merge

.github/dependabot.yml

@@ -0,0 +1,27 @@
+version: 2
+updates:
+- package-ecosystem: maven
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: org.sonarsource.parent:parent
+    versions:
+    - "55"
+    - 57.0.19
+  - dependency-name: net.sourceforge.pmd:pmd-java
+    versions:
+    - 6.32.0
+    - 6.33.0
+  - dependency-name: org.sonarsource.java:java-frontend
+    versions:
+    - 6.11.0.24617
+    - 6.14.0.25463
+  - dependency-name: org.sonarsource.orchestrator:sonar-orchestrator
+    versions:
+    - 3.35.0.2707
+  - dependency-name: org.sonarsource.sonarqube:sonar-plugin-api
+    versions:
+    - 8.6.1.40680

.github/workflows/build.yml

@@ -0,0 +1,112 @@
+name: Build and test
+
+on:
+  push:
+    paths-ignore:
+      - '.github/**'
+      - '**/*.md'
+    tags-ignore:
+      - '**'
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  workflow_dispatch:
+    inputs:
+      skipTests:
+        description: "Skip unit tests?"
+        required: true
+        default: false
+        type: boolean
+      deploySnapshot:
+        description: "Deploy snapshot to Maven Central?"
+        required: true
+        default: false
+        type: boolean
+      runIntegrationTests:
+        description: "Run integration tests?"
+        required: true
+        default: false
+        type: boolean
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    env:
+      # Respect manual input for skipping unit tests (no effect for push/PR where inputs are empty)
+      SKIP_TESTS: ${{ github.event.inputs.skipTests }}
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Set Release version env variable
+        run: |
+          echo "TAG_NAME=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
+
+      - name: Set branch name env variable
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            BRANCH_NAME="${{ github.head_ref }}"
+          else
+            BRANCH_NAME="${GITHUB_REF#refs/heads/}"
+          fi
+
+          if [ "$BRANCH_NAME" = "master" ]; then
+            echo "ARTIFACT_SUFFIX=" >> $GITHUB_ENV
+          else
+            # Sanitize branch name by replacing invalid characters with dashes
+            SANITIZED_BRANCH=$(echo "$BRANCH_NAME" | sed 's/[\/\\:*?"<>|]/-/g')
+            echo "ARTIFACT_SUFFIX=-$SANITIZED_BRANCH" >> $GITHUB_ENV
+          fi
+
+      # only build SNAPSHOTS, use release for tagged releases
+      - name: Check if tag contains SNAPSHOT
+        if: contains(env.TAG_NAME, 'SNAPSHOT') != true
+        run: |
+          echo "Tag '$TAG_NAME' does not contain 'SNAPSHOT', failing build."
+          exit 1
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'zulu'
+          java-version: 17
+          cache: 'maven'
+          server-id: central
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+          gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}
+
+      - name: Build package with maven
+        run: |
+          ./mvnw --batch-mode $(if [ "$SKIP_TESTS" = "true" ]; then echo "-DskipTests"; fi) clean package
+
+      - name: Run integration tests (manual trigger only)
+        if: github.event_name == 'workflow_dispatch' && github.event.inputs.runIntegrationTests == 'true'
+        run: |
+          ./mvnw --batch-mode -pl integration-test -am clean verify
+
+      - name: Deploy SNAPSHOT to maven central
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploySnapshot == 'true')
+        env:
+          MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSWORD }}
+        run: |
+          ./mvnw --batch-mode $(if [ "$SKIP_TESTS" = "true" ]; then echo "-DskipTests"; fi) clean deploy
+
+      - name: Upload sonar-pmd-plugin jar
+        uses: actions/upload-artifact@v4
+        with:
+          name: sonar-pmd-plugin-${{ env.TAG_NAME }}${{ env.ARTIFACT_SUFFIX }}
+          path: sonar-pmd-plugin/target/sonar-pmd-plugin-*.jar
+
+      - name: Upload sonar-pmd-lib jar
+        uses: actions/upload-artifact@v4
+        with:
+          name: sonar-pmd-lib-${{ env.TAG_NAME }}${{ env.ARTIFACT_SUFFIX }}
+          path: sonar-pmd-lib/target/sonar-pmd-lib-*.jar

.github/workflows/release.yml

@@ -0,0 +1,49 @@
+name: Release to Maven Central
+run-name: Build ${{ github.ref_name }} by @${{ github.actor }}
+
+on:
+  release:
+    types: [ published ]
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Set Release version env variable
+        run: |
+          echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+      # if no tag exists, this is expected to fail
+      - name: Switch to git tag for release
+        run: |
+          git fetch --all --tags -f
+          git checkout tags/${{ env.TAG_NAME }} -b ${{ env.TAG_NAME }}-tmp-branch
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'zulu'
+          java-version: 17
+          cache: 'maven'
+          server-id: central
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+          gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}
+
+      - name: Deploy
+        env:
+          MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSWORD }}
+        run: |
+          ./mvnw --batch-mode -Drevision=${{ env.TAG_NAME }} -P release clean deploy
+

.gitignore

@@ -27,3 +27,5 @@ Thumbs.db
 # Folder config file
 Desktop.ini
 .java-version
+
+.flattened-pom.xml

.mvn/maven.config

@@ -0,0 +1 @@
+-Drevision=4.2.0-SNAPSHOT

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip