build: Clean up pom.xml duplicates and over-broad .gitignore#160
Open
astubbs wants to merge 7 commits into
Open
build: Clean up pom.xml duplicates and over-broad .gitignore#160astubbs wants to merge 7 commits into
astubbs wants to merge 7 commits into
Conversation
Bring CI tooling and the build configuration up to date so the project builds cleanly on current JDK 17 patches and so workflow regressions are caught automatically. Workflows: - Add an actionlint job to ci.yml that gates the test job, so broken workflow YAML can never reach master again - Bump Java matrix from [17, 18] (18 is EOL) to [17, 21] (LTS) - Pin every action to a full commit SHA with a trailing version comment for supply chain safety; Dependabot keeps the SHA + comment in sync - Update all actions to current latest: checkout v6.0.2, cache v5.0.4, setup-java v5.2.0, cancel-workflow-action 0.13.1, release-drafter v7.2.0 (release-drafter v5 used Node 16 and could no longer run on GH runners) - Remove the broken publish_snapshot_github job from release.yml: it had a missing job dependency, a malformed shell command, and a YAML indentation error and could never have executed - Note in dependabot.yml that actions are SHA-pinned Build: - Bump Lombok 1.18.24 -> 1.18.34 to fix a JCImport.qualid NoSuchFieldError on JDK 17.0.7+ - Merge two duplicate maven-jar-plugin entries in pluginManagement: the second declaration silently dropped the 3.2.2 version pin and let Maven resolve to 3.4.1, which is stricter and rejected the redundant unclassified jar execution - Remove the redundant explicit jar goal binding (the default execution already binds it) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
'.* ' matched every dot-prefixed path — including .github/, .run/, .mvn/, and .gitignore itself. The only reason tracked files under those directories still worked was that git honours the index over ignore rules for existing files, but `git add` refused any new paths in them without -u/-f. Replace with explicit entries for what was actually intended to be ignored (.DS_Store, .claude/). The other dot-directory ignores (.idea/, .project, .classpath, .settings, .clover, .mtj.tmp/) were already listed explicitly above the removed '.*' line. Verified: git status --ignored is unchanged; .github/ and .run/ are no longer shadowed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The dependency was declared twice consecutively with identical groupId, artifactId, version (1.2.11), and scope (test). Maven emitted a warning about the non-unique declaration; removing the duplicate clears it. No runtime effect — Maven was resolving the same dependency either way. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Only flogger-slf4j-backend is actually consumed as a dependency in the tree (generator/pom.xml). The three other backends pinned in <dependencyManagement> — flogger-system-backend, flogger-maven-backend, and flogger-log4j2-backend — were never declared anywhere, so their pins did nothing. flogger-system-backend still resolves as a transitive dependency of flogger-slf4j-backend at the version that flogger itself requires, so removing the pin does not change what Maven resolves. Verified: mvn dependency:tree output for the generator module is identical before and after. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ports the check-dependencies.yml workflow from astubbs/parallel-consumer@dev/ci-tweak. Uses astubbs/dependencies-action (a fork of gregsdennis/dependencies-action with auto-unblocking of children when parents merge) to enforce any "depends on #N" references in PR descriptions. Action SHA-pinned, consistent with the rest of the workflow files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributors (human or agent) need to know that when opening a stacked PR, the description must include 'depends on #N' so the new check-dependencies workflow can gate the merge. Starts minimal; expand later to mirror more of a project rules file if useful. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
depends on #159
Summary
Small, independent cleanup commits plus one new CI workflow.
.gitignore: Replace the over-broad.*rule with explicit entries (.DS_Store,.claude/). The old rule was shadowing.github/,.run/,.mvn/, and.gitignoreitself —git add .github/...refused without-u/-f. The ignores it was actually used for (.idea/,.project,.classpath,.settings,.clover) were already listed explicitly above the removed line.generator/pom.xml. Maven had been warning about it.flogger-system-backend,flogger-maven-backend,flogger-log4j2-backendfrom parentpom.xml<dependencyManagement>. Onlyflogger-slf4j-backendis actually consumed anywhere.flogger-system-backendstill resolves transitively at the same version..github/workflows/check-dependencies.ymlrunningastubbs/dependencies-actionon PRs (same workflow used inastubbs/parallel-consumer@dev/ci-tweak). Enforcesdepends on #Nreferences in PR descriptions; parents unblock children when merged. Action SHA-pinned.Stacked on #159
This branch is merged with
dev-cc(PR #159) so the local build works. Once #159 lands, the merge commit collapses and this PR's diff against master will show only the four commits above.Test plan
git status --ignoredunchanged before/after the gitignore fixgit check-ignore .github/workflows/ci.ymlreturns nothing (no longer shadowed)mvn dependency:treeoutput unchanged for floggermvn clean installpasses all 5 modules locallyactionlintclean on the new workflow🤖 Generated with Claude Code