hibernate
diff --git a/‎.git-blame-ignore-revs‎
Lines changed: 7 additions & 0 deletions b/‎.git-blame-ignore-revs‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.gitattributes‎
Lines changed: 17 additions & 0 deletions b/‎.gitattributes‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 15 additions & 0 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎.github/ci-prerequisites-atlas.sh‎
Lines changed: 6 additions & 0 deletions b/‎.github/ci-prerequisites-atlas.sh‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/ci-prerequisites.sh‎
Lines changed: 1 addition & 0 deletions b/‎.github/ci-prerequisites.sh‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 145 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 145 additions & 0 deletions
diff --git a/‎.github/hibernate-github-bot.yml‎
Lines changed: 80 additions & 0 deletions b/‎.github/hibernate-github-bot.yml‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎.github/workflows/ci-report.yml‎
Lines changed: 78 additions & 0 deletions b/‎.github/workflows/ci-report.yml‎
Lines changed: 78 additions & 0 deletions
@@ -0,0 +1,7 @@
+# Initial commits that enabled spotless automatic formatting
+59731c089e9d649a663c81d9622b54557d6aba37
+4d63ffd98cdead513ab0be0fa23f9787423092d3
+# Envers removal/restore
+9c7dd3bf34dfbb2f4fa9eb79a0294c2cc759c836
+b2a528f2945cee26667b22b867ccef143b7c430c
+4273f1cde06f3622f50c2846078398c1977a49c4
@@ -0,0 +1,17 @@
+# By default, detect text files automatically, and use whatever line terminators make sense for the OS
+* text=auto eol=lf
+
+# Java files are text, and we want Java-friendly readable hunk headers for diff
+*.java text diff=java eol=lf
+
+# Force LF/CRLF format for files that are known to require it.
+*.sh text eol=lf
+*.bat text eol=crlf
+
+# For some reason the above is not enough, in particular for gradlew.bat,
+# as some commands (git status, git add --renormalize) will still change its line endings to LF.
+# So, we explicitly tell git not to mess with *.bat line endings.
+# It's annoying as git won't show diffs for these files anymore,
+# but that's the best I could come up with after an hour of head-scratching.
+*.bat binary
+
@@ -0,0 +1,15 @@
+<!--
+If this is your first time contributing to the project, please consider reviewing https://github.com/hibernate/hibernate-orm/blob/main/CONTRIBUTING.md
+-->
+
+[Please describe here what your change is about]
+
+<!--
+Please read and do not remove the following lines:
+-->
+----------------------
+By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0.txt)
+and can be relicensed under the terms of the [LGPL v2.1 license](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) in the future at the maintainers' discretion.
+For more information on licensing, please check [here](https://github.com/hibernate/hibernate-orm/blob/main/CONTRIBUTING.md#legal).
+
+----------------------
@@ -0,0 +1,6 @@
+# Reclaims disk space and sanitizes user home on Atlas infrastructure
+
+# We use the GitHub cache for the relevant parts of these directories.
+# Also, we do not want to keep things like ~/.gradle/build-scan-data.
+rm -rf ~/.gradle/
+rm -rf ~/.m2/
@@ -1,5 +1,6 @@
 # Reclaim disk space, otherwise we only have 13 GB free at the start of a job
 
+# Remove the container images for node:
 docker rmi node:10 node:12 mcr.microsoft.com/azure-pipelines/node8-typescript:latest
 # That is 18 GB
 sudo rm -rf /usr/share/dotnet
 
@@ -0,0 +1,145 @@
+version: 2
+registries:
+  gradle-plugin-portal:
+    type: maven-repository
+    url: https://plugins.gradle.org/m2
+    username: dummy # Required by dependabot
+    password: dummy # Required by dependabot
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: monthly
+    groups:
+      workflow-actions:
+        patterns:
+          - "*"
+    allow:
+      - dependency-name: "actions/*"
+      - dependency-name: "redhat-actions/*"
+  - package-ecosystem: "gradle"
+    directory: "/"
+    registries:
+      - gradle-plugin-portal
+    schedule:
+      interval: "weekly"
+      day: "wednesday"
+    open-pull-requests-limit: 20
+    groups:
+      # These are used in tooling we publish (Gradle, Ant, Maven plugins)
+      # and thus must be treated as runtime dependencies,
+      # which cannot be included in the build-dependencies group below.
+      tooling-dependencies:
+        patterns:
+          # Note: Gradle tooling dependencies seem to be tied to the version of Gradle we use for building.
+          - "org.apache.ant*"
+          - "org.apache.maven:maven-plugin-api"
+          - "org.apache.maven:maven-project"
+          - "org.apache.maven.shared:file-management"
+          - "org.apache.maven.plugin-tools:maven-plugin-annotations"
+      # This group combines all build-only dependencies. Published artifacts do not depend on them.
+      # Grouping such dependencies will make Dependabot create PRs with a branch name
+      # following the pattern (`dependabot/maven/build-dependencies-.*`)
+      # and with a title like `Bump the build-dependencies group with 8 updates` that we can easily
+      # use for Hibernate Bot rules.
+      build-dependencies:
+        patterns:
+          # Gradle plugins:
+          - "com.gradle*"
+          - "org.moditect*"
+          - "de.thetaphi*"
+          - "org.gradlex*"
+          - "org.hibernate.build*"
+          - "org.hibernate.orm.build*"
+          - "org.hibernate.orm.database-service*"
+          - "org.hibernate.orm.antlr*"
+          - "io.github.gradle-nexus*"
+          - "biz.aQute.bnd*"
+          - "org.checkerframework*"
+          - "org.jetbrains.gradle*"
+          - "com.dorongold*"
+          - "org.asciidoctor*"
+          - "com.diffplug.spotless*"
+          # Local build plugin dependencies:
+          - "org.apache.maven*"
+          - "org.apache.httpcomponents*"
+          # DB drivers:
+          - "com.h2database:h2"
+          - "org.orbisgis:h2gis"
+          - "org.hsqldb:hsqldb"
+          - "org.apache.derby*"
+          - "org.postgresql:*"
+          - "com.enterprisedb:*"
+          - "com.mysql:mysql-connector-j"
+          - "org.mariadb.jdbc:mariadb-java-client"
+          - "com.oracle.database.*"
+          - "com.microsoft.sqlserver:mssql-jdbc"
+          - "com.ibm.db2:jcc"
+          - "com.sap.cloud.db.jdbc:ngdbc"
+          - "net.sourceforge.jtds:jtds"
+          - "com.ibm.informix:jdbc"
+          - "org.firebirdsql.jdbc:jaybird"
+          - "com.altibase:altibase-jdbc"
+          # Other test dependencies
+          - "org.apache.groovy:groovy-jsr223" # used for scripting maven plugin
+          - "org.apache.commons:commons-lang3" # used in hibernate-search-util-common tests
+          - "org.apache.commons:commons-math3" # used to solve dependency convergence for Wiremock
+          - "org.openjdk.jmh:*" # performance testing dependency
+          - "com.google.guava:guava" # Guava is used in our test utils
+          - "org.asciidoctor:*" # Asciidoctor is used for rendering the documentation
+          - "org.jboss.marshalling:jboss-marshalling" # JBeret IT dependency
+          - "org.wildfly.security:wildfly-security-manager" # JBeret IT dependency
+          - "org.springframework.boot:*" # Spring is only for ITs
+          - "io.agroal:agroal-spring-boot-starter" # part of Spring dependencies, is only for ITs
+          - "dev.snowdrop:narayana-spring-boot-starter" # part of Spring dependencies, is only for ITs
+          - "org.mockito:*"
+          - "org.hamcrest:*"
+          - "org.apache.logging.log4j:*"
+          - "org.assertj:*"
+          - "org.jsoup:*"
+          - "org.junit*"
+          - "org.jboss.weld.se:*"
+          - "org.jboss.narayana.*:*"
+          - "org.wildfly.transaction:*"
+          - "org.jboss:jboss-transaction-spi"
+          - "org.jboss.shrinkwrap*"
+          - "org.jboss.byteman*"
+      hibernate:
+        patterns:
+          - "org.hibernate*"
+      jakarta:
+        patterns:
+          - "jakarta.*"
+          - "org.glassfish*"
+          - "org.eclipse:yasson"
+    ignore:
+      # Avoid non-patch updates for complex dependencies and their implementation, even if we only use them for tests.
+      - dependency-name: "org.hibernate*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "jakarta.*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.jboss.narayana*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.jboss.weld*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.wildfly*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.glassfish*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.eclipse:yasson"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.apache.maven*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.apache.ant*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Avoid non-patch updates for JUnit, because it is exposed in hibernate-testing,
+      # which contains @BytecodeEnhanced, which is very sensitive to internal changes in JUnit.
+      - dependency-name: "org.junit*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Sticking to SLF4J 1.x for now since later versions require upgrading providers
+      # (Log4j, ... see https://www.slf4j.org/faq.html#changesInVersion200),
+      # and also because we only need this dependency for Maven,
+      # which is currently still on SLF4J 1.x
+      # (see https://central.sonatype.com/artifact/org.apache.maven/maven-embedder/3.9.9/dependencies)
+      - dependency-name: "org.slf4j:*"
+        update-types: ["version-update:semver-major"]
@@ -1,3 +1,83 @@
 ---
 jira:
   projectKey: "HHH"
+  insertLinksInPullRequests: true
+  ignore:
+    # See the `build-dependencies` group in Dependabot's configuration file
+    - user: dependabot[bot]
+      titlePattern: "Bump.*the (build-dependencies|workflow-actions) group.*+"
+  ignoreFiles:
+    # Git
+    - ".git*"
+    - "*/.git*"
+    - ".mailmap"
+    # Gradle
+    - "gradlew*"
+    - "gradle/"
+    - "local-build-plugins/"
+    - "build.gradle"
+    # NOT settings.gradle: contains dependency versions, changing those requires a Jira issue
+    - "utilities.gradle"
+    # CI
+    - ".github/"
+    - ".release/"
+    - "ci/"
+    - "databases/"
+    - "*.sh"
+    - "*.bat"
+    - "Jenkinsfile"
+    - "*/Jenkinsfile"
+    - "*.Jenkinsfile"
+    # In-repo documentation
+    - "design/"
+    - "README.adoc"
+    - "MAINTAINERS.md"
+    - "CONTRIBUTING.md"
+    # Misc. build files
+    - "checkerstubs/"
+    - "drivers/"
+    - "edb/"
+    - "etc/"
+    - "javadoc/"
+    - "patched-libs/"
+    - "release/"
+    - "rules/"
+    - "shared/"
+    - ".sdkmanrc"
+    - "*/.sdkmanrc"
+develocity:
+  buildScan:
+    addCheck: true
+    tags:
+      - column: "OS"
+        pattern: "Linux"
+      - column: "OS"
+        pattern: "Windows.*"
+        replacement: "Windows"
+      - column: "Java"
+        pattern: "jdk-(.*)"
+        replacement: "$1"
+      - column: "Java"
+        pattern: "s390x"
+        replacement: "$0"
+      - column: "DB"
+        pattern: "((?:h2|postgres(?:ql)?|pgsql|mysql|mariadb|mssql|tidb|cockroach(?:db)?|oracle|db2|hsqldb|edb|sybase)(?:.*(?=_ci)|.*))(?:_ci)?"
+        replacement: "$1"
+      - pattern: "main|HEAD|\\d+.\\d+|PR-\\d+"
+        replacement: "" # Just remove these tags
+licenseAgreement:
+  enabled: true
+  ignore:
+    - user: dependabot[bot]
+      titlePattern: "Bump.*"
+    # Members of this team already agreed to both LGPL and ASL2 for all their contributions.
+    - team:
+          name: license-agreement
+          organization: hibernate
+      titlePattern: ".*"
+branches:
+  enabled: true
+  label: "%s"
+  ignore:
+    - user: dependabot[bot]
+      titlePattern: ".*"
@@ -0,0 +1,78 @@
+name: GH Actions CI reporting
+
+on:
+  workflow_run:
+    workflows: [ "GH Actions CI" ]
+    types: [ completed ]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  publish-build-scans:
+    name: Publish Develocity build scans
+    if: github.repository == 'hibernate/hibernate-orm' && github.event.workflow_run.conclusion != 'cancelled'
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout target branch which has trusted code
+      - name: Check out target branch
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          ref: ${{ github.ref }}
+      - name: Set up JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: 'temurin'
+          java-version: '25'
+
+      - name: Generate cache key
+        id: cache-key
+        run: |
+          CURRENT_BRANCH="${{ github.repository != 'hibernate/hibernate-orm' && 'fork' || github.base_ref || github.ref_name }}"
+          CURRENT_MONTH=$(/bin/date -u "+%Y-%m")
+          CURRENT_DAY=$(/bin/date -u "+%d")
+          ROOT_CACHE_KEY="buildtool-cache"
+          echo "buildtool-monthly-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}" >> $GITHUB_OUTPUT
+          echo "buildtool-monthly-branch-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}" >> $GITHUB_OUTPUT
+          echo "buildtool-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}-${CURRENT_DAY}" >> $GITHUB_OUTPUT
+      - name: Restore Maven/Gradle Dependency/Dist Caches
+        uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        with:
+          path: |
+            ~/.m2/repository/
+            ~/.m2/wrapper/
+            ~/.gradle/caches/modules-2
+            ~/.gradle/wrapper/
+          key: ${{ steps.cache-key.outputs.buildtool-cache-key }}
+          restore-keys: |
+            ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}-
+            ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}-
+
+      - name: Download GitHub Actions artifacts for the Develocity build scans
+        id: downloadBuildScan
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          pattern: build-scan-data-*
+          github-token: ${{ github.token }}
+          repository: ${{ github.repository }}
+          run-id: ${{ github.event.workflow_run.id }}
+          path: /tmp/downloaded-build-scan-data/
+        # Don't fail the build if there are no matching artifacts
+        continue-on-error: true
+      - name: Publish Develocity build scans for previous builds
+        if: ${{ steps.downloadBuildScan.outcome != 'failure'}}
+        run: |
+          shopt -s nullglob # Don't run the loop below if there are no artifacts
+          status=0
+          mkdir -p ~/.gradle/
+          for build_scan_data_directory in /tmp/downloaded-build-scan-data/*
+          do
+            rm -rf ~/.gradle/build-scan-data
+            mv "$build_scan_data_directory" ~/.gradle/build-scan-data \
+            && ./gradlew --no-build-cache buildScanPublishPrevious || status=1
+          done
+          exit $status
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY_PR }}