Merge branch 'main' into O363-CVE

Author: melloware

.github/workflows/build.yml

@@ -0,0 +1,30 @@
+name: Build
+
+on:
+  push:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        java: [ '11', '17', '21', '25' ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Java
+        uses: actions/setup-java@v5
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: 'zulu'
+          cache: maven
+
+      - name: Build
+        run: ./mvnw -ntp -B verify

.github/workflows/codeql.yml

@@ -40,7 +40,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v6
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/maven.yml

@@ -0,0 +1,81 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g. 1.0.0)'
+        required: true
+        type: string
+      next_version:
+        description: 'Next development version (e.g. 1.0.1-SNAPSHOT)'
+        required: true
+        type: string
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK
+        uses: actions/setup-java@v5
+        with:
+          distribution: zulu
+          java-version: 11
+          cache: maven
+
+      - name: Set version
+        run: |
+          # Configure git for any operations
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "actions@github.com"
+          
+          # Check if we already have the release commit
+          if git log --oneline -10 | grep -q "Release version ${{ github.event.inputs.version }}"; then
+            echo "Release commit already exists, skipping version setting"
+          elif [ "$CURRENT_VERSION" != "${{ github.event.inputs.version }}" ]; then
+            echo "Setting version to ${{ github.event.inputs.version }}"
+            mvn versions:set -DgenerateBackupPoms=false -DnewVersion=${{ github.event.inputs.version }}
+            git add pom.xml "**/pom.xml"
+            git commit -m "Release version ${{ github.event.inputs.version }}"
+            git push origin main
+          else
+            echo "Version is already set to ${{ github.event.inputs.version }}"
+          fi
+
+      - name: Build
+        run: ./mvnw -Ppublication
+
+      - name: Release
+        env:
+          JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          JRELEASER_MAVENCENTRAL_SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          JRELEASER_MAVENCENTRAL_SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
+        run: ./mvnw -N -Ppublication jreleaser:full-release
+
+      - name: Set next version
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          # Configure git (in case it's needed again)
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "actions@github.com"
+          
+          echo "Setting next version to ${{ github.event.inputs.next_version }}"
+          mvn versions:set -DgenerateBackupPoms=false -DnewVersion=${{ github.event.inputs.next_version }}
+          git add pom.xml "**/pom.xml"
+          git commit -m "Prepare for next development version"
+          git push origin main

.github/workflows/release.yml

@@ -3,4 +3,6 @@
 target
 .classpath
 .project
-.settings
+.settings
+.idea
+out

.gitignore

@@ -0,0 +1,3 @@
+wrapperVersion=3.3.4
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip

.mvn/wrapper/maven-wrapper.properties

@@ -1,33 +1,20 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
-  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
   <artifactId>empiricism</artifactId>
   <version>20240325.2-SNAPSHOT</version>
   <packaging>jar</packaging>
   <parent>
-    <relativePath>..</relativePath>
     <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
     <artifactId>parent</artifactId>
     <version>20240325.2-SNAPSHOT</version>
   </parent>
 
   <name>empiricism</name>
+  <url>https://github.com/OWASP/java-html-sanitizer</url>
   <description>
     HTML metadata derived by interrogating a browser's HTML parser
   </description>
 
-  <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.8</source>
-          <target>1.8</target>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
-
   <dependencies>
     <dependency>
       <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>

empiricism/pom.xml

@@ -3,27 +3,24 @@
   <artifactId>java10-shim</artifactId>
   <packaging>jar</packaging>
   <parent>
-    <relativePath>..</relativePath>
     <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
     <artifactId>parent</artifactId>
     <version>20240325.2-SNAPSHOT</version>
   </parent>
 
   <name>Java 10 Shim</name>
+  <url>https://github.com/OWASP/java-html-sanitizer</url>
   <description>
     Provides an implementation of java8-shim that interoperates with
     Java &gt;= 10 idioms for immutable collections.
   </description>
 
+  <properties>
+    <maven.compiler.release>10</maven.compiler.release>
+  </properties>
+
   <build>
     <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <release>10</release>
-        </configuration>
-      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-release-plugin</artifactId>

java10-shim/pom.xml

@@ -3,31 +3,19 @@
   <artifactId>java8-shim</artifactId>
   <packaging>jar</packaging>
   <parent>
-    <relativePath>..</relativePath>
     <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
     <artifactId>parent</artifactId>
     <version>20240325.2-SNAPSHOT</version>
   </parent>
 
   <name>Java 8 Shim</name>
+  <url>https://github.com/OWASP/java-html-sanitizer</url>
   <description>
     Backports @since Java 9 collection factories like List.of onto
     Java8 in a way that uses the real ones where available, falls back
     to a conforming implementation on Java8 and JIT compiles well.
   </description>
 
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <release>8</release>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
-
   <dependencies>
     <dependency>
       <groupId>junit</groupId>