diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml index fa4cbc3354..9601967067 100644 --- a/.github/actions/run-gradle/action.yml +++ b/.github/actions/run-gradle/action.yml @@ -15,9 +15,9 @@ inputs: default: '21' required: false description: The GraalVM version - token: + cache-encryption-key: required: false - description: 'A Github PAT' + description: A Gradle cache encryption key attempt-limit: default: '1' required: false @@ -29,68 +29,53 @@ inputs: runs: using: composite steps: - - name: Prepare OpenJDK - if: inputs.java != 'GraalVM' - shell: bash - run: echo "JAVA_VERSION=${{ inputs.java }}" >> $GITHUB_ENV - - name: Prepare GraalVM - if: inputs.java == 'GraalVM' + - name: Read Gradle JDK toolchain version shell: bash run: | - echo "GRAALVM=true" >> $GITHUB_ENV - echo "JAVA_VERSION=${{ inputs.graal }}" >> $GITHUB_ENV - - name: Set up JDK ${{ inputs.java }} - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 - if: (inputs.early-access != inputs.java) && (inputs.java != 'GraalVM') + toolchainVersion=$(grep -oP '(?<=^toolchainVersion=).*' gradle/gradle-daemon-jvm.properties) + echo "toolchainVersion=${toolchainVersion}" >> $GITHUB_ENV + - name: Set up JDK ${{ env.toolchainVersion }} + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 with: - java-version: ${{ inputs.java }} + java-version: ${{ env.toolchainVersion }} distribution: temurin - - name: Set up JDK ${{ inputs.java }} - uses: oracle-actions/setup-java@2e744f723b003fdd759727d0ff654c8717024845 # v1.4.0 - if: (inputs.early-access == inputs.java) && (inputs.java != 'GraalVM') - with: - release: ${{ inputs.java }} - website: jdk.java.net - version: latest - - name: Set up GraalVM - uses: graalvm/setup-graalvm@22cc13fe88ef133134b3798e128fb208df55e1f5 # v1.2.3 - if: inputs.java == 'GraalVM' + - name: Prepare JDK toolchain + shell: bash + run: | + if [[ "${{ inputs.java }}" == "GraalVM" ]]; then + echo "JAVA_VENDOR=GraalVM Community" >> $GITHUB_ENV + echo "JAVA_VERSION=${{ inputs.graal }}" >> $GITHUB_ENV + else + echo "JAVA_VENDOR=Adoptium" >> $GITHUB_ENV + echo "JAVA_VERSION=${{ inputs.java }}" >> $GITHUB_ENV + fi + - name: Set up JDK + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 with: - distribution: 'graalvm' - github-token: ${{ inputs.token }} - java-version: ${{ env.JAVA_VERSION }} + java-version: ${{ + inputs.java == 'GraalVM' && inputs.graal || + (inputs.early-access == inputs.java && format('{0}-ea', inputs.java) || inputs.java) }} + distribution: ${{ inputs.java == 'GraalVM' && 'graalvm' || 'temurin' }} - name: Prepare JDK ${{ inputs.java }} shell: bash run: | + if [[ "${{ inputs.java }}" == "GraalVM" ]]; then + echo "GRAALVM_HOME=$JAVA_HOME" >> $GITHUB_ENV + fi echo "JDK_CI=$JAVA_HOME" >> $GITHUB_ENV echo "JDK_EA=${{ inputs.early-access == inputs.java }}" >> $GITHUB_ENV - - name: Read Gradle JDK toolchain version - id: read-jdk-version - shell: bash - run: | - toolchainVersion=$(grep -oP '(?<=^toolchainVersion=).*' gradle/gradle-daemon-jvm.properties) - echo "toolchainVersion=${toolchainVersion}" >> $GITHUB_ENV - - name: Set up JDK ${{ env.toolchainVersion }} - id: setup-gradle-jdk - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 - if: inputs.java != 'GraalVM' - with: - java-version: ${{ env.toolchainVersion }} - distribution: temurin - name: Setup Gradle - id: setup-gradle uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0 env: - JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }} ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false' with: add-job-summary: never cache-read-only: false gradle-home-cache-strict-match: true + cache-encryption-key: ${{ inputs.cache-encryption-key }} - name: Run ${{ inputs.arguments }} if: ${{ inputs.arguments != '' }} env: - JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }} ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false' shell: bash run: | diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 4cf4d84fa3..7c107ebf0a 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -14,7 +14,7 @@ jobs: allowed-endpoints: > api.github.com:443 github.com:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: actionlint uses: reviewdog/action-actionlint@12f7cb8c93ab327c99dec3a1d502c0f314978afd # v1.55.0 env: diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 71e560838b..b22fa8c1d4 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -31,12 +31,13 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Forbidden Apis uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} arguments: forbiddenApis -DforbiddenApis + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} pmd: runs-on: ubuntu-latest @@ -49,11 +50,12 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Pmd uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: pmdJavaPoet pmdMain pmdCodeGen pmdJmh pmdTest -Dpmd spotbugs: @@ -67,10 +69,11 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Spotbugs uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > spotbugsJavaPoet spotbugsMain spotbugsCodeGen spotbugsJmh spotbugsTest -Dspotbugs diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 18bd31a682..a46ef19a51 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -39,12 +39,12 @@ jobs: raw.githubusercontent.com:443 services.gradle.org:443 www.graalvm.org:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Compute JMH Benchmark uses: ./.github/actions/run-gradle with: java: ${{ matrix.java }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > caffeine:jmh --no-daemon -q -PincludePattern=ComputeBenchmark @@ -66,7 +66,7 @@ jobs: uses: ./.github/actions/run-gradle with: java: ${{ matrix.java }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > caffeine:jmh --no-daemon -q -PincludePattern=GetPutBenchmark @@ -88,7 +88,7 @@ jobs: uses: ./.github/actions/run-gradle with: java: ${{ matrix.java }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > caffeine:jmh --no-daemon -q -PincludePattern=PutRemoveBenchmark @@ -97,7 +97,7 @@ jobs: uses: ./.github/actions/run-gradle with: java: ${{ matrix.java }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > caffeine:jmh --no-daemon -q -PincludePattern=FrequencySketchBenchmark @@ -106,7 +106,7 @@ jobs: uses: ./.github/actions/run-gradle with: java: ${{ matrix.java }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: caffeine:jmh --no-daemon -q -PincludePattern=TimerWheelBenchmark - name: Publish JMH benchmarks if: > diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7e28c4b67d..7d063ee801 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,7 +39,6 @@ env: schemastore.org:443 www.graalvm.org:443 PUBLISH_JDK: 11 - EA_JDK: 24 jobs: compile: @@ -59,18 +58,13 @@ jobs: egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Prepare GraalVM - if: env.JAVA_VERSION == 'GraalVM' - shell: bash - run: echo "GRADLE_ARGS=--no-build-cache" >> $GITHUB_ENV + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Compile uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} - early-access: ${{ env.EA_JDK }} - token: ${{ secrets.GITHUB_TOKEN }} arguments: check -x test ${{ env.GRADLE_ARGS }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Cancel if failed uses: andymckay/cancel-action@a955d435292c0d409d104b57d8e78435a93a6ef1 # 0.5 continue-on-error: true @@ -176,13 +170,13 @@ jobs: egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run tests (${{ env.JAVA_VERSION }}) uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} arguments: ${{ matrix.suite }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Format Test Artifact Name if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) run: | @@ -233,7 +227,7 @@ jobs: storage.googleapis.com:443 uploader.codecov.io:443 - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - name: Download Tests Results @@ -245,6 +239,7 @@ jobs: with: arguments: check -x test java: ${{ env.PUBLISH_JDK }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Publish to Coveralls uses: ./.github/actions/run-gradle env: @@ -252,6 +247,7 @@ jobs: with: arguments: coveralls java: ${{ env.PUBLISH_JDK }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} continue-on-error: true - name: Publish to Codecov uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 @@ -277,6 +273,7 @@ jobs: with: java: ${{ env.PUBLISH_JDK }} arguments: sonar -Dsonar.branch.name=${GITHUB_REF##*/} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} continue-on-error: true test-results: @@ -351,7 +348,7 @@ jobs: errorprone.info:443 lightbend.github.io:443 guava.dev:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Publish Snapshot uses: ./.github/actions/run-gradle env: @@ -364,5 +361,5 @@ jobs: attempt-limit: 3 attempt-delay: 2 java: ${{ env.PUBLISH_JDK }} - token: ${{ secrets.GITHUB_TOKEN }} arguments: publishToSonatype --no-configuration-cache + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index aed0389695..d88345c211 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -29,7 +29,7 @@ jobs: registry-1.docker.io:443 *.blob.core.windows.net:443 - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run Codacy Analysis uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e # v4.4.5 continue-on-error: true @@ -47,7 +47,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f2e8deabef..f16012f507 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,17 +50,17 @@ jobs: uploads.github.com:443 services.gradle.org:443 - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Gradle uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Initialize CodeQL - uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: languages: java - name: Autobuild - uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 0e8f9d2291..fe1540b80c 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -45,7 +45,7 @@ jobs: raw.githubusercontent.com:443 services.gradle.org:443 www.cisa.gov:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run dependency-check uses: ./.github/actions/run-gradle continue-on-error: true @@ -53,6 +53,7 @@ jobs: NVD_API_KEY: ${{ secrets.NVD_API_KEY }} with: java: ${{ env.JAVA_VERSION }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: dependencyCheckAggregate --no-configuration-cache - name: Check file existence id: check_files @@ -60,7 +61,7 @@ jobs: with: files: build/reports/dependency-check-report.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: build/reports/dependency-check-report.sarif diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6eff859f88..fec6438191 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -19,7 +19,7 @@ jobs: api.github.com:443 github.com:443 - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Dependency Review uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 with: diff --git a/.github/workflows/dependency-submission-pr-submit.yml b/.github/workflows/dependency-submission-pr-submit.yml index 38c83ca6f4..63813a8e74 100644 --- a/.github/workflows/dependency-submission-pr-submit.yml +++ b/.github/workflows/dependency-submission-pr-submit.yml @@ -31,9 +31,9 @@ jobs: repo.maven.apache.org:443 repo1.maven.org:443 services.gradle.org:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 with: java-version: ${{ env.JAVA_VERSION }} distribution: temurin diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index aa680e5802..ebb0688e25 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -31,9 +31,9 @@ jobs: repo.maven.apache.org:443 repo1.maven.org:443 services.gradle.org:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 with: java-version: ${{ env.JAVA_VERSION }} distribution: temurin diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 2754fa9d33..d70d969b3e 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -27,10 +27,10 @@ jobs: api.github.com:443 github.com:443 - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index 16c788a024..75daa26dcb 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -32,17 +32,12 @@ jobs: repo1.maven.org:443 services.gradle.org:443 www.graalvm.org:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 - with: - java-version: ${{ env.JAVA_VERSION }} - distribution: temurin + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Gradle - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0 + uses: ./.github/actions/run-gradle with: - add-job-summary: never - cache-read-only: false + java: ${{ env.JAVA_VERSION }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Simulator run: > ./gradlew simulator:run @@ -95,15 +90,15 @@ jobs: SNAPSHOT: true with: java: GraalVM - token: ${{ secrets.GITHUB_TOKEN }} arguments: -q caffeine:clean caffeine:jar + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Graal Native Image uses: ./.github/actions/run-gradle env: SNAPSHOT: true with: java: GraalVM - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > --project-dir examples/graal-native -Pagent run diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index d99328a0a6..8359b8a832 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -23,7 +23,7 @@ jobs: egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - name: Run gitleaks diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 44f055c95c..c416f743ec 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -17,5 +17,5 @@ jobs: downloads.gradle-dn.com:443 github.com:443 services.gradle.org:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0 diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml index 1e0f374a96..245fe4267a 100644 --- a/.github/workflows/qodana.yml +++ b/.github/workflows/qodana.yml @@ -55,11 +55,12 @@ jobs: resources.jetbrains.com:443 services.gradle.org:443 - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Build uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: build -x test - name: Qodana - Code Inspection uses: JetBrains/qodana-action@84494be4d1a2f64ec1c4bfdf475406e246e34672 # v2024.2.3 @@ -68,6 +69,6 @@ jobs: with: upload-result: true - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bc95d9f501..72aa6657f3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: with: disable-sudo: true egress-policy: audit - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Releasing uses: ./.github/actions/run-gradle env: @@ -29,7 +29,7 @@ jobs: ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} with: java: ${{ env.JAVA_VERSION }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} arguments: > publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease --no-configuration-cache diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 30aa7d86d7..163739b7ea 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -41,7 +41,7 @@ jobs: tuf-repo-cdn.sigstore.dev:443 www.bestpractices.dev:443 - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false - name: Run analysis @@ -58,6 +58,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index c9f09367c3..eac22e6620 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -17,7 +17,7 @@ jobs: # Incompatible with Harden Runner image: returntocorp/semgrep steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - run: semgrep scan --sarif --output=results.sarif env: SEMGREP_RULES: >- @@ -34,7 +34,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 7fd9bba606..f4cf93684e 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -25,12 +25,12 @@ jobs: if: github.event.repository.fork == false steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Gradle uses: ./.github/actions/run-gradle with: java: ${{ env.JAVA_VERSION }} - token: ${{ secrets.GITHUB_TOKEN }} + cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Run Snyk test env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -42,7 +42,7 @@ jobs: with: files: snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: snyk.sarif diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 6709a8c08c..55163d0aa7 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -14,7 +14,7 @@ jobs: allowed-endpoints: > api.github.com:443 github.com:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Misspell uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0 with: @@ -32,6 +32,6 @@ jobs: allowed-endpoints: > github.com:443 objects.githubusercontent.com:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Typos uses: crate-ci/typos@8e6a4285bcbde632c5d79900a7779746e8b7ea3f # v1.24.6 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a12433183f..25d22e822f 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -21,7 +21,7 @@ jobs: ghcr.io:443 github.com:443 pkg-containers.githubusercontent.com:443 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: @@ -29,6 +29,6 @@ jobs: format: sarif output: trivy-results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: trivy-results.sarif diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java index 68f284b727..10f96afc53 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java @@ -63,6 +63,8 @@ public static void destroy(Cache cache) { destroyTimerWheel(bounded); } bounded.data.clear(); + bounded.writeBuffer.clear(); + bounded.readBuffer.drainTo(e -> {}); } finally { bounded.evictionLock.unlock(); } diff --git a/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml b/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml index c6043dc889..809277ef2a 100644 --- a/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml +++ b/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml @@ -1,6 +1,6 @@ [versions] caffeine = "3.1.8" -junit = "5.11.0" +junit = "5.11.1" reactor = "3.6.10" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties +++ b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/graal-native/gradle/libs.versions.toml b/examples/graal-native/gradle/libs.versions.toml index c2fe793a94..4a6e3a6ffa 100644 --- a/examples/graal-native/gradle/libs.versions.toml +++ b/examples/graal-native/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] caffeine = "3.1.8" -graal = "0.10.2" -junit = "5.11.0" +graal = "0.10.3" +junit = "5.11.1" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties +++ b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/hibernate/gradle/libs.versions.toml b/examples/hibernate/gradle/libs.versions.toml index ff37340020..422731d2e7 100644 --- a/examples/hibernate/gradle/libs.versions.toml +++ b/examples/hibernate/gradle/libs.versions.toml @@ -2,7 +2,7 @@ caffeine = "3.1.8" h2 = "2.3.232" hibernate = "7.0.0.Beta1" -junit = "5.11.0" +junit = "5.11.1" log4j2 = "3.0.0-beta2" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties +++ b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/indexable/gradle/libs.versions.toml b/examples/indexable/gradle/libs.versions.toml index baba3f29aa..62f948c22b 100644 --- a/examples/indexable/gradle/libs.versions.toml +++ b/examples/indexable/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] caffeine = "3.1.8" -guava = "33.3.0-jre" -junit-jupiter = "5.11.0" +guava = "33.3.1-jre" +junit-jupiter = "5.11.1" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/indexable/gradle/wrapper/gradle-wrapper.properties b/examples/indexable/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/examples/indexable/gradle/wrapper/gradle-wrapper.properties +++ b/examples/indexable/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/resilience-failsafe/gradle/libs.versions.toml b/examples/resilience-failsafe/gradle/libs.versions.toml index 1c64d3ce49..8f9ae030fa 100644 --- a/examples/resilience-failsafe/gradle/libs.versions.toml +++ b/examples/resilience-failsafe/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] caffeine = "3.1.8" failsafe = "3.3.2" -junit = "5.11.0" +junit = "5.11.1" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties +++ b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/write-behind-rxjava/gradle/libs.versions.toml b/examples/write-behind-rxjava/gradle/libs.versions.toml index 3cf48d697f..ebb51c9f38 100644 --- a/examples/write-behind-rxjava/gradle/libs.versions.toml +++ b/examples/write-behind-rxjava/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] awaitility = "4.2.2" caffeine = "3.1.8" -junit = "5.11.0" +junit = "5.11.1" rxjava = "3.1.9" versions = "0.51.0" diff --git a/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties b/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties +++ b/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/gradle/config/spotbugs/exclude.xml b/gradle/config/spotbugs/exclude.xml index a0e6893371..8beeaabeb2 100644 --- a/gradle/config/spotbugs/exclude.xml +++ b/gradle/config/spotbugs/exclude.xml @@ -8,6 +8,7 @@ ACEM_ABSTRACT_CLASS_EMPTY_METHODS, AI_ANNOTATION_ISSUES_NEEDS_NULLABLE, AOM_ABSTRACT_OVERRIDDEN_METHOD, + BAS_BLOATED_ASSIGNMENT_SCOPE, BL_BURYING_LOGIC, CE_CLASS_ENVY, CFS_CONFUSING_FUNCTION_SEMANTICS, diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 2d575350b9..6ec9d3fae6 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -34,15 +34,15 @@ findsecbugs = "1.13.0" flip-tables = "1.1.1" forbidden-apis = "3.7" google-java-format = "1.23.0" -guava = "33.3.0-jre" +guava = "33.3.1-jre" guice = "6.0.0" h2 = "2.3.232" hamcrest = "3.0" hazelcast = "5.3.7" httpclient = "4.5.14" -idea = "1.1.8" +idea = "1.1.9" jackrabbit = "1.68.0" -jackson = "2.17.2" +jackson = "2.18.0" jacoco = "0.8.12" jakarta-inject = "2.0.1" jamm = "0.4.0" @@ -62,11 +62,11 @@ json-bind = "1.0" jsoup = "1.18.1" junit-testng = "1.0.5" junit4 = "4.13.2" -junit5 = "5.11.0" +junit5 = "5.11.1" jvm-dependency-conflict-resolution = "2.1.2" kotlin = "2.0.20" lincheck = "2.34" -mockito = "5.13.0" +mockito = "5.14.0" nexus-publish = "2.0.0" nullaway = "0.11.3" nullaway-plugin = "2.0.0" @@ -78,15 +78,15 @@ osgi-promise = "1.3.0" pax-exam = "4.13.5" pax-url = "2.6.14" picocli = "4.7.6" -pmd = "7.5.0" +pmd = "7.6.0" protobuf = "4.28.2" slf4j = "2.0.16" slf4j-test = "3.0.1" snakeyaml = "2.3" sonarqube = "5.1.0.4882" spotbugs = "4.8.6" -spotbugs-contrib = "7.6.4" -spotbugs-plugin = "6.0.22" +spotbugs-contrib = "7.6.5" +spotbugs-plugin = "6.0.23" stream = "2.9.8" tcache = "2.0.1" testng = "7.10.2" @@ -96,7 +96,7 @@ versions = "0.51.0" xz = "1.10" ycsb = "0.17.0" zero-allocation-hashing = "0.26ea0" -zstd = "1.5.6-5" +zstd = "1.5.6-6" [libraries] asm-bom = { module = "org.ow2.asm:asm-bom", version.ref = "asm" } diff --git a/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts index 667f0a4f6b..c3bb36a467 100644 --- a/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts +++ b/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts @@ -19,16 +19,21 @@ dependencies { } val javaVersion = JavaLanguageVersion.of(System.getenv("JAVA_VERSION")?.toIntOrNull() ?: 11) -java.toolchain.languageVersion = javaVersion +val javaVendor = System.getenv("JAVA_VENDOR")?.let { JvmVendorSpec.matching(it) } +java.toolchain { + languageVersion = javaVersion + vendor = javaVendor +} tasks.withType().configureEach { + inputs.property("javaVendor", javaVendor.toString()) sourceCompatibility = javaVersion.toString() targetCompatibility = javaVersion.toString() options.release = javaVersion.asInt() javaCompiler = javaToolchains.compilerFor { // jdk 17+ is required by compiler plugins, e.g. error-prone - languageVersion = maxOf(javaVersion, JavaLanguageVersion.of(17)) + languageVersion = maxOf(javaVersion, JavaLanguageVersion.of(21)) } options.compilerArgs.addAll(listOf("-Xlint:all", "-Xlint:-auxiliaryclass", "-Xlint:-classfile", diff --git a/gradle/plugins/src/main/kotlin/lifecycle/testing.caffeine.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/testing.caffeine.gradle.kts index 23f26299c2..4aeac33486 100644 --- a/gradle/plugins/src/main/kotlin/lifecycle/testing.caffeine.gradle.kts +++ b/gradle/plugins/src/main/kotlin/lifecycle/testing.caffeine.gradle.kts @@ -28,6 +28,8 @@ dependencies { } tasks.withType().configureEach { + inputs.property("javaVendor", java.toolchain.vendor.get().toString()) + jvmArgs("-XX:SoftRefLRUPolicyMSPerMB=0", "-XX:+EnableDynamicAgentLoading", "-Xshare:off") if ("debug" in systemProperties) { jvmArgs("-Xdebug", "-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005") diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index f037e24c87..f17c972096 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME