Conversation
Bring CI tooling and the build configuration up to date so the project builds cleanly on current JDK 17 patches and so workflow regressions are caught automatically. Workflows: - Add an actionlint job to ci.yml that gates the test job, so broken workflow YAML can never reach master again - Bump Java matrix from [17, 18] (18 is EOL) to [17, 21] (LTS) - Pin every action to a full commit SHA with a trailing version comment for supply chain safety; Dependabot keeps the SHA + comment in sync - Update all actions to current latest: checkout v6.0.2, cache v5.0.4, setup-java v5.2.0, cancel-workflow-action 0.13.1, release-drafter v7.2.0 (release-drafter v5 used Node 16 and could no longer run on GH runners) - Remove the broken publish_snapshot_github job from release.yml: it had a missing job dependency, a malformed shell command, and a YAML indentation error and could never have executed - Note in dependabot.yml that actions are SHA-pinned Build: - Bump Lombok 1.18.24 -> 1.18.34 to fix a JCImport.qualid NoSuchFieldError on JDK 17.0.7+ - Merge two duplicate maven-jar-plugin entries in pluginManagement: the second declaration silently dropped the 3.2.2 version pin and let Maven resolve to 3.4.1, which is stricter and rejected the redundant unclassified jar execution - Remove the redundant explicit jar goal binding (the default execution already binds it) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
checkoutv6,cachev5,setup-javav5,release-drafterv7,cancel-workflow-action0.13.1), and replace EOL Java 18 in the matrix with Java 21 LTSactionlintjob runs first inci.ymland thetestjob depends on it, so broken workflow YAML can never reach master againpublish_snapshot_githubjob fromrelease.yml(missing job dependency, malformed shell command, YAML indentation error — it could never have executed)JCImport.qualidNoSuchFieldErrorthat breaks the build on JDK 17.0.7+pluginManagemententries — the second silently dropped the 3.2.2 version pin and let Maven pick 3.4.1, which is stricter and rejected the redundant unclassifiedjarexecution. Also drop the redundant explicitjargoal binding (the default execution already binds it)Why now
mvn clean installwas broken locally on any JDK 17.0.7+ via Lombok, and once that was fixed it surfaced a latentpluginManagementbug. Both are fixed here.actionlintimmediately earned its keep by catching the stalerelease-drafter@v5(Node 16, no longer runnable on GH runners) that I'd otherwise have missed.Test plan
mvn clean installpasses all 5 modules locally on JDK 17.0.18actionlint .github/workflows/*.ymlcleanactionlintjob runs and gates thetestjob🤖 Generated with Claude Code