Skip to content

build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 #8292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chadlwilson wants to merge 12 commits into
base: main
Choose a base branch
from
Open

build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 #8292

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
e52950e
build: build with Java 25; test against Java 11/17/21/25
chadlwilson Feb 9, 2026
416f2f6
test(maven): workaround unrelated JarAnalyzer failure to look inside …
chadlwilson Feb 10, 2026
e81016c
build: bump jsonschema2pojo-maven-plugin fropm 1.2.2 to 1.3.3
chadlwilson Feb 9, 2026
eed3c8a
build: manage the exec plugin version properly so dependabot can hand…
chadlwilson Feb 9, 2026
e9c5c0f
test: simplify test dependency mgmt & fix Mockito warn/error on newer…
chadlwilson Feb 9, 2026
251ed5a
test: upgrade groovy version used for scripting and maven postbuild t…
chadlwilson Feb 9, 2026
e816706
build: bump out-of-date/stuck things from versions-maven-plugin
chadlwilson Feb 9, 2026
50791f9
build: fix warnings on properties encodings from maven-resources-plugin
chadlwilson Feb 9, 2026
49cd276
build(security): fix compiler warnings from newer compilers from auto…
chadlwilson Feb 9, 2026
6d699d5
build: consolidate transitives/exclusions to avoid dependency clashes
chadlwilson Feb 9, 2026
568cdeb
test: remove unused mockserver dependencies
chadlwilson Feb 9, 2026
436ca2c
chore: consolidate on jspecify nullability annotations
chadlwilson Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 40 additions & 27 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,30 +9,28 @@ on:
- '**/*.txt'

permissions: {}

jobs:
build:
strategy:
matrix:
jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc
jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using
fail-fast: false

name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }})
permissions:
contents: read # to fetch code (actions/checkout)

name: Build dependency-check
runs-on: ubuntu-latest
runs-on: ubuntu-latest
steps:
- name: Install gpg secret key
if: github.repository_owner == 'dependency-check'
if: matrix.jdk_test_version == matrix.jdk_default_version && github.repository_owner == 'dependency-check'
id: install-gpg-key
run: |
cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Check Local Maven Cache
- name: Maven Integration Test Cache
id: maven-it-cache
uses: actions/cache@v5
with:
Expand All @@ -47,26 +45,36 @@ jobs:
- uses: actions/setup-dotnet@v5.1.0
with:
dotnet-version: '8.0.x'
- name: Set up JDK 11
id: jdk-11
- name: Set up JDKs
uses: actions/setup-java@v5
with:
java-version: 11
java-version: | # last version takes precedence as default
${{ matrix.jdk_test_version }}
${{ matrix.jdk_default_version }}
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
server-id: central
server-username: ${{ secrets.CENTRAL_USER }}
server-password: ${{ secrets.CENTRAL_PASSWORD }}
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: 6.0.2
- name: Build Snapshot with Maven
- name: Build/Test Snapshot with Maven${{ steps.install-gpg-key.outcome == 'success' && ' (then Deploy)' || '' }}
id: build-snapshot
env:
MAVEN_USERNAME: ${{ secrets.CENTRAL_USER }}
MAVEN_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSWORD }}
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: mvn -V -s settings.xml clean package verify source:jar javadoc:jar ${{ steps.install-gpg-key.outcome == 'success' && '-Prelease gpg:sign deploy' || '' }} -DreleaseTesting --no-transfer-progress --batch-mode
run: >
mvn -V -s settings.xml
clean package verify source:jar javadoc:jar
${{ steps.install-gpg-key.outcome == 'success' && '-Prelease gpg:sign deploy' || '' }}
-DreleaseTesting
-Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64"
--no-transfer-progress --batch-mode
- name: SARIF Multitool
uses: microsoft/sarif-actions@v0.2
with:
Expand All @@ -77,10 +85,11 @@ jobs:
if: always()
uses: actions/upload-artifact@v6
with:
name: it-test-logs
name: it-test-logs-jdk-${{ matrix.jdk_test_version }}
retention-days: 7
path: maven/target/it/**/build.log
- name: Archive code coverage results
if: matrix.jdk_test_version == matrix.jdk_default_version
id: archive-coverage
uses: actions/upload-artifact@v6
with:
Expand All @@ -90,6 +99,7 @@ jobs:
**/target/jacoco-results/jacoco.xml
**/target/jacoco-results/**/*.html
- name: Archive Snapshot
if: matrix.jdk_test_version == matrix.jdk_default_version
id: archive-snapshot
uses: actions/upload-artifact@v6
with:
Expand All @@ -112,14 +122,14 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v5
- name: Set up JDK
uses: actions/setup-java@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
java-version: '25'
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- name: Download release build
uses: actions/download-artifact@v7
with:
Expand All @@ -131,6 +141,9 @@ jobs:
- name: Build Docker Image
run: ./build-docker.sh
- name: build scan target
run: mvn -V -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode
run: >
mvn -V -s settings.xml -pl cli -am
package -DskipTests=true
--no-transfer-progress --batch-mode
- name: Test Docker Image
run: ./test-docker.sh
123 changes: 76 additions & 47 deletions .github/workflows/pull_requests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,39 +6,52 @@ on:
- '**/*.md'
- '**/*.txt'

permissions: {}

jobs:
test:
name: Build and Test
build:
strategy:
matrix:
jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc
jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using
fail-fast: false

name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }})
permissions:
security-events: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v5
with:
path: ~/.m2/repository/
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
path: core/target/data
key: odc-data
- uses: actions/setup-dotnet@v5.1.0
with:
dotnet-version: '8.0.x'
- name: Set up JDK 11
id: jdk-11
- name: Set up JDKs
uses: actions/setup-java@v5
with:
java-version: 11
java-version: | # last version takes precedence as default
${{ matrix.jdk_test_version }}
${{ matrix.jdk_default_version }}
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: 6.0.2
- name: Test with Maven
- name: Build/Test with Maven
id: build
run: |
mvn -V -s settings.xml -pl utils,core,cli,ant,archetype -am compile verify --no-transfer-progress --batch-mode
run: >
mvn -V -s settings.xml -pl '!maven' -am
compile verify
-Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64"
--no-transfer-progress --batch-mode
- name: SARIF Multitool
uses: microsoft/sarif-actions@v0.2
with:
Expand All @@ -65,6 +78,7 @@ jobs:
sarif_file: core/target/spotbugsSarif.json
category: spotbugs-core
- name: Archive Snapshot
if: matrix.jdk_test_version == matrix.jdk_default_version
id: archive-snapshot
uses: actions/upload-artifact@v6
with:
Expand All @@ -78,45 +92,63 @@ jobs:
cli/target/*.zip

maven:
name: Regression Test Maven Plugin
strategy:
matrix:
jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc
jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using
fail-fast: false

name: Regression Test Maven Plugin (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }})
permissions:
security-events: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
- name: Maven Integration Test Cache
id: maven-it-cache
uses: actions/cache@v5
with:
path: maven/target/local-repo
key: mvn-it-repo
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v5
with:
path: ~/.m2/repository/
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
path: core/target/data
key: odc-data
- uses: actions/setup-dotnet@v5.1.0
with:
dotnet-version: '8.0.x'
- name: Set up JDK 11
id: jdk-11
- name: Set up JDKs
uses: actions/setup-java@v5
with:
java-version: 11
java-version: | # last version takes precedence as default
${{ matrix.jdk_test_version }}
${{ matrix.jdk_default_version }}
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: 6.0.2
- name: Regression Test Maven Plugin
id: build
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: |
mvn -V -s settings.xml -pl maven -am compile verify -DtestMavenPlugin -DreleaseTesting --no-transfer-progress --batch-mode
run: >
mvn -V -s settings.xml -pl maven -am
compile verify
-DskipTests -DskipTests.maven=false -DreleaseTesting
-Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64"
--no-transfer-progress --batch-mode
- name: Archive IT test logs
id: archive-logs
if: always()
uses: actions/upload-artifact@v6
with:
name: it-test-logs
name: it-test-logs-jdk-${{ matrix.jdk_test_version }}
retention-days: 7
path: maven/target/it/**/build.log
- name: Upload SARIF file
Expand All @@ -133,20 +165,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v5
with:
path: ~/.m2/repository/
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set up JDK 11
id: jdk-11
- name: Set up JDK
uses: actions/setup-java@v5
with:
java-version: 11
java-version: '25'
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- name: Checkstyle
id: checkstyle
run: |
Expand All @@ -163,18 +189,18 @@ jobs:

name: Build and Test Docker
runs-on: ubuntu-latest
needs: test
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v5
- name: Set up JDK
uses: actions/setup-java@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
java-version: '25'
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- name: Download release build
uses: actions/download-artifact@v7
with:
Expand All @@ -186,6 +212,9 @@ jobs:
- name: Build Docker Image
run: ./build-docker.sh
- name: build scan target
run: mvn -V -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode
run: >
mvn -V -s settings.xml -pl cli -am
package -DskipTests=true
--no-transfer-progress --batch-mode
- name: Test Docker Image
run: ./test-docker.sh
18 changes: 9 additions & 9 deletions .github/workflows/purge-cache.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Check Local Maven Cache
- name: Maven Integration Test Cache
id: maven-it-cache
uses: actions/cache@v5
with:
Expand All @@ -31,6 +23,14 @@ jobs:
with:
path: core/target/data
key: odc-data
- name: Set up JDK
uses: actions/setup-java@v5
with:
java-version: '25'
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- name: Delete Data Directories
run: |
rm -rf ~/.m2/repository/org/owasp/dependency-check-data
Expand Down
Loading
Loading