven.plugins maven-plugin-plugin - 3.14.0 + ${mavenPluginPluginVersion} @@ -336,7 +330,7 @@ org.apache.maven.plugins maven-plugin-plugin - 3.15.1 + ${mavenPluginPluginVersion} openfasttrace false @@ -361,12 +355,12 @@ org.apache.maven.plugins maven-jar-plugin - 3.4.2 + 3.5.0 org.apache.maven.plugins maven-source-plugin - 3.3.1 + 3.4.0 attach-sources @@ -379,7 +373,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.11.3 + 3.12.0 attach-javadocs @@ -447,7 +441,7 @@ org.apache.maven.plugins maven-dependency-plugin - 3.8.1 + 3.10.0 copy-jacoco @@ -467,7 +461,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.4 + 3.5.5 src/test/resources/logging.properties @@ -477,7 +471,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.5.4 + 3.5.5 true @@ -496,7 +490,7 @@ org.codehaus.mojo versions-maven-plugin - 2.19.0 + 2.21.0 @@ -521,6 +515,8 @@ + ossindex + ${ossindexSkip} CVE-2023-2976 @@ -561,7 +557,7 @@ org.apache.maven.plugins maven-artifact-plugin - 3.6.0 + 3.6.1 verify-reproducible-build diff --git a/src/test/resources/project-with-multiple-languages/pom.xml b/src/test/resources/project-with-multiple-languages/pom.xml index 6a379a3..d390c44 100644 --- a/src/test/resources/project-with-multiple-languages/pom.xml +++ b/src/test/resources/project-with-multiple-languages/pom.xml @@ -22,7 +22,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.15.0 17 17 @@ -31,7 +31,7 @@ org.codehaus.mojo build-helper-maven-plugin - 3.6.0 + 3.6.1 add-source From 11312e46d1c671576d571ac964ac47b39068fbe1 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 09:48:23 +0200 Subject: [PATCH 02/10] Fix pom syntax --- pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 02d923d..9003ddd 100644 --- a/pom.xml +++ b/pom.xml @@ -186,12 +186,12 @@ central-publishing + + false + false + Manual deployment of OFT Maven Plugin + - - false - false - Manual deployment of OFT Maven Plugin - org.sonatype.central From 6bcb0c6a851dec83ad877d5f304d3021cef78268 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 09:53:12 +0200 Subject: [PATCH 03/10] Upgrade dependencies --- pom.xml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 9003ddd..0381cd7 100644 --- a/pom.xml +++ b/pom.xml @@ -15,7 +15,7 @@ UTF-8 17 - 4.2.0 + 4.4.0 3.8.9 0.8.14 @@ -77,7 +77,9 @@ org.codehaus.plexus plexus-utils - 3.6.0 + + 3.6.1 + provided org.apache.maven @@ -122,7 +124,7 @@ org.codehaus.plexus plexus-archiver - 4.10.1 + 4.11.0 test @@ -159,19 +161,19 @@ org.junit.jupiter junit-jupiter-params - 5.13.4 + 6.0.3 test org.mockito mockito-junit-jupiter - 5.19.0 + 5.23.0 test org.itsallcode hamcrest-auto-matcher - 0.8.2 + 0.8.3 test From 987656d805286a840f64557dbb85506fe22bca52 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 09:54:58 +0200 Subject: [PATCH 04/10] Fix codeql build --- .github/workflows/codeql-analysis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8615f2d..ef15614 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -34,8 +34,9 @@ jobs: with: languages: java - - name: Autobuild - uses: github/codeql-action/autobuild@v4 + - name: Build + # gitcommitid plugin requires a newer version of maven, so we skip it here + run: mvn --batch-mode --errors -Dmaven.gitcommitid.skip=true clean compile - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 From 6b214f860d25417bb10de6153763cd1851152665 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 09:56:06 +0200 Subject: [PATCH 05/10] Update release date --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d643266..4dd6808 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [2.3.2] - Unreleased -## [2.3.1] - 2026-05-?? +## [2.3.1] - 2026-05-18 - [#75](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/75) Upgrade dependencies - [#]() Upgrade to OFT 4.4.0, upgrade dependencies and Maven Central release process From 4e582586a3fbaf28aa2591c161dd603ea71655cd Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 09:57:13 +0200 Subject: [PATCH 06/10] Update changelog --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4dd6808..abe27c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,8 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [2.3.1] - 2026-05-18 -- [#75](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/75) Upgrade dependencies -- [#]() Upgrade to OFT 4.4.0, upgrade dependencies and Maven Central release process +- [PR #75](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/75) Upgrade dependencies +- [PR #87](https://github.com/itsallcode/openfasttrace-maven-plugin/pull/87) Upgrade to OFT 4.4.0, upgrade dependencies and Maven Central release process +- [#85](https://github.com/itsallcode/openfasttrace-maven-plugin/issues/85) Document how to run tracing with custom directories ## [2.3.0] - 2024-11-13 From 5b5a8dfd04d1189ed60bdad775e5a97cec6982b6 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 10:01:24 +0200 Subject: [PATCH 07/10] Update release process --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5d5f61e..a265298 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,7 @@ jobs: distribution: "temurin" java-version: 17 cache: "maven" - server-id: ossrh + server-id: central server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} @@ -64,8 +64,8 @@ jobs: -DcentralPublishingAutoPublish=${AUTO_PUBLISH} \ -DcentralPublishingDeploymentName="Deploy OFT Maven Plugin via release.yml" env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_PORTAL_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN }} MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} AUTO_PUBLISH: ${{ inputs.auto-publish-maven-central }} From 8efcde6bae30f634ef88c20df1c2bbabc6e2206c Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 10:19:09 +0200 Subject: [PATCH 08/10] Fix running tests in vscode --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0381cd7..2207b1d 100644 --- a/pom.xml +++ b/pom.xml @@ -160,7 +160,7 @@ org.junit.jupiter - junit-jupiter-params + junit-jupiter 6.0.3 test From 263018a1e7afff4332242c487dd7ee81572c4bff Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 10:32:04 +0200 Subject: [PATCH 09/10] Build with Java 25 instead of 24 --- .github/workflows/build.yml | 2 +- .../java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e2f63d9..8aaa8b2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: strategy: fail-fast: true matrix: - java: [17, 21, 24] + java: [17, 21, 25] name: "Build with Java ${{ matrix.java }}" env: DEFAULT_JAVA: 17 diff --git a/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java b/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java index 5d7719a..4a83b99 100644 --- a/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java +++ b/src/test/java/org/itsallcode/openfasttrace/maven/TraceMojoIT.java @@ -244,6 +244,7 @@ void testTracingSelectedTags(final String tags, final int expectedItemCount) thr private static void runTracingMojo(final Path projectDir) throws Exception { + LOG.info("Running tracing in " + projectDir + "..."); final Verifier verifier = mvnITEnv.getVerifier(projectDir); verifier.executeGoal(OFT_GOAL); verifier.verifyErrorFreeLog(); From e28d0d1090748809c2d100a8e4b12416282f6c53 Mon Sep 17 00:00:00 2001 From: kaklakariada Date: Mon, 18 May 2026 10:33:28 +0200 Subject: [PATCH 10/10] Install correct java version in CI --- .github/workflows/build.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8aaa8b2..4cb6e4f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,10 +32,7 @@ jobs: - uses: actions/setup-java@v5 with: distribution: 'temurin' - java-version: | - 17 - 21 - 24 + java-version: ${{ matrix.java }} cache: 'maven' - name: Cache SonarQube packages