Merge branch 'develop' into new-secret-service

Author: purejava

.github/workflows/build.yml

@@ -1,33 +1,110 @@
 name: Build
 on:
   push:
+  pull_request_target:
+    types: [labeled]
+
+env:
+  JAVA_VERSION: 25
 
 jobs:
   build:
     name: Build and Test
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # Required for the attestations step
+      attestations: write # Required for the attestations step
     steps:
       - uses: actions/checkout@v5
       - uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
-          java-version: 24
+          java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
       - name: Ensure to use tagged version
         if: startsWith(github.ref, 'refs/tags/')
-        shell: bash
-        run: |
-          mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+        run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
-        id: buildAndTest
-        run: mvn -B clean verify
-      - uses: actions/upload-artifact@v4
+        run: mvn -B verify --no-transfer-progress
+      - name: Attest
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: actions/attest-build-provenance@v3
+        with:
+          subject-path: |
+            target/*.jar
+            target/*.pom
+      - uses: actions/upload-artifact@v5
         with:
           name: artifacts
           path: target/*.jar
+
+  deploy-central:
+    name: Deploy to Maven Central
+    runs-on: ubuntu-latest
+    permissions: {}
+    needs: [build]
+    if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: ${{ env.JAVA_VERSION }}
+          cache: 'maven'
+          server-id: central
+          server-username: MAVEN_CENTRAL_USERNAME
+          server-password: MAVEN_CENTRAL_PASSWORD
+      - name: Verify project version matches tag
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
+          test "$PROJECT_VERSION" = "${GITHUB_REF##*/}"
+      - name: Deploy to Maven Central
+        run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
+        env:
+          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+          MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }}
+
+  deploy-github:
+    name: Deploy to GitHub Packages
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write # Required for the deploy to GitHub Packages step
+    needs: [build]
+    if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-java@v5
+        with:
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Verify project version matches tag
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
+          test "$PROJECT_VERSION" = "${GITHUB_REF##*/}"
+      - name: Deploy to GitHub Packages
+        run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+          MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }}
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Required for the release step
+    needs: [deploy-central, deploy-github]
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
       - name: Create Release
         uses: softprops/action-gh-release@v2
-        if: startsWith(github.ref, 'refs/tags/')
         with:
           prerelease: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -22,13 +22,13 @@ jobs:
     - uses: actions/setup-java@v5
       with:
         distribution: 'temurin'
-        java-version: 24
+        java-version: 25
         cache: 'maven'
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: java
     - name: Build
       run: mvn -B test
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4

.github/workflows/dependency-check.yml

@@ -15,7 +15,7 @@ jobs:
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
-      java-version: 24
+      java-version: 25
     secrets:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
       ossindex-username: ${{ secrets.OSSINDEX_USERNAME }}

.github/workflows/publish-central.yml

@@ -5,7 +5,7 @@ on:
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: 24
+  JAVA_VERSION: 25
 
 defaults:
   run:

.github/workflows/publish-github.yml

@@ -7,11 +7,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 The changelog starts with version 1.6.1.
 Changes to prior versions can be found on the [Github release page](https://github.com/cryptomator/integrations-linux/releases).
 
-## [Unreleased]
+## [Unreleased](https://github.com/cryptomator/integrations-linux/compare/1.6.1...HEAD)
 
-No changes yet.
+* Require JDK 25
 
-## [1.6.1] - 2025-09-17
+## [1.6.1](https://github.com/cryptomator/integrations-linux/releases/tag/1.6.1) - 2025-09-17
 
 ### Changed
 

.github/workflows/pullrequest.yml

@@ -9,5 +9,5 @@ This library uses the following JVM properties:
 
 ## Building Requirements
 
-* JDK 24
+* JDK 25
 * Maven 3.9.6

.idea/misc.xml

@@ -36,32 +36,46 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.jdk.version>24</project.jdk.version>
+		<project.jdk.version>25</project.jdk.version>
 
 		<!-- runtime dependencies -->
 
-		<api.version>1.7.0</api.version>
+		<api.version>1.8.0-SNAPSHOT</api.version>
 		<secret-service.version>2.0.1-alpha</secret-service.version>
 		<kdewallet.version>1.4.0</kdewallet.version>
 		<secret-service-02.version>1.0.1</secret-service-02.version>
 		<slf4j.version>2.0.17</slf4j.version>
 		<appindicator.version>1.4.2</appindicator.version>
 
 		<!-- test dependencies -->
-		<junit.version>5.13.4</junit.version>
+		<junit.version>6.0.1</junit.version>
 
 		<!-- build plugin dependencies -->
-		<mvn-compiler.version>3.14.0</mvn-compiler.version>
+		<mvn-compiler.version>3.14.1</mvn-compiler.version>
 		<mvn-surefire.version>3.5.4</mvn-surefire.version>
-		<mvn-enforcer.version>3.6.1</mvn-enforcer.version>
+		<mvn-enforcer.version>3.6.2</mvn-enforcer.version>
 		<mvn-source.version>3.3.1</mvn-source.version>
-		<mvn-javadoc.version>3.11.3</mvn-javadoc.version>
+		<mvn-javadoc.version>3.12.0</mvn-javadoc.version>
 		<mvn-gpg.version>3.2.8</mvn-gpg.version>
 		<mvn-deploy.version>3.1.4</mvn-deploy.version>
-		<dependency-check.version>12.1.3</dependency-check.version>
-		<central-publishing.version>0.8.0</central-publishing.version>
+		<dependency-check.version>12.1.8</dependency-check.version>
+		<central-publishing.version>0.9.0</central-publishing.version>
 	</properties>
 
+	<repositories>
+		<repository>
+			<name>Central Portal Snapshots</name>
+			<id>central-portal-snapshots</id>
+			<url>https://central.sonatype.com/repository/maven-snapshots/</url>
+			<releases>
+				<enabled>false</enabled>
+			</releases>
+			<snapshots>
+				<enabled>true</enabled>
+			</snapshots>
+		</repository>
+	</repositories>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.cryptomator</groupId>