diff --git a/.editorconfig b/.editorconfig
index 2a4ad4ec1b55..b49a2d432075 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,3 +1,17 @@
+root = true
+
+[*]
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.bat]
+end_of_line = crlf
+
+[*.md]
+# Trailing whitespace is important in Markdown (they distinguish a new line from a new paragraph)
+trim_trailing_whitespace = false
+
[*.{kt,kts}]
ij_kotlin_allow_trailing_comma = false
ij_kotlin_allow_trailing_comma_on_call_site = false
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 57a6f10876d6..65eddb565fd1 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -5,7 +5,7 @@ type: Bug
labels: ["type: bug"]
---
-
+
## Steps to reproduce
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 93fa0b266326..eeb371ed465e 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,7 +1,7 @@
blank_issues_enabled: false
contact_links:
- name: Ask a question
- url: https://github.com/junit-team/junit5/discussions/categories/q-a
+ url: https://github.com/junit-team/junit-framework/discussions/categories/q-a
about: Please ask and answer questions here
- name: Ask a question (Stack Overflow)
url: https://stackoverflow.com/questions/tagged/junit5
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 90d0d4bdaed2..36a9551af336 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,18 +1,16 @@
-## Overview
-
---
-I hereby agree to the terms of the [JUnit Contributor License Agreement](https://github.com/junit-team/junit5/blob/002a0052926ddee57cf90580fa49bc37e5a72427/CONTRIBUTING.md#junit-contributor-license-agreement).
+I hereby agree to the terms of the [JUnit Contributor License Agreement](https://github.com/junit-team/junit-framework/blob/002a0052926ddee57cf90580fa49bc37e5a72427/CONTRIBUTING.md#junit-contributor-license-agreement).
---
### Definition of Done
- [ ] There are no TODOs left in the code
-- [ ] Method [preconditions](https://junit.org/junit5/docs/snapshot/api/org.junit.platform.commons/org/junit/platform/commons/util/Preconditions.html) are checked and documented in the method's Javadoc
-- [ ] [Coding conventions](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#coding-conventions) (e.g. for logging) have been followed
-- [ ] Change is covered by [automated tests](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#tests) including corner cases, errors, and exception handling
-- [ ] Public API has [Javadoc](https://github.com/junit-team/junit5/blob/HEAD/CONTRIBUTING.md#javadoc) and [`@API` annotations](https://apiguardian-team.github.io/apiguardian/docs/current/api/org/apiguardian/api/API.html)
-- [ ] Change is documented in the [User Guide](https://junit.org/junit5/docs/snapshot/user-guide/) and [Release Notes](https://junit.org/junit5/docs/snapshot/user-guide/#release-notes)
+- [ ] Method [preconditions](https://docs.junit.org/snapshot/api/org.junit.platform.commons/org/junit/platform/commons/util/Preconditions.html) are checked and documented in the method's Javadoc
+- [ ] [Coding conventions](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#coding-conventions) (e.g. for logging) have been followed
+- [ ] Change is covered by [automated tests](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#tests) including corner cases, errors, and exception handling
+- [ ] Public API has [Javadoc](https://github.com/junit-team/junit-framework/blob/HEAD/CONTRIBUTING.md#javadoc) and [`@API` annotations](https://apiguardian-team.github.io/apiguardian/docs/current/api/org/apiguardian/api/API.html)
+- [ ] Change is documented in the [User Guide](https://docs.junit.org/snapshot/user-guide/) and [Release Notes](https://docs.junit.org/snapshot/user-guide/#release-notes)
diff --git a/.github/actions/main-build/action.yml b/.github/actions/main-build/action.yml
index 338667f8d39b..e5d872267fe0 100644
--- a/.github/actions/main-build/action.yml
+++ b/.github/actions/main-build/action.yml
@@ -4,7 +4,7 @@ inputs:
arguments:
required: true
description: Gradle arguments
- default: :platform-tooling-support-tests:test build --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
+ default: :platform-tooling-support-tests:test build eclipse --no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
encryptionKey:
required: true
description: Gradle cache encryption key
diff --git a/.github/actions/maven-central-user-token/action.yml b/.github/actions/maven-central-user-token/action.yml
index 37266d5e86a0..f9e816972bf0 100644
--- a/.github/actions/maven-central-user-token/action.yml
+++ b/.github/actions/maven-central-user-token/action.yml
@@ -11,7 +11,10 @@ runs:
using: "composite"
steps:
- shell: bash
- run: |
- USER_TOKEN=$(printf "${{ inputs.username }}:${{ inputs.password }}" | base64)
+ run: | # zizmor: ignore[github-env]
+ USER_TOKEN=$(printf "${USERNAME}:${PASSWORD}" | base64)
echo "::add-mask::$USER_TOKEN"
echo "MAVEN_CENTRAL_USER_TOKEN=$USER_TOKEN" >> $GITHUB_ENV
+ env:
+ USERNAME: ${{ inputs.username }}
+ PASSWORD: ${{ inputs.password }}
\ No newline at end of file
diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml
index 90bd8082b59c..cddc34961378 100644
--- a/.github/actions/run-gradle/action.yml
+++ b/.github/actions/run-gradle/action.yml
@@ -11,19 +11,19 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
id: setup-gradle-jdk
with:
distribution: temurin
- java-version: 21
+ java-version: 24
check-latest: true
- - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0
+ - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
cache-encryption-key: ${{ inputs.encryptionKey }}
- shell: bash
env:
JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }}
- run: |
+ run: | # zizmor: ignore[template-injection]
./gradlew \
-Porg.gradle.java.installations.auto-download=false \
-Pjunit.develocity.predictiveTestSelection.enabled=true \
diff --git a/.github/actions/setup-test-jdk/action.yml b/.github/actions/setup-test-jdk/action.yml
index b2d6b1dbc46b..f5ad261ed559 100644
--- a/.github/actions/setup-test-jdk/action.yml
+++ b/.github/actions/setup-test-jdk/action.yml
@@ -8,10 +8,17 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
distribution: ${{ inputs.distribution }}
java-version: 8
check-latest: true
- shell: bash
- run: echo "JDK8=$JAVA_HOME" >> $GITHUB_ENV
+ run: echo "JDK8=$JAVA_HOME" >> $GITHUB_ENV # zizmor: ignore[github-env]
+ - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+ with:
+ distribution: ${{ inputs.distribution }}
+ java-version: 17
+ check-latest: true
+ - shell: bash
+ run: echo "JDK17=$JAVA_HOME" >> $GITHUB_ENV # zizmor: ignore[github-env]
diff --git a/.github/renovate.json5 b/.github/renovate.json5
index d256a62d0f55..3f208aaff40a 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -3,7 +3,6 @@
extends: [
'github>junit-team/renovate-config',
],
- baseBranches: ["main", "/^develop\\/.*/"],
packageRules: [
{
matchCurrentValue: '/^2\\./',
@@ -12,13 +11,6 @@
'org.codehaus.groovy:{/,}**',
],
},
- {
- matchCurrentValue: '/^4\\./',
- allowedVersions: '(,5.0)',
- matchPackageNames: [
- 'org.apache.groovy:{/,}**',
- ],
- },
{
matchCurrentValue: '/^1\\./',
allowedVersions: '/^1\\..*-groovy-2\\.*/',
diff --git a/.github/scripts/close-github-milestone.js b/.github/scripts/close-github-milestone.js
new file mode 100644
index 000000000000..60890332e726
--- /dev/null
+++ b/.github/scripts/close-github-milestone.js
@@ -0,0 +1,37 @@
+module.exports = async ({ github, context }) => {
+ const releaseVersion = process.env.RELEASE_VERSION;
+ const query = `
+ query ($owner: String!, $repo: String!, $title: String!) {
+ repository(owner: $owner, name: $repo) {
+ milestones(first: 100, query: $title) {
+ nodes {
+ title
+ number
+ openIssueCount
+ }
+ }
+ }
+ }
+ `;
+ const {repository} = await github.graphql(query, {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ title: releaseVersion
+ });
+ const [milestone] = repository.milestones.nodes.filter(it => it.title === releaseVersion);
+ if (!milestone) {
+ throw new Error(`Milestone "${releaseVersion}" not found`);
+ }
+ if (milestone.openIssueCount > 0) {
+ throw new Error(`Milestone "${releaseVersion}" has ${milestone.openIssueCount} open issue(s)`);
+ }
+ const requestBody = {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ milestone_number: milestone.number,
+ state: 'closed',
+ due_on: new Date().toISOString()
+ };
+ console.log(requestBody);
+ await github.rest.issues.updateMilestone(requestBody);
+};
diff --git a/.github/scripts/create-github-release.js b/.github/scripts/create-github-release.js
new file mode 100644
index 000000000000..683f77cde6bc
--- /dev/null
+++ b/.github/scripts/create-github-release.js
@@ -0,0 +1,14 @@
+module.exports = async ({ github, context }) => {
+ const releaseVersion = process.env.RELEASE_VERSION;
+ const requestBody = {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ tag_name: `r${releaseVersion}`,
+ name: `JUnit ${releaseVersion}`,
+ generate_release_notes: true,
+ body: `JUnit ${releaseVersion} = Platform ${releaseVersion} + Jupiter ${releaseVersion} + Vintage ${releaseVersion}\n\nSee [Release Notes](https://docs.junit.org/${releaseVersion}/release-notes/).`,
+ prerelease: releaseVersion.includes("-"),
+ };
+ console.log(requestBody);
+ await github.rest.repos.createRelease(requestBody);
+};
diff --git a/.github/workflows/close-inactive-issues.yml b/.github/workflows/close-inactive-issues.yml
index 4453ca192264..2a76f9cd147d 100644
--- a/.github/workflows/close-inactive-issues.yml
+++ b/.github/workflows/close-inactive-issues.yml
@@ -3,7 +3,7 @@ on:
schedule:
- cron: "30 1 * * *"
workflow_dispatch:
-permissions: read-all
+permissions: {}
jobs:
close-issues:
runs-on: ubuntu-latest
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index 5664eeca4c65..000000000000
--- a/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: "CodeQL"
-
-on:
- push:
- branches:
- - main
- - 'releases/**'
- pull_request:
- # The branches below must be a subset of the branches above
- branches:
- - main
- - 'releases/**'
- schedule:
- - cron: '0 19 * * 3'
-
-permissions: read-all
-
-env:
- DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
-
-jobs:
- analyze:
- name: Analyze
- runs-on: ubuntu-latest
- permissions:
- security-events: write
- strategy:
- fail-fast: false
- matrix:
- language:
- - java
- - javascript
- steps:
- - name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - name: Initialize CodeQL
- uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
- with:
- languages: ${{ matrix.language }}
- tools: linked
- - name: Build
- uses: ./.github/actions/run-gradle
- with:
- encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- arguments: |
- --no-build-cache \
- -Dscan.tag.CodeQL \
- allMainClasses
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000000..80c52be27309
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,65 @@
+name: "CodeQL"
+
+on:
+ push:
+ branches:
+ - main
+ - 'releases/**'
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches:
+ - main
+ - 'releases/**'
+ schedule:
+ - cron: '0 19 * * 3'
+
+concurrency:
+ # Cancels in-progress runs only for pull requests
+ group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+permissions: {}
+
+env:
+ DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+
+jobs:
+ analyze:
+ name: Analyze (${{ matrix.language }})
+ runs-on: ubuntu-latest
+ permissions:
+ security-events: write
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - language: actions
+ build-mode: none
+ - language: java-kotlin
+ build-mode: manual
+ - language: javascript
+ build-mode: none
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ with:
+ persist-credentials: false
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
+ with:
+ languages: ${{ matrix.language }}
+ build-mode: ${{ matrix.build-mode }}
+ tools: linked
+ - name: Build
+ if: matrix.build-mode == 'manual'
+ uses: ./.github/actions/run-gradle
+ with:
+ encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+ arguments: |
+ --no-build-cache \
+ -Dscan.tag.CodeQL \
+ classes
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
+ with:
+ category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/cross-version.yml b/.github/workflows/cross-version.yml
index 7c51412feaaf..80bcbcbd0e37 100644
--- a/.github/workflows/cross-version.yml
+++ b/.github/workflows/cross-version.yml
@@ -11,7 +11,12 @@ on:
branches:
- '**'
-permissions: read-all
+concurrency:
+ # Cancels in-progress runs only for pull requests
+ group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
@@ -22,29 +27,30 @@ jobs:
fail-fast: false
matrix:
jdk:
- - version: 24
- type: ga
- version: 25
type: ea
+ - version: 26
+ type: ea
name: "OpenJDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || matrix.jdk.type }})"
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Set up Test JDK
uses: ./.github/actions/setup-test-jdk
- name: "Set up JDK ${{ matrix.jdk.version }} (${{ matrix.jdk.release || 'ea' }})"
if: matrix.jdk.type == 'ea'
- uses: oracle-actions/setup-java@8fb9d7717810ccde9f8d4bef1e6f43d180f506b5 # v1.4.1
+ uses: oracle-actions/setup-java@b1546e588c27008e88bfcabda44d11c22316b9b8 # v1.4.2
with:
website: jdk.java.net
release: ${{ matrix.jdk.release || matrix.jdk.version }}
version: latest
- name: "Set up JDK ${{ matrix.jdk.version }} (${{ matrix.jdk.distribution || 'temurin' }})"
if: matrix.jdk.type == 'ga'
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
distribution: ${{ matrix.jdk.distribution || 'temurin' }}
java-version: ${{ matrix.jdk.version }}
@@ -76,15 +82,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Set up Test JDK
uses: ./.github/actions/setup-test-jdk
with:
distribution: semeru
- name: 'Set up JDK ${{ matrix.jdk }}'
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
distribution: semeru
java-version: ${{ matrix.jdk }}
diff --git a/.github/workflows/gradle-dependency-submission.yml b/.github/workflows/gradle-dependency-submission.yml
index eda44140d013..02a9914ac191 100644
--- a/.github/workflows/gradle-dependency-submission.yml
+++ b/.github/workflows/gradle-dependency-submission.yml
@@ -5,24 +5,28 @@ on:
branches:
- main
-permissions: read-all
+permissions: {}
+
+env:
+ DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
jobs:
dependency-submission:
- if: github.repository == 'junit-team/junit5'
+ if: github.repository == 'junit-team/junit-framework'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Setup Java
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
distribution: temurin
- java-version: 21
+ java-version: 24
check-latest: true
- name: Generate and submit dependency graph
- uses: gradle/actions/dependency-submission@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0
+ uses: gradle/actions/dependency-submission@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
diff --git a/.github/workflows/label-opened-issues.yml b/.github/workflows/label-opened-issues.yml
index f18377bd22a1..10a5dee96dee 100644
--- a/.github/workflows/label-opened-issues.yml
+++ b/.github/workflows/label-opened-issues.yml
@@ -3,7 +3,7 @@ on:
issues:
types:
- opened
-permissions: read-all
+permissions: {}
jobs:
label_issues:
runs-on: ubuntu-latest
diff --git a/.github/workflows/label-pull-request.yml b/.github/workflows/label-pull-request.yml
new file mode 100644
index 000000000000..05d60e5ab155
--- /dev/null
+++ b/.github/workflows/label-pull-request.yml
@@ -0,0 +1,55 @@
+name: Copy labels from linked issues to PR
+
+on:
+ pull_request_target:
+ types: [opened, reopened, edited, synchronize] # zizmor: ignore[dangerous-triggers]
+
+permissions: {}
+
+jobs:
+ copy_labels:
+ name: Copy labels
+ runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
+ steps:
+ - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const query = `
+ query($owner: String!, $repo: String!, $pr: Int!) {
+ repository(owner: $owner, name: $repo) {
+ pullRequest(number: $pr) {
+ closingIssuesReferences(first: 10) {
+ nodes {
+ labels(first: 100) {
+ nodes {
+ name
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ `;
+
+ const {repository} = await github.graphql(query, {
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ pr: context.issue.number
+ });
+
+ let labels = Array.from(new Set(repository.pullRequest.closingIssuesReferences.nodes
+ .flatMap((node) => node.labels.nodes.map((label) => label.name))))
+ .filter((label) => !label.startsWith("status:"));
+
+ if (labels.length > 0) {
+ console.log(`Adding labels to PR: ${labels}`);
+ await github.rest.issues.addLabels({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ labels: labels
+ });
+ }
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index aadc10b78069..1c9cb8c5cdd9 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -11,7 +11,12 @@ on:
branches:
- '**'
-permissions: read-all
+concurrency:
+ # Cancels in-progress runs only for pull requests
+ group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
@@ -21,16 +26,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Install GraalVM
- uses: graalvm/setup-graalvm@01ed653ac833fe80569f1ef9f25585ba2811baab # v1.3.3
+ uses: graalvm/setup-graalvm@7f488cf82a3629ee755e4e97342c01d6bed318fa # v1.3.5
with:
distribution: graalvm-community
version: 'latest'
java-version: '21'
- github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build
uses: ./.github/actions/main-build
with:
@@ -41,7 +46,7 @@ jobs:
jacocoRootReport \
--no-configuration-cache # Disable configuration cache due to https://github.com/diffplug/spotless/issues/2318
- name: Upload to Codecov.io
- uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+ uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
@@ -49,9 +54,10 @@ jobs:
runs-on: windows-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Build
uses: ./.github/actions/main-build
with:
@@ -61,9 +67,10 @@ jobs:
runs-on: macos-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Build
uses: ./.github/actions/main-build
with:
@@ -76,12 +83,13 @@ jobs:
permissions:
attestations: write # required for build provenance attestation
id-token: write # required for build provenance attestation
- if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main')
+ if: github.event_name == 'push' && github.repository == 'junit-team/junit-framework' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main')
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Publish
uses: ./.github/actions/run-gradle
env:
@@ -93,7 +101,7 @@ jobs:
publish -x check \
prepareGitHubAttestation
- name: Generate build provenance attestations
- uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
+ uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
with:
subject-path: documentation/build/attestation/*.jar
@@ -106,9 +114,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Install Graphviz
run: |
sudo apt-get update
@@ -126,7 +135,7 @@ jobs:
git config --global user.name "JUnit Team"
git config --global user.email "team@junit.org"
- name: Upload Documentation
- if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && github.ref == 'refs/heads/main'
+ if: github.event_name == 'push' && github.repository == 'junit-team/junit-framework' && github.ref == 'refs/heads/main'
uses: ./.github/actions/run-gradle
with:
encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
@@ -135,4 +144,4 @@ jobs:
-Dscan.tag.Documentation
env:
GIT_USERNAME: git
- GIT_PASSWORD: ${{ secrets.GH_TOKEN }}
+ GIT_PASSWORD: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_DOCS_REPO }}
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index c24ae2e85e54..b158dbe3e984 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -7,7 +7,7 @@ on:
push:
branches: [ "main" ]
-permissions: read-all
+permissions: {}
jobs:
analysis:
@@ -21,12 +21,12 @@ jobs:
steps:
- name: "Checkout code"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+ uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
with:
results_file: results.sarif
results_format: sarif
@@ -57,6 +57,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+ uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
with:
sarif_file: results.sarif
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 09ed237ade58..e92b8f9619cd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,12 +15,13 @@ on:
required: false
default: false
-permissions: read-all
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
STAGING_REPO_URL: https://central.sonatype.com/api/v1/publisher/deployment/${{ inputs.deploymentId }}/download
RELEASE_TAG: r${{ inputs.releaseVersion }}
+ RELEASE_VERSION: ${{ inputs.releaseVersion }}
jobs:
@@ -32,10 +33,11 @@ jobs:
id-token: write # required for build provenance attestation
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ persist-credentials: false
- name: Prepare Maven Central user token
uses: ./.github/actions/maven-central-user-token
with:
@@ -46,7 +48,7 @@ jobs:
run: |
curl --silent --fail --location --output /tmp/reference.jar \
--header "Authorization: Bearer $MAVEN_CENTRAL_USER_TOKEN" \
- "${{ env.STAGING_REPO_URL }}/org/junit/jupiter/junit-jupiter-api/${{ inputs.releaseVersion }}/junit-jupiter-api-${{ inputs.releaseVersion }}.jar"
+ "${STAGING_REPO_URL}/org/junit/jupiter/junit-jupiter-api/${RELEASE_VERSION}/junit-jupiter-api-${RELEASE_VERSION}.jar"
sudo apt-get update && sudo apt-get install --yes jc
unzip -c /tmp/reference.jar META-INF/MANIFEST.MF | jc --jar-manifest | jq '.[0]' > /tmp/manifest.json
echo "createdBy=$(jq --raw-output .Created_By /tmp/manifest.json)" >> "$GITHUB_OUTPUT"
@@ -63,7 +65,7 @@ jobs:
--remote-repo-url=${{ env.STAGING_REPO_URL }}
- name: Generate build provenance attestations
if: ${{ inputs.dryRun == false }}
- uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
+ uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
with:
subject-path: build/repo/**/*.jar
@@ -72,40 +74,43 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
ref: "refs/tags/${{ env.RELEASE_TAG }}"
- path: junit5
- - name: Check out samples repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ path: junit-framework
+ persist-credentials: false
+ - name: Check out examples repository
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
- repository: ${{ github.repository_owner }}/junit5-samples
- token: ${{ secrets.GH_TOKEN }}
+ repository: ${{ github.repository_owner }}/junit-examples
+ token: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_EXAMPLES_REPO }}
fetch-depth: 1
- path: junit5-samples
+ path: junit-examples
+ ref: develop/6.x
+ persist-credentials: false
- name: Set up JDK
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
- java-version: 21
+ java-version: 24
distribution: temurin
- - uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7
- - name: Update JUnit dependencies in samples
- run: java src/Updater.java ${{ inputs.releaseVersion }}
- working-directory: junit5-samples
+ - uses: sbt/setup-sbt@f20dc1bc1f8be605c44ffbcec6f17f708a4af9d1 # v1.1.12
+ - name: Update JUnit dependencies in examples
+ run: java src/Updater.java ${RELEASE_VERSION}
+ working-directory: junit-examples
- name: Prepare Maven Central user token
- uses: ./junit5/.github/actions/maven-central-user-token
+ uses: ./junit-framework/.github/actions/maven-central-user-token
with:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
- name: Inject staging repository URL
- run: java src/StagingRepoInjector.java ${{ env.STAGING_REPO_URL }}
- working-directory: junit5-samples
- - name: Build samples
- run: java src/Builder.java --exclude=junit5-jupiter-starter-bazel,junit5-jupiter-starter-sbt
- working-directory: junit5-samples
+ run: java src/StagingRepoInjector.java ${STAGING_REPO_URL}
+ working-directory: junit-examples
+ - name: Build examples
+ run: java src/Builder.java --exclude=junit-jupiter-starter-bazel,junit-jupiter-starter-sbt
+ working-directory: junit-examples
env:
- MAVEN_ARGS: --settings ${{ github.workspace }}/junit5-samples/src/central-staging-maven-settings.xml --activate-profiles central-staging
+ MAVEN_ARGS: --settings ${{ github.workspace }}/junit-examples/src/central-staging-maven-settings.xml --activate-profiles central-staging
close_github_milestone:
name: Close GitHub milestone
@@ -113,33 +118,19 @@ jobs:
permissions:
issues: write
steps:
+ - name: Check out repository
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ with:
+ fetch-depth: 1
+ persist-credentials: false
- name: Close GitHub milestone
if: ${{ inputs.dryRun == false }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
result-encoding: string
script: |
- const milestones = await github.rest.issues.listMilestones({
- owner: context.repo.owner,
- repo: context.repo.repo,
- state: 'all'
- });
- const [milestone] = milestones.data.filter(x => x.title === "${{ inputs.releaseVersion }}")
- if (!milestone) {
- throw new Error('Milestone "${{ inputs.releaseVersion }}" not found');
- }
- if (milestone.open_issues > 0) {
- throw new Error(`Milestone "${{ inputs.releaseVersion }}" has ${milestone.open_issues} open issue(s)`);
- }
- const requestBody = {
- owner: context.repo.owner,
- repo: context.repo.repo,
- milestone_number: milestone.number,
- state: 'closed',
- due_on: new Date().toISOString()
- };
- console.log(requestBody);
- await github.rest.issues.updateMilestone(requestBody);
+ const closeGithubMilestone = require('./.github/scripts/close-github-milestone.js');
+ closeGithubMilestone({ github, context });
publish_deployment:
name: Publish to Maven Central
@@ -147,10 +138,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ persist-credentials: false
- name: Release staging repository
if: ${{ inputs.dryRun == false }}
uses: ./.github/actions/run-gradle
@@ -169,10 +161,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
ref: "refs/tags/${{ env.RELEASE_TAG }}"
+ persist-credentials: false
- name: Install Graphviz and Poppler
run: |
sudo apt-get update
@@ -196,7 +189,7 @@ jobs:
uses: ./.github/actions/run-gradle
env:
GIT_USERNAME: git
- GIT_PASSWORD: ${{ secrets.GH_TOKEN }}
+ GIT_PASSWORD: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_DOCS_REPO }}
with:
encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
arguments: |
@@ -209,79 +202,75 @@ jobs:
id: pagesDeployment
timeout-minutes: 20
run: |
- URL="https://junit.org/junit5/docs/${{ inputs.releaseVersion }}/user-guide/junit-user-guide-${{ inputs.releaseVersion }}.pdf"
+ URL="https://docs.junit.org/${RELEASE_VERSION}/user-guide/junit-user-guide-${RELEASE_VERSION}.pdf"
./.github/scripts/waitForUrl.sh "$URL"
echo "pdfUrl=$URL" >> "$GITHUB_OUTPUT"
- name: Verify integrity of PDF version of User Guide
if: ${{ inputs.dryRun == false }}
run: |
- curl --silent --fail --location --output /tmp/junit-user-guide.pdf "${{ steps.pagesDeployment.outputs.pdfUrl }}"
+ curl --silent --fail --location --output /tmp/junit-user-guide.pdf "${PDF_URL}"
pdfinfo /tmp/junit-user-guide.pdf
+ env:
+ PDF_URL: ${{ steps.pagesDeployment.outputs.pdfUrl }}
- update_samples:
- name: Update samples
+ update_examples:
+ name: Update examples
needs: publish_deployment
runs-on: ubuntu-latest
steps:
- - name: Check out samples repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ - name: Check out examples repository
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
- repository: ${{ github.repository_owner }}/junit5-samples
- token: ${{ secrets.GH_TOKEN }}
+ repository: ${{ github.repository_owner }}/junit-examples
+ token: ${{ secrets.JUNIT_BUILDS_GITHUB_TOKEN_EXAMPLES_REPO }}
fetch-depth: 1
+ ref: develop/6.x
+ persist-credentials: true
- name: Set up JDK
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
- java-version: 21
+ java-version: 24
distribution: temurin
- - uses: sbt/setup-sbt@26ab4b0fa1c47fa62fc1f6e51823a658fb6c760c # v1.1.7
- - name: Update JUnit dependencies in samples
- run: java src/Updater.java ${{ inputs.releaseVersion }}
- - name: Build samples
+ - uses: sbt/setup-sbt@f20dc1bc1f8be605c44ffbcec6f17f708a4af9d1 # v1.1.12
+ - name: Update JUnit dependencies in examples
+ run: java src/Updater.java ${RELEASE_VERSION}
+ - name: Build examples
if: ${{ inputs.dryRun == false }}
run: java src/Builder.java
- name: Create release branch
run: |
git config user.name "JUnit Team"
git config user.email "team@junit.org"
- git switch -c "${{ env.RELEASE_TAG }}"
+ git switch -c "${RELEASE_TAG}"
git status
- git commit -a -m "Use ${{ inputs.releaseVersion }}"
+ git commit -a -m "Use ${RELEASE_VERSION}"
- name: Push release branch
if: ${{ inputs.dryRun == false }}
run: |
- git push origin "${{ env.RELEASE_TAG }}"
+ git push origin "${RELEASE_TAG}"
- name: Update main branch (only for GA releases)
if: ${{ inputs.dryRun == false && !contains(inputs.releaseVersion, '-') }}
run: |
git switch main
- git merge --ff-only "${{ env.RELEASE_TAG }}"
+ git merge --ff-only "${RELEASE_TAG}"
git push origin main
create_github_release:
name: Create GitHub release
if: ${{ inputs.dryRun == false }}
- needs: [ publish_documentation, update_samples ]
+ needs: [ publish_documentation, update_examples ]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
+ - name: Check out repository
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ with:
+ fetch-depth: 1
+ persist-credentials: false
- name: Create GitHub release
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
- const releaseVersion = "${{ inputs.releaseVersion }}";
- const jupiterVersion = releaseVersion;
- const vintageVersion = releaseVersion;
- const platformVersion = "1." + releaseVersion.substring(2);
- const requestBody = {
- owner: context.repo.owner,
- repo: context.repo.repo,
- tag_name: `r${releaseVersion}`,
- name: `JUnit ${releaseVersion}`,
- generate_release_notes: true,
- body: `JUnit ${jupiterVersion} = Platform ${platformVersion} + Jupiter ${jupiterVersion} + Vintage ${vintageVersion}\n\nSee [Release Notes](https://junit.org/junit5/docs/${releaseVersion}/release-notes/).`,
- prerelease: releaseVersion.includes("-"),
- };
- console.log(requestBody);
- await github.rest.repos.createRelease(requestBody);
+ const createGithubRelease = require('./.github/scripts/create-github-release.js');
+ createGithubRelease({ github, context });
diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml
index 546ff5b9cd18..f3ba219e4e14 100644
--- a/.github/workflows/reproducible-build.yml
+++ b/.github/workflows/reproducible-build.yml
@@ -9,7 +9,12 @@ on:
branches:
- '**'
-permissions: read-all
+concurrency:
+ # Cancels in-progress runs only for pull requests
+ group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+permissions: {}
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
@@ -20,9 +25,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 1
+ persist-credentials: false
- name: Restore Gradle cache and display toolchains
uses: ./.github/actions/run-gradle
with:
diff --git a/.github/workflows/sanitize-closed-issues.yml b/.github/workflows/sanitize-closed-issues.yml
index 046be82f7804..ca77b2bd4f9d 100644
--- a/.github/workflows/sanitize-closed-issues.yml
+++ b/.github/workflows/sanitize-closed-issues.yml
@@ -3,7 +3,7 @@ on:
issues:
types:
- closed
-permissions: read-all
+permissions: {}
jobs:
label_issues:
runs-on: ubuntu-latest
diff --git a/.github/workflows/zizmor-analysis.yml b/.github/workflows/zizmor-analysis.yml
new file mode 100644
index 000000000000..2a66b88fbe05
--- /dev/null
+++ b/.github/workflows/zizmor-analysis.yml
@@ -0,0 +1,29 @@
+name: GitHub Actions Security Analysis
+
+on:
+ push:
+ branches:
+ - main
+ - 'releases/**'
+ paths:
+ - '.github/**'
+ pull_request:
+ paths:
+ - '.github/**'
+
+permissions: {}
+
+jobs:
+ zizmor:
+ name: Run zizmor 🌈
+ runs-on: ubuntu-latest
+ permissions:
+ security-events: write
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ with:
+ persist-credentials: false
+
+ - name: Run zizmor 🌈
+ uses: zizmorcore/zizmor-action@5ca5fc7a4779c5263a3ffa0e1f693009994446d1 # v0.1.2
\ No newline at end of file
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
index 9f10a217b5b9..da9a350c8e4c 100644
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@@ -7,6 +7,7 @@