Automate GTFS validator version updates via Dependabot-managed Maven pin

[Copilot]

The GTFS validator workflow relied on a manually downloaded CLI jar, which made version bumps error-prone and out-of-band. This change introduces a single pinned version source that Dependabot can update while keeping gtfs-validator.sh deterministic.

• Version source of truth (Dependabot-managed)

  • Added gtfs/pom.xml with gtfs.validator.version (currently 8.0.1) and a dependency declaration for org.mobilitydata:gtfs-validator.
  • Added a Maven update block in .github/dependabot.yml for /gtfs so validator version bumps are proposed automatically.

• Runtime jar resolution in gtfs-validator.sh

  • Replaced wildcard/local-manual jar selection with explicit version resolution from gtfs/pom.xml by parsing the XML property directly in shell (no Maven runtime dependency).
  • Downloads the versioned release artifact on demand with gh release download (instead of curl), then executes the validator.
  • Adds guardrails for missing gh, treats empty jars as invalid (-s check), removes stale/empty jar files before download, and verifies the downloaded JAR exists and is non-empty before launch.

• Repository cleanup

  • Removed committed binary gtfs/gtfs-validator-8.0.0-cli.jar from source control.
  • Added ignores for local Gradle caches/build output under shared/ to avoid tracking ephemeral artifacts.

GTFS_VALIDATOR_VERSION=$(sed -n 's/.*<gtfs.validator.version>\([^<]*\)<\/gtfs.validator.version>.*/\1/p' "$VERSION_FILE" | head -n 1 | tr -d '[:space:]')

JAR_FILE="$SCRIPT_DIR/gtfs-validator-$GTFS_VALIDATOR_VERSION-cli.jar"
if [ ! -s "$JAR_FILE" ]; then
  rm -f "$JAR_FILE"
  gh release download "v$GTFS_VALIDATOR_VERSION" \
    --repo MobilityData/gtfs-validator \
    --pattern "gtfs-validator-$GTFS_VALIDATOR_VERSION-cli.jar" \
    --dir "$SCRIPT_DIR"
fi

[gemini-code-assist]

Code Review

This pull request configures Dependabot to update Maven dependencies in /gtfs, updates .gitignore to ignore Gradle local caches and build outputs, and refactors gtfs/gtfs-validator.sh to dynamically resolve and download the GTFS Validator JAR version defined in a new gtfs/pom.xml file. Feedback is provided to optimize the version extraction by using sed instead of invoking mvn to avoid heavy runtime dependencies, and to check for non-empty files (-s) instead of just existence (-f) to handle interrupted downloads gracefully.

[mmathieum]

@copilot please address #764 (comment) and #764 (comment)

[Copilot]

@copilot please address #764 (comment) and #764 (comment)

Addressed in f80cdaa.

• Switched version extraction to parse gtfs.validator.version directly from gtfs/pom.xml (no Maven runtime dependency).
• Updated jar handling to use -s (non-empty check) and remove stale/empty jar before gh release download.

[mmathieum]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a Maven pom.xml file to track the GTFS Validator version, allowing Dependabot to automate updates. The gtfs-validator.sh script is updated to read this version and download the corresponding JAR using the GitHub CLI if it is missing. Additionally, Gradle build outputs are added to .gitignore. The review feedback suggests replacing the GitHub CLI dependency with curl to make the script more portable and avoid authentication or rate-limiting issues.

[gemini-code-assist]

Using gh release download introduces an unnecessary dependency on the GitHub CLI (gh) and requires the user to be authenticated with GitHub (even for public repositories, gh often fails or hits rate limits if not authenticated). Since the release assets of MobilityData/gtfs-validator are publicly accessible via standard HTTPS URLs, using curl is much more portable, standard, and works out-of-the-box in almost any environment (local or CI) without requiring any authentication or extra tool installation.

Suggested change

	if ! command -v gh >/dev/null 2>&1; then
	echo "> GitHub CLI (gh) is required to download GTFS Validator '$GTFS_VALIDATOR_VERSION' (https://cli.github.com/)!";
	exit 1;
	fi
	echo "> Downloading GTFS Validator '$GTFS_VALIDATOR_VERSION'...";
	gh release download "v$GTFS_VALIDATOR_VERSION" \
	--repo MobilityData/gtfs-validator \
	--pattern "gtfs-validator-$GTFS_VALIDATOR_VERSION-cli.jar" \
	--dir "$SCRIPT_DIR";
	if ! command -v curl >/dev/null 2>&1; then
	echo "> curl is required to download GTFS Validator '$GTFS_VALIDATOR_VERSION'!";
	exit 1;
	fi
	echo "> Downloading GTFS Validator '$GTFS_VALIDATOR_VERSION'...";
	curl -L -f -s -S -o "$JAR_FILE" "https://github.com/MobilityData/gtfs-validator/releases/download/v$GTFS_VALIDATOR_VERSION/gtfs-validator-$GTFS_VALIDATOR_VERSION-cli.jar";