diff --git a/.editorconfig b/.editorconfig index 2a4ad4ec1b55..b49a2d432075 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,3 +1,17 @@ +root = true + +[*] +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[*.bat] +end_of_line = crlf + +[*.md] +# Trailing whitespace is important in Markdown (they distinguish a new line from a new paragraph) +trim_trailing_whitespace = false + [*.{kt,kts}] ij_kotlin_allow_trailing_comma = false ij_kotlin_allow_trailing_comma_on_call_site = false diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 57a6f10876d6..65eddb565fd1 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -5,7 +5,7 @@ type: Bug labels: ["type: bug"] --- - + ## Steps to reproduce diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 93fa0b266326..eeb371ed465e 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,7 +1,7 @@ blank_issues_enabled: false contact_links: - name: Ask a question - url: https://github.com/junit-team/junit5/discussions/categories/q-a + url: https://github.com/junit-team/junit-framework/discussions/categories/q-a about: Please ask and answer questions here - name: Ask a question (Stack Overflow) url: https://stackoverflow.com/questions/tagged/junit5 diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 90d0d4bdaed2..36a9551af336 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,18 +1,16 @@ -## Overview - --- -I hereby agree to the terms of the [JUnit Contributor License Agreement](https://github.com/junit-team/junit5/blob/002a0052926ddee57cf90580fa49bc37e5a72427/CONTRIBUTING.md#junit-contributor-license-agreement). +I hereby agree to the terms of the [JUnit Contributor License Agreement](https://github.com/junit-team/junit-framework/blob/002a0052926ddee57cf90580fa49bc37e5a72427/CONTRIBUTING.md#junit-contributor-license-agreement). --- ### Definition of Done - [ ] There are no TODOs left in the code -- [ ] Method [preconditions](https://junit.org/junit5/docs/snapshot/api/org.junit.platform.commons/org/junit/platform/commons/util/Preconditions.html) are checked and documented in the method's Javadoc -- [ ] [Coding conventions](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#coding-conventions) (e.g. for logging) have been followed -- [ ] Change is covered by [automated tests](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#tests) including corner cases, errors, and exception handling -- [ ] Public API has [Javadoc](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#javadoc) and [`@API` annotations](https://apiguardian-team.github.io/apiguardian/docs/current/api/org/apiguardian/api/API.html) -- [ ] Change is documented in the [User Guide](https://junit.org/junit5/docs/snapshot/user-guide/) and [Release Notes](https://junit.org/junit5/docs/snapshot/user-guide/#release-notes) +- [ ] Method [preconditions](https://docs.junit.org/snapshot/api/org.junit.platform.commons/org/junit/platform/commons/util/Preconditions.html) are checked and documented in the method's Javadoc +- [ ] [Coding conventions](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#coding-conventions) (e.g. for logging) have been followed +- [ ] Change is covered by [automated tests](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#tests) including corner cases, errors, and exception handling +- [ ] Public API has [Javadoc](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#javadoc) and [`@API` annotations](https://apiguardian-team.github.io/apiguardian/docs/current/api/org/apiguardian/api/API.html) +- [ ] Change is documented in the [User Guide](https://docs.junit.org/snapshot/user-guide/) and [Release Notes](https://docs.junit.org/snapshot/user-guide/#release-notes) diff --git a/.github/actions/main-build/action.yml b/.github/actions/main-build/action.yml index 338667f8d39b..e5d872267fe0 100644 --- a/.github/actions/main-build/action.yml +++ b/.github/actions/main-build/action.yml @@ -4,7 +4,7 @@ inputs: arguments: required: true description: Gradle arguments - default: :platform-tooling-support-tests:test build --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318 + default: :platform-tooling-support-tests:test build eclipse --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318 encryptionKey: required: true description: Gradle cache encryption key diff --git a/.github/actions/maven-central-user-token/action.yml b/.github/actions/maven-central-user-token/action.yml index 37266d5e86a0..f9e816972bf0 100644 --- a/.github/actions/maven-central-user-token/action.yml +++ b/.github/actions/maven-central-user-token/action.yml @@ -11,7 +11,10 @@ runs: using: "composite" steps: - shell: bash - run: | - USER_TOKEN=$(printf "${{ inputs.username }}:${{ inputs.password }}" | base64) + run: | # zizmor: ignore[github-env] + USER_TOKEN=$(printf "${USERNAME}:${PASSWORD}" | base64) echo "::add-mask::$USER_TOKEN" echo "MAVEN_CENTRAL_USER_TOKEN=$USER_TOKEN" >> $GITHUB_ENV + env: + USERNAME: ${{ inputs.username }} + PASSWORD: ${{ inputs.password }} \ No newline at end of file diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml index 90bd8082b59c..cddc34961378 100644 --- a/.github/actions/run-gradle/action.yml +++ b/.github/actions/run-gradle/action.yml @@ -11,19 +11,19 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 id: setup-gradle-jdk with: distribution: temurin - java-version: 21 + java-version: 24 check-latest: true - - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 with: cache-encryption-key: ${{ inputs.encryptionKey }} - shell: bash env: JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }} - run: | + run: | # zizmor: ignore[template-injection] ./gradlew \ -Porg.gradle.java.installations.auto-download=false \ -Pjunit.develocity.predictiveTestSelection.enabled=true \ diff --git a/.github/actions/setup-test-jdk/action.yml b/.github/actions/setup-test-jdk/action.yml index b2d6b1dbc46b..f5ad261ed559 100644 --- a/.github/actions/setup-test-jdk/action.yml +++ b/.github/actions/setup-test-jdk/action.yml @@ -8,10 +8,17 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: ${{ inputs.distribution }} java-version: 8 check-latest: true - shell: bash - run: echo "JDK8=$JAVA_HOME" >> $GITHUB_ENV + run: echo "JDK8=$JAVA_HOME" >> $GITHUB_ENV # zizmor: ignore[github-env] + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + with: + distribution: ${{ inputs.distribution }} + java-version: 17 + check-latest: true + - shell: bash + run: echo "JDK17=$JAVA_HOME" >> $GITHUB_ENV # zizmor: ignore[github-env] diff --git a/.github/renovate.json5 b/.github/renovate.json5 index d256a62d0f55..3f208aaff40a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -3,7 +3,6 @@ extends: [ 'github>junit-team/renovate-config', ], - baseBranches: ["main", "/^develop\\/.*/"], packageRules: [ { matchCurrentValue: '/^2\\./', @@ -12,13 +11,6 @@ 'org.codehaus.groovy:{/,}**', ], }, - { - matchCurrentValue: '/^4\\./', - allowedVersions: '(,5.0)', - matchPackageNames: [ - 'org.apache.groovy:{/,}**', - ], - }, { matchCurrentValue: '/^1\\./', allowedVersions: '/^1\\..*-groovy-2\\.*/', diff --git a/.github/scripts/close-github-milestone.js b/.github/scripts/close-github-milestone.js new file mode 100644 index 000000000000..60890332e726 --- /dev/null +++ b/.github/scripts/close-github-milestone.js @@ -0,0 +1,37 @@ +module.exports = async ({ github, context }) => { + const releaseVersion = process.env.RELEASE_VERSION; + const query = ` + query ($owner: String!, $repo: String!, $title: String!) { + repository(owner: $owner, name: $repo) { + milestones(first: 100, query: $title) { + nodes { + title + number + openIssueCount + } + } + } + } + `; + const {repository} = await github.graphql(query, { + owner: context.repo.owner, + repo: context.repo.repo, + title: releaseVersion + }); + const [milestone] = repository.milestones.nodes.filter(it => it.title === releaseVersion); + if (!milestone) { + throw new Error(`Milestone "${releaseVersion}" not found`); + } + if (milestone.openIssueCount > 0) { + throw new Error(`Milestone "${releaseVersion}" has ${milestone.openIssueCount} open issue(s)`); + } + const requestBody = { + owner: context.repo.owner, + repo: context.repo.repo, + milestone_number: milestone.number, + state: 'closed', + due_on: new Date().toISOString() + }; + console.log(requestBody); + await github.rest.issues.updateMilestone(requestBody); +}; diff --git a/.github/scripts/create-github-release.js b/.github/scripts/create-github-release.js new file mode 100644 index 000000000000..683f77cde6bc --- /dev/null +++ b/.github/scripts/create-github-release.js @@ -0,0 +1,14 @@ +module.exports = async ({ github, context }) => { + const releaseVersion = process.env.RELEASE_VERSION; + const requestBody = { + owner: context.repo.owner, + repo: context.repo.repo, + tag_name: `r${releaseVersion}`, + name: `JUnit ${releaseVersion}`, + generate_release_notes: true, + body: `JUnit ${releaseVersion} = Platform ${releaseVersion} + Jupiter ${releaseVersion} + Vintage ${releaseVersion}\n\nSee [Release Notes](https://docs.junit.org/${releaseVersion}/release-notes/).`, + prerelease: releaseVersion.includes("-"), + }; + console.log(requestBody); + await github.rest.repos.createRelease(requestBody); +}; diff --git a/.github/workflows/close-inactive-issues.yml b/.github/workflows/close-inactive-issues.yml index 4453ca192264..2a76f9cd147d 100644 --- a/.github/workflows/close-inactive-issues.yml +++ b/.github/workflows/close-inactive-issues.yml @@ -3,7 +3,7 @@ on: schedule: - cron: "30 1 * * *" workflow_dispatch: -permissions: read-all +permissions: {} jobs: close-issues: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 5664eeca4c65..000000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: - - main - - 'releases/**' - pull_request: - # The branches below must be a subset of the branches above - branches: - - main - - 'releases/**' - schedule: - - cron: '0 19 * * 3' - -permissions: read-all - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - security-events: write - strategy: - fail-fast: false - matrix: - language: - - java - - javascript - steps: - - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Initialize CodeQL - uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 - with: - languages: ${{ matrix.language }} - tools: linked - - name: Build - uses: ./.github/actions/run-gradle - with: - encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: | - --no-build-cache \ - -Dscan.tag.CodeQL \ - allMainClasses - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000000..80c52be27309 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,65 @@ +name: "CodeQL" + +on: + push: + branches: + - main + - 'releases/**' + pull_request: + # The branches below must be a subset of the branches above + branches: + - main + - 'releases/**' + schedule: + - cron: '0 19 * * 3' + +concurrency: + # Cancels in-progress runs only for pull requests + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: {} + +env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + security-events: write + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + - language: java-kotlin + build-mode: manual + - language: javascript + build-mode: none + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + - name: Initialize CodeQL + uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + tools: linked + - name: Build + if: matrix.build-mode == 'manual' + uses: ./.github/actions/run-gradle + with: + encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }} + arguments: | + --no-build-cache \ + -Dscan.tag.CodeQL \ + classes + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cross-version.yml b/.github/workflows/cross-version.yml index 7c51412feaaf..80bcbcbd0e37 100644 --- a/.github/workflows/cross-version.yml +++ b/.github/workflows/cross-version.yml @@ -11,7 +11,12 @@ on: branches: - '**' -permissions: read-all +concurrency: + # Cancels in-progress runs only for pull requests + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: {} env: DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} @@ -22,29 +27,30 @@ jobs: fail-fast: false matrix: jdk: - - version: 24 - type: ga - version: 25 type: ea + - version: 26 + type: ea name: "OpenJDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || matrix.jdk.type }})" runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Set up Test JDK uses: ./.github/actions/setup-test-jdk - name: "Set up JDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || 'ea' }})" if: matrix.jdk.type == 'ea' - uses: oracle-actions/setup-java@8fb9d7717810ccde9f8d4bef1e6f43d180f506b5 # v1.4.1 + uses: oracle-actions/setup-java@b1546e588c27008e88bfcabda44d11c22316b9b8 # v1.4.2 with: website: jdk.java.net release: ${{ matrix.jdk.release || matrix.jdk.version }} version: latest - name: "Set up JDK ${{ matrix.jdk.version }} (${{ matrix.jdk.distribution || 'temurin' }})" if: matrix.jdk.type == 'ga' - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: ${{ matrix.jdk.distribution || 'temurin' }} java-version: ${{ matrix.jdk.version }} @@ -76,15 +82,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Set up Test JDK uses: ./.github/actions/setup-test-jdk with: distribution: semeru - name: 'Set up JDK ${{ matrix.jdk }}' - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: semeru java-version: ${{ matrix.jdk }} diff --git a/.github/workflows/gradle-dependency-submission.yml b/.github/workflows/gradle-dependency-submission.yml index eda44140d013..02a9914ac191 100644 --- a/.github/workflows/gradle-dependency-submission.yml +++ b/.github/workflows/gradle-dependency-submission.yml @@ -5,24 +5,28 @@ on: branches: - main -permissions: read-all +permissions: {} + +env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} jobs: dependency-submission: - if: github.repository == 'junit-team/junit5' + if: github.repository == 'junit-team/junit-framework' runs-on: ubuntu-latest permissions: contents: write steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Java - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: temurin - java-version: 21 + java-version: 24 check-latest: true - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + uses: gradle/actions/dependency-submission@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 diff --git a/.github/workflows/label-opened-issues.yml b/.github/workflows/label-opened-issues.yml index f18377bd22a1..10a5dee96dee 100644 --- a/.github/workflows/label-opened-issues.yml +++ b/.github/workflows/label-opened-issues.yml @@ -3,7 +3,7 @@ on: issues: types: - opened -permissions: read-all +permissions: {} jobs: label_issues: runs-on: ubuntu-latest diff --git a/.github/workflows/label-pull-request.yml b/.github/workflows/label-pull-request.yml new file mode 100644 index 000000000000..05d60e5ab155 --- /dev/null +++ b/.github/workflows/label-pull-request.yml @@ -0,0 +1,55 @@ +name: Copy labels from linked issues to PR + +on: + pull_request_target: + types: [opened, reopened, edited, synchronize] # zizmor: ignore[dangerous-triggers] + +permissions: {} + +jobs: + copy_labels: + name: Copy labels + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + const query = ` + query($owner: String!, $repo: String!, $pr: Int!) { + repository(owner: $owner, name: $repo) { + pullRequest(number: $pr) { + closingIssuesReferences(first: 10) { + nodes { + labels(first: 100) { + nodes { + name + } + } + } + } + } + } + } + `; + + const {repository} = await github.graphql(query, { + owner: context.repo.owner, + repo: context.repo.repo, + pr: context.issue.number + }); + + let labels = Array.from(new Set(repository.pullRequest.closingIssuesReferences.nodes + .flatMap((node) => node.labels.nodes.map((label) => label.name)))) + .filter((label) => !label.startsWith("status:")); + + if (labels.length > 0) { + console.log(`Adding labels to PR: ${labels}`); + await github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: labels + }); + } diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index aadc10b78069..1c9cb8c5cdd9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,7 +11,12 @@ on: branches: - '**' -permissions: read-all +concurrency: + # Cancels in-progress runs only for pull requests + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: {} env: DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} @@ -21,16 +26,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Install GraalVM - uses: graalvm/setup-graalvm@01ed653ac833fe80569f1ef9f25585ba2811baab # v1.3.3 + uses: graalvm/setup-graalvm@7f488cf82a3629ee755e4e97342c01d6bed318fa # v1.3.5 with: distribution: graalvm-community version: 'latest' java-version: '21' - github-token: ${{ secrets.GITHUB_TOKEN }} - name: Build uses: ./.github/actions/main-build with: @@ -41,7 +46,7 @@ jobs: jacocoRootReport \ --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318 - name: Upload to Codecov.io - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 + uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} @@ -49,9 +54,10 @@ jobs: runs-on: windows-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Build uses: ./.github/actions/main-build with: @@ -61,9 +67,10 @@ jobs: runs-on: macos-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Build uses: ./.github/actions/main-build with: @@ -76,12 +83,13 @@ jobs: permissions: attestations: write # required for build provenance attestation id-token: write # required for build provenance attestation - if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main') + if: github.event_name == 'push' && github.repository == 'junit-team/junit-framework' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main') steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Publish uses: ./.github/actions/run-gradle env: @@ -93,7 +101,7 @@ jobs: publish -x check \ prepareGitHubAttestation - name: Generate build provenance attestations - uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 + uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 with: subject-path: documentation/build/attestation/*.jar @@ -106,9 +114,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Install Graphviz run: | sudo apt-get update @@ -126,7 +135,7 @@ jobs: git config --global user.name "JUnit Team" git config --global user.email "team@junit.org" - name: Upload Documentation - if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && github.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.repository == 'junit-team/junit-framework' && github.ref == 'refs/heads/main' uses: ./.github/actions/run-gradle with: encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }} @@ -135,4 +144,4 @@ jobs: -Dscan.tag.Documentation env: GIT_USERNAME: git - GIT_PASSWORD: ${{ secrets.GH_TOKEN }} + GIT_PASSWORD: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_DOCS_REPO }} diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index c24ae2e85e54..b158dbe3e984 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -7,7 +7,7 @@ on: push: branches: [ "main" ] -permissions: read-all +permissions: {} jobs: analysis: @@ -21,12 +21,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 with: sarif_file: results.sarif diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 09ed237ade58..e92b8f9619cd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,12 +15,13 @@ on: required: false default: false -permissions: read-all +permissions: {} env: DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} STAGING_REPO_URL: https://central.sonatype.com/api/v1/publisher/deployment/${{ inputs.deploymentId }}/download RELEASE_TAG: r${{ inputs.releaseVersion }} + RELEASE_VERSION: ${{ inputs.releaseVersion }} jobs: @@ -32,10 +33,11 @@ jobs: id-token: write # required for build provenance attestation steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 ref: "refs/tags/${{ env.RELEASE_TAG }}" + persist-credentials: false - name: Prepare Maven Central user token uses: ./.github/actions/maven-central-user-token with: @@ -46,7 +48,7 @@ jobs: run: | curl --silent --fail --location --output /tmp/reference.jar \ --header "Authorization: Bearer $MAVEN_CENTRAL_USER_TOKEN" \ - "${{ env.STAGING_REPO_URL }}/org/junit/jupiter/junit-jupiter-api/${{ inputs.releaseVersion }}/junit-jupiter-api-${{ inputs.releaseVersion }}.jar" + "${STAGING_REPO_URL}/org/junit/jupiter/junit-jupiter-api/${RELEASE_VERSION}/junit-jupiter-api-${RELEASE_VERSION}.jar" sudo apt-get update && sudo apt-get install --yes jc unzip -c /tmp/reference.jar META-INF/MANIFEST.MF | jc --jar-manifest | jq '.[0]' > /tmp/manifest.json echo "createdBy=$(jq --raw-output .Created_By /tmp/manifest.json)" >> "$GITHUB_OUTPUT" @@ -63,7 +65,7 @@ jobs: --remote-repo-url=${{ env.STAGING_REPO_URL }} - name: Generate build provenance attestations if: ${{ inputs.dryRun == false }} - uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 + uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 with: subject-path: build/repo/**/*.jar @@ -72,40 +74,43 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 ref: "refs/tags/${{ env.RELEASE_TAG }}" - path: junit5 - - name: Check out samples repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + path: junit-framework + persist-credentials: false + - name: Check out examples repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - repository: ${{ github.repository_owner }}/junit5-samples - token: ${{ secrets.GH_TOKEN }} + repository: ${{ github.repository_owner }}/junit-examples + token: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_EXAMPLES_REPO }} fetch-depth: 1 - path: junit5-samples + path: junit-examples + ref: develop/6.x + persist-credentials: false - name: Set up JDK - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: - java-version: 21 + java-version: 24 distribution: temurin - - uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7 - - name: Update JUnit dependencies in samples - run: java src/Updater.java ${{ inputs.releaseVersion }} - working-directory: junit5-samples + - uses: sbt/setup-sbt@f20dc1bc1f8be605c44ffbcec6f17f708a4af9d1 # v1.1.12 + - name: Update JUnit dependencies in examples + run: java src/Updater.java ${RELEASE_VERSION} + working-directory: junit-examples - name: Prepare Maven Central user token - uses: ./junit5/.github/actions/maven-central-user-token + uses: ./junit-framework/.github/actions/maven-central-user-token with: username: ${{ secrets.MAVEN_CENTRAL_USERNAME }} password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} - name: Inject staging repository URL - run: java src/StagingRepoInjector.java ${{ env.STAGING_REPO_URL }} - working-directory: junit5-samples - - name: Build samples - run: java src/Builder.java --exclude=junit5-jupiter-starter-bazel,junit5-jupiter-starter-sbt - working-directory: junit5-samples + run: java src/StagingRepoInjector.java ${STAGING_REPO_URL} + working-directory: junit-examples + - name: Build examples + run: java src/Builder.java --exclude=junit-jupiter-starter-bazel,junit-jupiter-starter-sbt + working-directory: junit-examples env: - MAVEN_ARGS: --settings ${{ github.workspace }}/junit5-samples/src/central-staging-maven-settings.xml --activate-profiles central-staging + MAVEN_ARGS: --settings ${{ github.workspace }}/junit-examples/src/central-staging-maven-settings.xml --activate-profiles central-staging close_github_milestone: name: Close GitHub milestone @@ -113,33 +118,19 @@ jobs: permissions: issues: write steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 1 + persist-credentials: false - name: Close GitHub milestone if: ${{ inputs.dryRun == false }} uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: result-encoding: string script: | - const milestones = await github.rest.issues.listMilestones({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'all' - }); - const [milestone] = milestones.data.filter(x => x.title === "${{ inputs.releaseVersion }}") - if (!milestone) { - throw new Error('Milestone "${{ inputs.releaseVersion }}" not found'); - } - if (milestone.open_issues > 0) { - throw new Error(`Milestone "${{ inputs.releaseVersion }}" has ${milestone.open_issues} open issue(s)`); - } - const requestBody = { - owner: context.repo.owner, - repo: context.repo.repo, - milestone_number: milestone.number, - state: 'closed', - due_on: new Date().toISOString() - }; - console.log(requestBody); - await github.rest.issues.updateMilestone(requestBody); + const closeGithubMilestone = require('./.github/scripts/close-github-milestone.js'); + closeGithubMilestone({ github, context }); publish_deployment: name: Publish to Maven Central @@ -147,10 +138,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 ref: "refs/tags/${{ env.RELEASE_TAG }}" + persist-credentials: false - name: Release staging repository if: ${{ inputs.dryRun == false }} uses: ./.github/actions/run-gradle @@ -169,10 +161,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 ref: "refs/tags/${{ env.RELEASE_TAG }}" + persist-credentials: false - name: Install Graphviz and Poppler run: | sudo apt-get update @@ -196,7 +189,7 @@ jobs: uses: ./.github/actions/run-gradle env: GIT_USERNAME: git - GIT_PASSWORD: ${{ secrets.GH_TOKEN }} + GIT_PASSWORD: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_DOCS_REPO }} with: encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: | @@ -209,79 +202,75 @@ jobs: id: pagesDeployment timeout-minutes: 20 run: | - URL="https://junit.org/junit5/docs/${{ inputs.releaseVersion }}/user-guide/junit-user-guide-${{ inputs.releaseVersion }}.pdf" + URL="https://docs.junit.org/${RELEASE_VERSION}/user-guide/junit-user-guide-${RELEASE_VERSION}.pdf" ./.github/scripts/waitForUrl.sh "$URL" echo "pdfUrl=$URL" >> "$GITHUB_OUTPUT" - name: Verify integrity of PDF version of User Guide if: ${{ inputs.dryRun == false }} run: | - curl --silent --fail --location --output /tmp/junit-user-guide.pdf "${{ steps.pagesDeployment.outputs.pdfUrl }}" + curl --silent --fail --location --output /tmp/junit-user-guide.pdf "${PDF_URL}" pdfinfo /tmp/junit-user-guide.pdf + env: + PDF_URL: ${{ steps.pagesDeployment.outputs.pdfUrl }} - update_samples: - name: Update samples + update_examples: + name: Update examples needs: publish_deployment runs-on: ubuntu-latest steps: - - name: Check out samples repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Check out examples repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - repository: ${{ github.repository_owner }}/junit5-samples - token: ${{ secrets.GH_TOKEN }} + repository: ${{ github.repository_owner }}/junit-examples + token: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_EXAMPLES_REPO }} fetch-depth: 1 + ref: develop/6.x + persist-credentials: true - name: Set up JDK - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: - java-version: 21 + java-version: 24 distribution: temurin - - uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7 - - name: Update JUnit dependencies in samples - run: java src/Updater.java ${{ inputs.releaseVersion }} - - name: Build samples + - uses: sbt/setup-sbt@f20dc1bc1f8be605c44ffbcec6f17f708a4af9d1 # v1.1.12 + - name: Update JUnit dependencies in examples + run: java src/Updater.java ${RELEASE_VERSION} + - name: Build examples if: ${{ inputs.dryRun == false }} run: java src/Builder.java - name: Create release branch run: | git config user.name "JUnit Team" git config user.email "team@junit.org" - git switch -c "${{ env.RELEASE_TAG }}" + git switch -c "${RELEASE_TAG}" git status - git commit -a -m "Use ${{ inputs.releaseVersion }}" + git commit -a -m "Use ${RELEASE_VERSION}" - name: Push release branch if: ${{ inputs.dryRun == false }} run: | - git push origin "${{ env.RELEASE_TAG }}" + git push origin "${RELEASE_TAG}" - name: Update main branch (only for GA releases) if: ${{ inputs.dryRun == false && !contains(inputs.releaseVersion, '-') }} run: | git switch main - git merge --ff-only "${{ env.RELEASE_TAG }}" + git merge --ff-only "${RELEASE_TAG}" git push origin main create_github_release: name: Create GitHub release if: ${{ inputs.dryRun == false }} - needs: [ publish_documentation, update_samples ] + needs: [ publish_documentation, update_examples ] runs-on: ubuntu-latest permissions: contents: write steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 1 + persist-credentials: false - name: Create GitHub release uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | - const releaseVersion = "${{ inputs.releaseVersion }}"; - const jupiterVersion = releaseVersion; - const vintageVersion = releaseVersion; - const platformVersion = "1." + releaseVersion.substring(2); - const requestBody = { - owner: context.repo.owner, - repo: context.repo.repo, - tag_name: `r${releaseVersion}`, - name: `JUnit ${releaseVersion}`, - generate_release_notes: true, - body: `JUnit ${jupiterVersion} = Platform ${platformVersion} + Jupiter ${jupiterVersion} + Vintage ${vintageVersion}\n\nSee [Release Notes](https://junit.org/junit5/docs/${releaseVersion}/release-notes/).`, - prerelease: releaseVersion.includes("-"), - }; - console.log(requestBody); - await github.rest.repos.createRelease(requestBody); + const createGithubRelease = require('./.github/scripts/create-github-release.js'); + createGithubRelease({ github, context }); diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 546ff5b9cd18..f3ba219e4e14 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -9,7 +9,12 @@ on: branches: - '**' -permissions: read-all +concurrency: + # Cancels in-progress runs only for pull requests + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: {} env: DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} @@ -20,9 +25,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 + persist-credentials: false - name: Restore Gradle cache and display toolchains uses: ./.github/actions/run-gradle with: diff --git a/.github/workflows/sanitize-closed-issues.yml b/.github/workflows/sanitize-closed-issues.yml index 046be82f7804..ca77b2bd4f9d 100644 --- a/.github/workflows/sanitize-closed-issues.yml +++ b/.github/workflows/sanitize-closed-issues.yml @@ -3,7 +3,7 @@ on: issues: types: - closed -permissions: read-all +permissions: {} jobs: label_issues: runs-on: ubuntu-latest diff --git a/.github/workflows/zizmor-analysis.yml b/.github/workflows/zizmor-analysis.yml new file mode 100644 index 000000000000..2a66b88fbe05 --- /dev/null +++ b/.github/workflows/zizmor-analysis.yml @@ -0,0 +1,29 @@ +name: GitHub Actions Security Analysis + +on: + push: + branches: + - main + - 'releases/**' + paths: + - '.github/**' + pull_request: + paths: + - '.github/**' + +permissions: {} + +jobs: + zizmor: + name: Run zizmor 🌈 + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@5ca5fc7a4779c5263a3ffa0e1f693009994446d1 # v0.1.2 \ No newline at end of file diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml index 9f10a217b5b9..da9a350c8e4c 100644 --- a/.idea/codeStyles/Project.xml +++ b/.idea/codeStyles/Project.xml @@ -7,6 +7,7 @@