diff --git a/.asf.yaml b/.asf.yaml
index 106f10cc..4320b908 100644
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -14,7 +14,7 @@ github:
- JCR
- SLING
- FELIX
- dependabot_alerts: true
+ dependabot_alerts: false
dependabot_updates: false
protected_branches:
master: {}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..85ef387f
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,120 @@
+# ~ Licensed to the Apache Software Foundation (ASF) under one
+# ~ or more contributor license agreements. See the NOTICE file
+# ~ distributed with this work for additional information
+# ~ regarding copyright ownership. The ASF licenses this file
+# ~ to you under the Apache License, Version 2.0 (the
+# ~ "License"); you may not use this file except in compliance
+# ~ with the License. You may obtain a copy of the License at
+# ~
+# ~ http://www.apache.org/licenses/LICENSE-2.0
+# ~
+# ~ Unless required by applicable law or agreed to in writing,
+# ~ software distributed under the License is distributed on an
+# ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# ~ KIND, either express or implied. See the License for the
+# ~ specific language governing permissions and limitations
+# ~ under the License.
+
+name: Build
+on:
+ push:
+ branches:
+ - master
+ pull_request:
+ types: [opened, synchronize, reopened]
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+jobs:
+ build:
+ name: ${{ matrix.namePrefix }} Maven build (${{ matrix.os }}, JDK ${{ matrix.jdk }})
+ strategy:
+ matrix:
+ os: [ubuntu-latest, windows-latest, macOS-latest]
+ jdk: [17, 21, 25]
+ include:
+ # lengthy build steps should only be performed on linux with Java 21 (deployment)
+ - os: ubuntu-latest
+ jdk: 21
+ isMainBuildEnv: true
+ namePrefix: 'Main '
+ fail-fast: true
+ runs-on: ${{ matrix.os }}
+ steps:
+ - name: Git clone
+ uses: actions/checkout@v6
+ - name: Set up JDK
+ uses: actions/setup-java@v5
+ with:
+ distribution: 'temurin'
+ java-version: ${{ matrix.jdk }}
+ cache: maven
+ server-id: apache.snapshots.https # Value of the distributionManagement/repository/id field of the pom.xml
+ server-username: MAVEN_APACHE_NEXUS_USERNAME # env variable for username in deploy
+ server-password: MAVEN_APACHE_NEXUS_PASSWORD # env variable for token in deploy
+ # sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+ - name: Set environment variables
+ shell: bash
+ run: |
+ if [ "${{github.ref}}" = "refs/heads/master" ] && [ "${{github.event_name}}" = "push" ] && [ "${{github.repository_owner}}" = "apache" ] && [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
+ echo 'Running on main branch of the canonical repo'
+ echo "MVN_ADDITIONAL_OPTS=-DdeployAtEnd=true -Pdependency-check -DnvdApiKeyEnvironmentVariable=NIST_NVD_API_KEY" >> $GITHUB_ENV
+ echo "MVN_GOAL=deploy" >> $GITHUB_ENV
+ echo "MAVEN_APACHE_NEXUS_USERNAME=${{ secrets.NEXUS_USER }}" >> $GITHUB_ENV
+ echo "MAVEN_APACHE_NEXUS_PASSWORD=${{ secrets.NEXUS_PW }}" >> $GITHUB_ENV
+ echo "NIST_NVD_API_KEY=${{ secrets.NIST_NVD_API_KEY }}" >> $GITHUB_ENV
+ else
+ echo 'Running outside main branch/canonical repo'
+ if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
+ echo "MVN_ADDITIONAL_OPTS=-Pdependency-check -DnvdApiKeyEnvironmentVariable=NIST_NVD_API_KEY" >> $GITHUB_ENV
+ else
+ echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV
+ fi
+ echo "MVN_GOAL=install site" >> $GITHUB_ENV
+ fi
+ - name: Build
+ shell: bash
+ # executing ITs requires installing artifacts to the local repository
+ run: mvn -B ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} -Pjacoco-report -Dlogback.configurationFile=vault-core/src/test/resources/logback-only-errors.xml
+ - name: Upload build result
+ uses: actions/upload-artifact@v7
+ with:
+ name: compiled-classes-and-coverage
+ # compare with https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/languages/java/#java-analysis-and-bytecode
+ path: |
+ **/target/**/*.class
+ **/target/site/jacoco*/*.xml
+
+ # execute analysis in a separate job for better visualization and usage of matrix builds
+ # https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/#invoking-the-goal
+ sonar:
+ name: SonarQube Analysis
+ runs-on: ubuntu-latest
+ needs: build
+ # not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request
+ if: ${{ github.repository == 'apache/jackrabbit-filevault' }}
+ steps:
+ - uses: actions/checkout@v6
+ with:
+ fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+ - name: Set up JDK
+ uses: actions/setup-java@v5
+ with:
+ java-version: 21
+ distribution: temurin
+ cache: maven
+ - name: Download compiled classes
+ uses: actions/download-artifact@v8
+ with:
+ name: compiled-classes-and-coverage
+ - name: Cache SonarQube packages
+ uses: actions/cache@v5
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+ restore-keys: ${{ runner.os }}-sonar
+ - name: Analyze with SonarQube
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+ SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
+ run: mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:5.6.0.6792:sonar -Dsonar.projectKey=apache_jackrabbit-filevault -Dsonar.organization=apache -Dsonar.scanner.skipJreProvisioning=true
\ No newline at end of file
diff --git a/parent/pom.xml b/parent/pom.xml
index 3934d2be..6b27ae76 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -85,8 +85,8 @@ Apache Jackrabbit FileVault is a project of the Apache Software Foundation.
- Jenkins
- https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/activity
+ github
+ https://github.com/apache/jackrabbit-filevault/actions/workflows/build.yml