jenkinsci · uhafner · Nov 28, 2025 · Sep 23, 2025 · Sep 25, 2025 · Sep 25, 2025
diff --git a/.github/quality-gates.json b/.github/quality-gates.json
@@ -0,0 +1,32 @@
+{
+  "qualityGates": [
+    {
+      "metric": "tests-success-rate",
+      "name": "Tests Success Rate",
+      "threshold": 100.0,
+      "criticality": "FAILURE"
+    },
+    {
+      "metric": "line",
+      "threshold": 80.0,
+      "criticality": "UNSTABLE"
+    },
+    {
+      "metric": "branch",
+      "threshold": 75.0,
+      "criticality": "UNSTABLE"
+    },
+    {
+      "metric": "bugs",
+      "name": "Potential Bugs",
+      "threshold": 0.0,
+      "criticality": "FAILURE"
+    },
+    {
+      "metric": "style",
+      "name": "Style Violations",
+      "threshold": 0.0,
+      "criticality": "FAILURE"
+    }
+  ]
+}
diff --git a/.github/quality-monitor.json b/.github/quality-monitor.json
@@ -0,0 +1,145 @@
+{
+  "tests": {
+    "name": "Tests",
+    "tools": [
+      {
+        "id": "junit",
+        "name": "Unit Tests",
+        "pattern": "**/target/surefire-reports/TEST*forensics*.xml"
+      },
+      {
+        "id": "junit",
+        "icon": "rocket",
+        "name": "Integration Tests",
+        "pattern": "**/target/failsafe-reports/TEST*.xml"
+      },
+      {
+        "id": "junit",
+        "icon": "no_entry",
+        "name": "Architecture Tests",
+        "pattern": "**/target/surefire-reports/TEST*archunit*.xml"
+      }
+    ]
+  },
+  "analysis": [
+    {
+      "name": "Style",
+      "id": "style",
+      "tools": [
+        {
+          "id": "checkstyle",
+          "pattern": "**/target/**checkstyle-result.xml"
+        },
+        {
+          "id": "pmd",
+          "pattern": "**/target/pmd-*/pmd.xml"
+        },
+        {
+          "id": "java",
+          "icon": "coffee",
+          "pattern": "**/maven.log"
+        }
+      ]
+    },
+    {
+      "name": "Bugs",
+      "id": "bugs",
+      "icon": "bug",
+      "tools": [
+        {
+          "id": "spotbugs",
+          "sourcePath": "src/main/java",
+          "pattern": "**/target/spotbugsXml.xml"
+        },
+        {
+          "id": "error-prone",
+          "pattern": "**/maven.log"
+        }
+      ]
+    },
+    {
+      "name": "API Problems",
+      "id": "api",
+      "icon": "no_entry_sign",
+      "tools": [
+        {
+          "id": "revapi",
+          "sourcePath": "src/main/java",
+          "pattern": "**/target/revapi-result.json"
+        }
+      ]
+    },
+    {
+      "name": "Vulnerabilities",
+      "id": "vulnerabilities",
+      "icon": "shield",
+      "tools": [
+        {
+          "icon": "shield",
+          "id": "owasp-dependency-check",
+          "icon": "shield",
+          "pattern": "**/target/dependency-check-report.json"
+        }
+      ]
+    }
+  ],
+  "coverage": [
+    {
+      "name": "Code Coverage",
+      "tools": [
+        {
+          "id": "jacoco",
+          "metric": "line",
+          "sourcePath": "src/main/java",
+          "pattern": "**/target/site/jacoco/jacoco.xml"
+        },
+        {
+          "id": "jacoco",
+          "metric": "branch",
+          "sourcePath": "src/main/java",
+          "pattern": "**/target/site/jacoco/jacoco.xml"
+        }
+      ]
+    }
+  ],
+  "metrics": {
+    "name": "Software Metrics",
+    "tools": [
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "CYCLOMATIC_COMPLEXITY"
+      },
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "COGNITIVE_COMPLEXITY"
+      },
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "NPATH_COMPLEXITY"
+      },
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "LOC"
+      },
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "NCSS"
+      },
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "COHESION"
+      },
+      {
+        "id": "metrics",
+        "pattern": "**/metrics/pmd.xml",
+        "metric": "WEIGHT_OF_CLASS"
+      }
+    ]
+  }
+}
diff --git a/.github/workflows/check-md-links.yml b/.github/workflows/check-md-links.yml
@@ -7,8 +7,8 @@ jobs:
     name: 'Check Markdown links'
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v5
-      - uses: umbrelladocs/action-linkspector@v1.3.7
+      - uses: actions/checkout@v6
+      - uses: umbrelladocs/action-linkspector@v1.4.0
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-pr-check

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,19 +10,20 @@ jobs:
   build:
 
     strategy:
+      fail-fast: false
       matrix:
         platform: [ubuntu-latest, macos-latest, windows-latest]
-        jdk: [17, 21]
+        jdk: [21, 25]
 
     runs-on: ${{ matrix.platform }}
     name: on ${{ matrix.platform }} with JDK ${{ matrix.jdk }}
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up JDK ${{ matrix.jdk }}
         uses: actions/setup-java@v5
         with:
-          distribution: 'corretto'
+          distribution: 'temurin'
           java-version: '${{ matrix.jdk }}'
           check-latest: true
           cache: 'maven'

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -23,7 +23,7 @@ jobs:
         language: [ java ]
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: Setup Java
         uses: actions/setup-java@v5
@@ -38,7 +38,7 @@ jobs:
           maven-version: 3.9.11
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
@@ -47,7 +47,7 @@ jobs:
         run: mvn -V --color always -ntp clean verify -Pskip
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           upload: false
           output: sarif-results
@@ -62,6 +62,6 @@ jobs:
           output: sarif-results/${{ matrix.language }}.sarif
 
       - name: Upload SARIF results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: sarif-results/${{ matrix.language }}.sarif
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
diff --git a/.github/workflows/jenkins-security-scan.yml b/.github/workflows/jenkins-security-scan.yml
@@ -17,5 +17,5 @@ jobs:
   security-scan:
     uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v2
     with:
-      java-cache: 'maven' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.
-      # java-version: 21 # Optionally specify what version of Java to set up for the build, or remove to use a recent default.
+      java-cache: 'maven'
+      java-version: 21
diff --git a/.github/workflows/quality-monitor-build.yml b/.github/workflows/quality-monitor-build.yml
@@ -0,0 +1,59 @@
+name: 'Quality Monitor Build'
+
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: [ubuntu-latest]
+    name: Create quality reports
+
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@v6
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: 21
+          check-latest: true
+          cache: 'maven'
+      - name: Set up Maven
+        uses: stCarolas/setup-maven@v5
+        with:
+          maven-version: 3.9.11
+      - name: Cache the NVD database
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository/org/owasp/dependency-check-data
+          key: dependency-check
+      - name: Check if quality monitor reports mutation coverage
+        run: |
+          FILE='.github/quality-monitor.json'
+          PATTERN='target/pit-reports/mutations.xml'
+          if [ -f "$FILE" ]; then
+            if grep -q "$PATTERN" "$FILE"; then
+              echo "PIT=-Ppit" >> "$GITHUB_ENV"
+            fi
+          fi
+      - name: Build with Maven
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+          OSS_INDEX_TOKEN: ${{ secrets.OSS_INDEX_TOKEN }}
+          PIT: ${{ env.PIT }}
+          BROWSER: chrome-container
+        run: |
+          mvn -V --color always -ntp clean verify $PIT -Pci -Powasp | tee maven.log
+          if [ "${PIPESTATUS[0]}" != "0" ]; then
+             exit 1;
+          fi
+          mv -fv maven.log target/maven.log
+      - name: Upload Quality Reports
+        uses: actions/upload-artifact@v5
+        with:
+          name: quality-reports
+          path: |
+            **/target/**/*.json
+            **/target/**/*.xml
+            **/target/**/*.log
+