diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b76b895..1680201 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,3 +8,5 @@ updates:
directory: "/"
schedule:
interval: "daily"
+ # Actions are pinned to SHAs for supply chain security; Dependabot
+ # updates the SHA and the trailing version comment together.
diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml
new file mode 100644
index 0000000..3cc9f5b
--- /dev/null
+++ b/.github/workflows/check-dependencies.yml
@@ -0,0 +1,22 @@
+name: PR Dependency Check
+
+on:
+ pull_request_target:
+ types: [opened, edited, closed, reopened]
+
+permissions:
+ issues: read
+ pull-requests: read
+ checks: write
+
+jobs:
+ check_dependencies:
+ runs-on: ubuntu-latest
+ name: Check Dependencies
+ steps:
+ # astubbs/dependencies-action is a fork of gregsdennis/dependencies-action
+ # with the feat/auto-unblock-children-on-merge branch (parent PRs unblock
+ # children when merged). SHA pin references that branch tip.
+ - uses: astubbs/dependencies-action@a09974c14e84fb3e4c0df10c04f17bdc6ccc8878 # feat/auto-unblock-children-on-merge
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e355ff9..9b3bccf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,29 +9,39 @@ on:
- master
jobs:
+ actionlint:
+ name: 'Lint workflows'
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Check out repository'
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ - name: 'Run actionlint'
+ uses: raven-actions/actionlint@205b530c5d9fa8f44ae9ed59f341a0db994aa6f8 # v2.1.2
+
test:
name: "JDK ${{ matrix.java }}"
+ needs: actionlint
strategy:
matrix:
- java: [ 17, 18 ]
+ java: [ 17, 21 ]
runs-on: ubuntu-latest
steps:
# Cancel any previous runs for the same branch that are still running.
- name: 'Cancel previous runs'
- uses: styfle/cancel-workflow-action@0.10.0
+ uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1
with:
access_token: ${{ github.token }}
- name: 'Check out repository'
- uses: actions/checkout@v3
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: 'Cache local Maven repository'
- uses: actions/cache@v3
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
maven-${{ hashFiles('**/pom.xml') }}
- name: 'Set up JDK ${{ matrix.java }}'
- uses: actions/setup-java@v3
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
@@ -49,9 +59,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Check out repository'
- uses: actions/checkout@v3
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: 'Cache local Maven repository'
- uses: actions/cache@v3
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('**/pom.xml') }}
@@ -59,7 +69,7 @@ jobs:
maven-
# setup maven settings.xml
- name: 'Set up Maven settings.xml for Package Cloud'
- uses: actions/setup-java@v3
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: 17
distribution: 'zulu'
@@ -78,9 +88,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Check out repository'
- uses: actions/checkout@v3
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: 'Cache local Maven repository'
- uses: actions/cache@v3
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('**/pom.xml') }}
@@ -88,7 +98,7 @@ jobs:
maven-
# setup maven settings.xml
- name: 'Set up Maven settings.xml for GitHub'
- uses: actions/setup-java@v3
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: 17
distribution: 'zulu'
@@ -108,16 +118,16 @@ jobs:
# runs-on: ubuntu-latest
# steps:
# - name: 'Check out repository'
-# uses: actions/checkout@v3
+# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# - name: 'Cache local Maven repository'
-# uses: actions/cache@v3
+# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
# with:
# path: ~/.m2/repository
# key: maven-${{ hashFiles('**/pom.xml') }}
# restore-keys: |
# maven-
# - name: 'Set up JDK 11'
-# uses: actions/setup-java@v3
+# uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
# with:
# java-version: 11
# distribution: 'zulu'
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index d96e856..a5dce24 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -2,13 +2,8 @@ name: Release Drafter
on:
push:
- # branches to consider in the event; optional, defaults to all
branches:
- master
- # pull_request event is required only for autolabeler
- pull_request:
- # Only following types are handled by the action, but one can default to all as well
- types: [opened, reopened, synchronize]
jobs:
update_release_draft:
@@ -20,7 +15,7 @@ jobs:
# echo "GHE_HOST=${GITHUB_SERVER_URL##https:\/\/}" >> $GITHUB_ENV
# Drafts your next Release notes as Pull Requests are merged into "master"
- - uses: release-drafter/release-drafter@v5
+ - uses: release-drafter/release-drafter@5de93583980a40bd78603b6dfdcda5b4df377b32 # v7.2.0
# (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
# with:
# config-name: my-config.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 763f20f..7d62437 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,12 +21,12 @@ jobs:
steps:
- name: Checkout Source Code
- uses: actions/checkout@v2
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# with:
# ref: ${{ github.event.inputs.branch }}
- name: Cache local Maven repository
- uses: actions/cache@v2
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -34,7 +34,7 @@ jobs:
${{ runner.os }}-maven-
- name: Set up JDK
- uses: actions/setup-java@v3
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: 17
distribution: zulu
@@ -63,24 +63,3 @@ jobs:
access-token: ${{ secrets.GITHUB_TOKEN }} # https
# ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} # ssh - not used
-
- # https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven
- publish_snapshot_github:
- name: 'Publish snapshot to GitHub Packages'
- needs: test
- if: github.event_name == 'push' && github.repository == 'astubbs/truth-generator'
- runs-on: ubuntu-latest
- steps:
- - run: |
- releaseVersion=grep scm.tag= | cut -d= -f2
- echo $releaseVersion
- - name: 'Check out repository'
- uses: actions/checkout@v3
- with:
- ref: ${{ releaseVersion }}
- - name: Publish package
- run: mvn --batch-mode deploy -DskipTests=true -Pgithub-deploy -P!package-cloud-deploy
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # As settings.xml gets merged by the tool, we have to include bindings to all variables present - as added above
- PACKAGE_CLOUD_TOKEN: ${{ secrets.PACKAGE_CLOUD_TOKEN }}
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 34a0ea7..a32cce5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,7 +30,12 @@ target
.classpath
.settings
.clover
-.*
+
+# macOS
+.DS_Store
+
+# Claude Code local worktrees
+.claude/
*.iml
*.ipr
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..8f05c6f
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,5 @@
+# Project Rules
+
+## Pull Requests
+
+- **When creating a stacked PR, include `depends on #N` in the PR description** (where `#N` is the parent PR it stacks on). This makes the PR dependency gating action (`.github/workflows/check-dependencies.yml`) block the child from merging until the parent is merged. One `depends on` line per parent dependency. Keep the list up to date if the chain changes.
diff --git a/generator/pom.xml b/generator/pom.xml
index c8b25e1..7455a77 100644
--- a/generator/pom.xml
+++ b/generator/pom.xml
@@ -112,12 +112,6 @@
1.2.11
test
-
- ch.qos.logback
- logback-classic
- 1.2.11
- test
-
diff --git a/pom.xml b/pom.xml
index 5e7b0e4..dd2d5d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -233,25 +233,10 @@
flogger-slf4j-backend
${flogger.version}
-
- com.google.flogger
- flogger-system-backend
- ${flogger.version}
-
-
- com.google.flogger
- flogger-maven-backend
- ${flogger.version}
-
-
- com.google.flogger
- flogger-log4j2-backend
- ${flogger.version}
-
org.projectlombok
lombok
- 1.18.24
+ 1.18.34
uk.co.jemos.podam
@@ -287,16 +272,6 @@
17
-
- maven-jar-plugin
-
-
-
- jar
-
-
-
-
org.apache.maven.plugins
maven-surefire-plugin
@@ -323,6 +298,14 @@
maven-jar-plugin
3.2.2
+
+
+ default-test-jar
+
+ test-jar
+
+
+
org.apache.maven.plugins
@@ -379,16 +362,6 @@
@{project.version}
-
- maven-jar-plugin
-
-
-
- test-jar
-
-
-
-