From f11c047970c8eb8906098ee917b8d2b128b62863 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Fri, 30 Jan 2026 04:42:57 +0000 Subject: [PATCH 01/28] Update dependency gradle to v9.3.1 --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 19a6bde..37f78a6 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-9.3.0-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-9.3.1-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME From 2856c9ed0717dca839f5fcd645cf354de6f434c6 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sat, 31 Jan 2026 04:39:37 +0000 Subject: [PATCH 02/28] Update pmdVersion to v7.21.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 1cf4275..cfec6c1 100644 --- a/build.gradle +++ b/build.gradle @@ -9,7 +9,7 @@ plugins { ext { checkstyleVersion = '13.0.0' - pmdVersion = '7.20.0' + pmdVersion = '7.21.0' } def properties(String key) { From b1c7134cf8d7aa262b7f5d6ba1480d18f66d59e6 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sun, 1 Feb 2026 04:53:13 +0000 Subject: [PATCH 03/28] Update checkstyleVersion to v13.1.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 1cf4275..36cd652 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ plugins { } ext { - checkstyleVersion = '13.0.0' + checkstyleVersion = '13.1.0' pmdVersion = '7.20.0' } From 78e6f922261869bc7a6f939d185e46e35ed3f0aa Mon Sep 17 00:00:00 2001 From: AB Date: Wed, 4 Feb 2026 12:01:54 +0100 Subject: [PATCH 04/28] Updat to PMD 7.21.0 --- .config/pmd/java/ruleset.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/pmd/java/ruleset.xml b/.config/pmd/java/ruleset.xml index e96576b..e2325a9 100644 --- a/.config/pmd/java/ruleset.xml +++ b/.config/pmd/java/ruleset.xml @@ -146,7 +146,6 @@ - @@ -164,6 +163,7 @@ + From 76cf22386537f750c979b63658ab3459f6b8586c Mon Sep 17 00:00:00 2001 From: AB Date: Fri, 20 Feb 2026 08:43:59 +0100 Subject: [PATCH 05/28] Disallow classes ending with Helper or Util Fixes https://github.com/xdev-software/java-setup-template/issues/7 --- .config/checkstyle/checkstyle.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.config/checkstyle/checkstyle.xml b/.config/checkstyle/checkstyle.xml index 463a629..262c9f9 100644 --- a/.config/checkstyle/checkstyle.xml +++ b/.config/checkstyle/checkstyle.xml @@ -79,6 +79,11 @@ + + + + + From 838f350c5da393d455f0b1de29397762af9111ac Mon Sep 17 00:00:00 2001 From: AB Date: Mon, 23 Feb 2026 09:54:21 +0100 Subject: [PATCH 06/28] Avoid using Optional#get Fixes https://github.com/xdev-software/java-setup-template/issues/8 --- .config/pmd/java/ruleset.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.config/pmd/java/ruleset.xml b/.config/pmd/java/ruleset.xml index e2325a9..9dc7a0f 100644 --- a/.config/pmd/java/ruleset.xml +++ b/.config/pmd/java/ruleset.xml @@ -208,6 +208,36 @@ + + +`Optional#get` can be interpreted as a getter by developers, however this is not the case as it throws an exception when empty. + +It should be replaced by +* doing a mapping directly using `.map` or `.ifPresent` +* using the preferred `.orElseThrow`, `.orElse` or `.or` methods + +Java Developer Brian Goetz also writes regarding this topic: + +> Java 8 was a huge improvement to the platform, but one of the few mistakes we made was the naming of `Optional.get()`, because the name just invites people to call it without calling `isPresent()`, undermining the whole point of using `Optional` in the first place. +> +> During the Java 9 time frame, we proposed to deprecate `Optional.get()`, but the public response to that was ... let's say cold. As a smaller step, we introduced `orElseThrow()` in 10 (see [JDK-8140281](https://bugs.openjdk.java.net/browse/JDK-8140281)) as a more transparently named synonym for the current pernicious behavior of `get()`. IDEs warn on unconditional use of `get()`, but not on `orElseThrow()`, which is a step forward in teaching people to code better. The question is, in a sense, a "glass half empty" view of the current situation; `get()` is still problematic. + + 3 + + + + + + + + + Date: Wed, 25 Feb 2026 04:45:04 +0000 Subject: [PATCH 07/28] Update dependency org.junit:junit-bom to v6.0.3 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 6f16044..9b11883 100644 --- a/build.gradle +++ b/build.gradle @@ -59,7 +59,7 @@ dependencies { checkstyle "com.puppycrawl.tools:checkstyle:${checkstyleVersion}" pmd "net.sourceforge.pmd:pmd-ant:${pmdVersion}", "net.sourceforge.pmd:pmd-java:${pmdVersion}" - testImplementation platform('org.junit:junit-bom:6.0.2'), + testImplementation platform('org.junit:junit-bom:6.0.3'), 'org.junit.jupiter:junit-jupiter', 'org.junit.jupiter:junit-jupiter-engine', 'org.assertj:assertj-core:3.27.7' From bd6498d2786d0178e3c54f7088af754bb0aafd90 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Thu, 26 Feb 2026 04:42:27 +0000 Subject: [PATCH 08/28] Update lycheeverse/lychee-action digest to 8646ba3 --- .github/workflows/broken-links.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-links.yml b/.github/workflows/broken-links.yml index e6c3385..d768259 100644 --- a/.github/workflows/broken-links.yml +++ b/.github/workflows/broken-links.yml @@ -18,7 +18,7 @@ jobs: - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2 with: fail: false # Don't fail on broken links, create an issue instead From 757d542c5c53e6ceeaff8c0759cd58eee1fea865 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Thu, 26 Feb 2026 04:43:46 +0000 Subject: [PATCH 09/28] Update lycheeverse/lychee-action digest to 8646ba3 --- .github/workflows/broken-links.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-links.yml b/.github/workflows/broken-links.yml index 2675c8b..5b50d06 100644 --- a/.github/workflows/broken-links.yml +++ b/.github/workflows/broken-links.yml @@ -19,7 +19,7 @@ jobs: - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2 with: fail: false # Don't fail on broken links, create an issue instead From cd4062552253a21993050678c97ac05e829833a6 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Fri, 27 Feb 2026 04:42:12 +0000 Subject: [PATCH 10/28] Update actions/upload-artifact action to v7 --- .github/workflows/check-build.yml | 6 +++--- .github/workflows/check-ide-compatibility.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-deploy.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index 939982f..ff10067 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -50,7 +50,7 @@ jobs: run: ./gradlew build buildPlugin --info --stacktrace - name: Try upload test reports when failure occurs - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 if: failure() with: name: test-reports-${{ matrix.java }} @@ -75,7 +75,7 @@ jobs: fi - name: Upload plugin files - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: plugin-files-java-${{ matrix.java }} path: build/distributions/*.zip @@ -143,7 +143,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: pmd-report if-no-files-found: ignore diff --git a/.github/workflows/check-ide-compatibility.yml b/.github/workflows/check-ide-compatibility.yml index 69be85e..2925d1e 100644 --- a/.github/workflows/check-ide-compatibility.yml +++ b/.github/workflows/check-ide-compatibility.yml @@ -64,7 +64,7 @@ jobs: run: ./gradlew verifyPlugin --info --stacktrace - name: Upload report - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 if: ${{ always() }} with: name: plugin-verifier-reports diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68f6033..4140a10 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -135,7 +135,7 @@ jobs: run: ./gradlew publishPlugin --info --stacktrace - name: Upload plugin files - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: plugin-files path: build/distributions/* diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml index 73516a4..4909897 100644 --- a/.github/workflows/test-deploy.yml +++ b/.github/workflows/test-deploy.yml @@ -35,7 +35,7 @@ jobs: run: ./gradlew publishPlugin --info --stacktrace - name: Upload plugin files - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: plugin-files-java-${{ matrix.java }} path: build/distributions/* From 3116e68f96eed0af505e95d33830cecd05092590 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sat, 28 Feb 2026 04:34:08 +0000 Subject: [PATCH 11/28] Update pmdVersion to v7.22.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 6f16044..685872a 100644 --- a/build.gradle +++ b/build.gradle @@ -9,7 +9,7 @@ plugins { ext { checkstyleVersion = '13.1.0' - pmdVersion = '7.21.0' + pmdVersion = '7.22.0' } def properties(String key) { From cbaa81526c6aac01a7afa4f7ea0955025e0619c1 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sun, 1 Mar 2026 04:46:44 +0000 Subject: [PATCH 12/28] Update checkstyleVersion to v13.3.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 6f16044..b6b0338 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ plugins { } ext { - checkstyleVersion = '13.1.0' + checkstyleVersion = '13.3.0' pmdVersion = '7.21.0' } From 6f9b5b39e904c2167782591b14a645b1fd49b730 Mon Sep 17 00:00:00 2001 From: AB Date: Mon, 2 Mar 2026 12:00:46 +0100 Subject: [PATCH 13/28] Create report-gha-workflow-security-problems.yml Fixes https://github.com/xdev-software/base-template/issues/13 --- .../report-gha-workflow-security-problems.yml | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/report-gha-workflow-security-problems.yml diff --git a/.github/workflows/report-gha-workflow-security-problems.yml b/.github/workflows/report-gha-workflow-security-problems.yml new file mode 100644 index 0000000..b17aa53 --- /dev/null +++ b/.github/workflows/report-gha-workflow-security-problems.yml @@ -0,0 +1,61 @@ +name: Report workflow security problems + +on: + workflow_dispatch: + push: + branches: [ develop ] + paths: + - '.github/workflows/**' + +permissions: + issues: write + +jobs: + prt: + runs-on: ubuntu-latest + timeout-minutes: 15 + # Only run this in our repos (Prevent notification spam by forks) + if: ${{ github.repository_owner == 'xdev-software' }} + steps: + - uses: actions/checkout@v6 + + - name: Check + id: check + run: | + grep -l 'pull_request_target:' --exclude report-gha-workflow-security-problems.yml *.yml > reported.txt && exit 1 || exit 0 + working-directory: .github/workflows + + - name: Find already existing issue + id: find-issue + if: ${{ !cancelled() }} + run: | + echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title "Incorrectly configure GHA workflow (prt)"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ github.token }} + + - name: Close issue if everything is fine + if: ${{ success() && steps.find-issue.outputs.number != '' }} + run: gh issue close -r 'not planned' ${{ steps.find-issue.outputs.number }} + env: + GH_TOKEN: ${{ github.token }} + + - name: Create report + if: ${{ failure() && steps.check.conclusion == 'failure' }} + run: | + echo 'Detected usage of `pull_request_target`. This event is dangerous and MUST NOT BE USED AT ALL COST!' > reported.md + echo '' >> reported.md + echo '/cc @xdev-software/gha-workflow-security' >> reported.md + echo '' >> reported.md + echo '```' >> reported.md + cat .github/workflows/reported.txt >> reported.md + echo '```' >> reported.md + cat reported.md + + - name: Create Issue From File + if: ${{ failure() && steps.check.conclusion == 'failure' }} + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6 + with: + issue-number: ${{ steps.find-issue.outputs.number }} + title: 'Incorrectly configure GHA workflow (prt)' + content-filepath: ./reported.md + labels: bug, automated From 84e1242d26dadb2a8522dbaaa1563c0e613bf086 Mon Sep 17 00:00:00 2001 From: AB Date: Mon, 9 Mar 2026 10:01:24 +0100 Subject: [PATCH 14/28] Enforce use of PMD plugin After feedback from colleague --- .idea/externalDependencies.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/.idea/externalDependencies.xml b/.idea/externalDependencies.xml index 78be5b8..0b477b8 100644 --- a/.idea/externalDependencies.xml +++ b/.idea/externalDependencies.xml @@ -3,5 +3,6 @@ + \ No newline at end of file From 01ff018b6e802863968365d538e02716f5280417 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Tue, 10 Mar 2026 04:41:19 +0000 Subject: [PATCH 15/28] Update dependency gradle to v9.4.0 --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 37f78a6..dbc3ce4 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-9.3.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.0-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME From bee4af5faa966096d7fb95d3777470fcda2213cd Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Tue, 10 Mar 2026 04:41:20 +0000 Subject: [PATCH 16/28] Update plugin org.jetbrains.intellij.platform to v2.12.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3bcaebf..d183d2f 100644 --- a/build.gradle +++ b/build.gradle @@ -3,7 +3,7 @@ plugins { id 'idea' id 'checkstyle' id 'pmd' - id 'org.jetbrains.intellij.platform' version '2.11.0' + id 'org.jetbrains.intellij.platform' version '2.12.0' } ext { From cccfcc481c2818846cefbaa95dd360784df5b55b Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sun, 15 Mar 2026 04:55:07 +0000 Subject: [PATCH 17/28] Update shogo82148/actions-create-release digest to 6a39603 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4140a10..ed7e4ef 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -91,7 +91,7 @@ jobs: - name: Create Release id: create_release - uses: shogo82148/actions-create-release@559c27ce7eb834825e2b55927c64f6d1bd1db716 # v1 + uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1 with: tag_name: v${{ steps.version.outputs.release }} release_name: v${{ steps.version.outputs.release }} From dfef87991f16e8869aa8447680a008ff4d74557e Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sun, 15 Mar 2026 04:55:09 +0000 Subject: [PATCH 18/28] Update plugin org.jetbrains.intellij.platform to v2.13.1 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index d183d2f..94763cd 100644 --- a/build.gradle +++ b/build.gradle @@ -3,7 +3,7 @@ plugins { id 'idea' id 'checkstyle' id 'pmd' - id 'org.jetbrains.intellij.platform' version '2.12.0' + id 'org.jetbrains.intellij.platform' version '2.13.1' } ext { From 0ae3a4be76eab9b37b28990fbfe4bd2cfe5ec2f4 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Fri, 20 Mar 2026 04:41:58 +0000 Subject: [PATCH 19/28] Update dependency gradle to v9.4.1 --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index dbc3ce4..c61a118 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.0-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME From a9c51271a67d8a2d5fbc77868202bad8cc72ff98 Mon Sep 17 00:00:00 2001 From: AB Date: Wed, 25 Mar 2026 10:59:57 +0100 Subject: [PATCH 20/28] Remove deprcated/removed extension that has no effect "Calling instrumentationTools() is no longer necessary" https://github.com/JetBrains/intellij-platform-gradle-plugin/blob/759b213778a4f9ac37462b35d9686b4a02bbfb17/src/main/kotlin/org/jetbrains/intellij/platform/gradle/extensions/IntelliJPlatformDependenciesExtension.kt#L2652 --- build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/build.gradle b/build.gradle index 94763cd..3605a25 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,6 @@ dependencies { plugins(properties("platformPlugins").map { it.split(",").collect { it.trim() }.findAll { !it.empty } }) pluginVerifier() zipSigner() - instrumentationTools() } checkstyle "com.puppycrawl.tools:checkstyle:${checkstyleVersion}" pmd "net.sourceforge.pmd:pmd-ant:${pmdVersion}", From b353001a3f4194b9e7bf7b2c1bb7926c6f8fe2fa Mon Sep 17 00:00:00 2001 From: AB Date: Wed, 25 Mar 2026 11:01:37 +0100 Subject: [PATCH 21/28] Correctly calculate cache --- .github/workflows/check-build.yml | 6 +++--- .github/workflows/check-ide-compatibility.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index ff10067..7db6f78 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -42,7 +42,7 @@ jobs: path: | ~/.gradle/caches ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-build-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + key: ${{ runner.os }}-gradle-build-${{ hashFiles('**/*.gradle*', '**/gradle.properties', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle-build- @@ -104,7 +104,7 @@ jobs: path: | ~/.gradle/caches ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-checkstyle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + key: ${{ runner.os }}-gradle-checkstyle-${{ hashFiles('**/*.gradle*', '**/gradle.properties', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle-checkstyle- @@ -137,7 +137,7 @@ jobs: path: | ~/.gradle/caches ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-pmd-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + key: ${{ runner.os }}-gradle-pmd-${{ hashFiles('**/*.gradle*', '**/gradle.properties', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle-pmd- diff --git a/.github/workflows/check-ide-compatibility.yml b/.github/workflows/check-ide-compatibility.yml index 2925d1e..a398b9b 100644 --- a/.github/workflows/check-ide-compatibility.yml +++ b/.github/workflows/check-ide-compatibility.yml @@ -55,7 +55,7 @@ jobs: path: | ~/.gradle/caches ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-ide-compatibility-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + key: ${{ runner.os }}-gradle-ide-compatibility-${{ hashFiles('**/*.gradle*', '**/gradle.properties', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle-ide-compatibility- diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ed7e4ef..b112bc1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: path: | ~/.gradle/caches ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-build-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + key: ${{ runner.os }}-gradle-build-${{ hashFiles('**/*.gradle*', '**/gradle.properties', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle-build- From e34364ea557700647de9b5b219cbce9da1c8b333 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Sat, 28 Mar 2026 04:46:02 +0000 Subject: [PATCH 22/28] Update pmdVersion to v7.23.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3605a25..b2e1fb0 100644 --- a/build.gradle +++ b/build.gradle @@ -9,7 +9,7 @@ plugins { ext { checkstyleVersion = '13.3.0' - pmdVersion = '7.22.0' + pmdVersion = '7.23.0' } def properties(String key) { From 488f6de92543aeeb89380c7e33200705c0700514 Mon Sep 17 00:00:00 2001 From: XDEV Renovate Bot Date: Mon, 30 Mar 2026 05:06:57 +0000 Subject: [PATCH 23/28] Update checkstyleVersion to v13.4.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3605a25..61fc9d5 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ plugins { } ext { - checkstyleVersion = '13.3.0' + checkstyleVersion = '13.4.0' pmdVersion = '7.22.0' } From 225c79b88ca0fb52a376de459f5ed4c7890a498f Mon Sep 17 00:00:00 2001 From: AB Date: Mon, 30 Mar 2026 14:59:05 +0200 Subject: [PATCH 24/28] Prepare for new templating system --- .config/topo/upstream.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .config/topo/upstream.yml diff --git a/.config/topo/upstream.yml b/.config/topo/upstream.yml new file mode 100644 index 0000000..d78d893 --- /dev/null +++ b/.config/topo/upstream.yml @@ -0,0 +1,2 @@ +- url: https://github.com/xdev-software/base-template.git + branch: master From fcf8b930e9544886a329758cd7fe21ad474bd337 Mon Sep 17 00:00:00 2001 From: "Alex \"Blex\" B" <45384811+AB-xdev@users.noreply.github.com> Date: Mon, 30 Mar 2026 15:01:53 +0200 Subject: [PATCH 25/28] Update upstream.yml --- .config/topo/upstream.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/topo/upstream.yml b/.config/topo/upstream.yml index d78d893..7821ddf 100644 --- a/.config/topo/upstream.yml +++ b/.config/topo/upstream.yml @@ -1,2 +1,2 @@ -- url: https://github.com/xdev-software/base-template.git +- url: https://github.com/xdev-software/java-template.git branch: master From 3e30eebf5761e3e4ba41e2576938445c49500200 Mon Sep 17 00:00:00 2001 From: "Alex \"Blex\" B" <45384811+AB-xdev@users.noreply.github.com> Date: Mon, 30 Mar 2026 15:05:59 +0200 Subject: [PATCH 26/28] Create upstream.yml --- .config/topo/upstream.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .config/topo/upstream.yml diff --git a/.config/topo/upstream.yml b/.config/topo/upstream.yml new file mode 100644 index 0000000..8627eae --- /dev/null +++ b/.config/topo/upstream.yml @@ -0,0 +1,2 @@ +- url: https://github.com/xdev-software/java-setup-template.git + branch: master From c48f1087c61874cfa7d46b9e13c41d895d14e9f4 Mon Sep 17 00:00:00 2001 From: AB Date: Mon, 30 Mar 2026 15:16:19 +0200 Subject: [PATCH 27/28] Update upstream.yml --- .config/topo/upstream.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/topo/upstream.yml b/.config/topo/upstream.yml index 7821ddf..ad6700f 100644 --- a/.config/topo/upstream.yml +++ b/.config/topo/upstream.yml @@ -1,2 +1,2 @@ -- url: https://github.com/xdev-software/java-template.git +- url: https://github.com/xdev-software/intellij-plugin-template.git branch: master From c0e52bd19d9671cf5b53ddfffd8ba4fae4b86b67 Mon Sep 17 00:00:00 2001 From: AB Date: Tue, 31 Mar 2026 14:08:01 +0200 Subject: [PATCH 28/28] Delete update-from-template.yml Will be managed centrally now --- .github/workflows/update-from-template.yml | 318 --------------------- 1 file changed, 318 deletions(-) delete mode 100644 .github/workflows/update-from-template.yml diff --git a/.github/workflows/update-from-template.yml b/.github/workflows/update-from-template.yml deleted file mode 100644 index 7cff559..0000000 --- a/.github/workflows/update-from-template.yml +++ /dev/null @@ -1,318 +0,0 @@ -name: Update from Template - -# This workflow keeps the repo up to date with changes from the template repo (REMOTE_URL) -# It duplicates the REMOTE_BRANCH (into UPDATE_BRANCH) and tries to merge it into -# this repos default branch (which is checked out here) -# Note that this requires a PAT (Personal Access Token) - at best from a servicing account -# PAT permissions: read:discussion, read:org, repo, workflow -# Also note that you should have at least once merged the template repo into the current repo manually -# otherwise a "refusing to merge unrelated histories" error might occur. - -on: - schedule: - - cron: '55 2 * * 1' - workflow_dispatch: - inputs: - no_automatic_merge: - type: boolean - description: 'No automatic merge' - default: false - -env: - UPDATE_BRANCH: update-from-template - UPDATE_BRANCH_MERGED: update-from-template-merged - REMOTE_URL: https://github.com/xdev-software/base-template.git - REMOTE_BRANCH: master - -permissions: - contents: write - pull-requests: write - -jobs: - update: - runs-on: ubuntu-latest - outputs: - update_branch_merged_commit: ${{ steps.manage-branches.outputs.update_branch_merged_commit }} - create_update_branch_merged_pr: ${{ steps.manage-branches.outputs.create_update_branch_merged_pr }} - steps: - - uses: actions/checkout@v6 - with: - # Required because otherwise there are always changes detected when executing diff/rev-list - fetch-depth: 0 - # If no PAT is used the following error occurs on a push: - # refusing to allow a GitHub App to create or update workflow `.github/workflows/xxx.yml` without `workflows` permission - token: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }} - - - name: Init Git - run: | - git config --global user.email "111048771+xdev-gh-bot@users.noreply.github.com" - git config --global user.name "XDEV Bot" - - - name: Manage branches - id: manage-branches - run: | - echo "Adding remote template-repo" - git remote add template ${{ env.REMOTE_URL }} - - echo "Fetching remote template repo" - git fetch template - - echo "Deleting local branches that will contain the updates - if present" - git branch -D ${{ env.UPDATE_BRANCH }} || true - git branch -D ${{ env.UPDATE_BRANCH_MERGED }} || true - - echo "Checking if the remote template repo has new commits" - git rev-list ..template/${{ env.REMOTE_BRANCH }} - - if [ $(git rev-list --count ..template/${{ env.REMOTE_BRANCH }}) -eq 0 ]; then - echo "There are no commits new commits on the template repo" - - echo "Deleting origin branch(es) that contain the updates - if present" - git push -f origin --delete ${{ env.UPDATE_BRANCH }} || true - git push -f origin --delete ${{ env.UPDATE_BRANCH_MERGED }} || true - - echo "create_update_branch_pr=0" >> $GITHUB_OUTPUT - echo "create_update_branch_merged_pr=0" >> $GITHUB_OUTPUT - exit 0 - fi - - echo "Found new commits on the template repo" - - echo "Creating update branch" - git branch ${{ env.UPDATE_BRANCH }} template/${{ env.REMOTE_BRANCH }} - git branch --unset-upstream ${{ env.UPDATE_BRANCH }} - - echo "Pushing update branch" - git push -f -u origin ${{ env.UPDATE_BRANCH }} - - echo "Getting base branch" - base_branch=$(git branch --show-current) - echo "Base branch is $base_branch" - echo "base_branch=$base_branch" >> $GITHUB_OUTPUT - - echo "Trying to create auto-merged branch ${{ env.UPDATE_BRANCH_MERGED }}" - git branch ${{ env.UPDATE_BRANCH_MERGED }} ${{ env.UPDATE_BRANCH }} - git checkout ${{ env.UPDATE_BRANCH_MERGED }} - - echo "Merging branch $base_branch into ${{ env.UPDATE_BRANCH_MERGED }}" - git merge $base_branch && merge_exit_code=$? || merge_exit_code=$? - if [ $merge_exit_code -ne 0 ]; then - echo "Auto merge failed! Manual merge required" - echo "::notice ::Auto merge failed - Manual merge required" - - echo "Cleaning up failed merge" - git merge --abort - git checkout $base_branch - git branch -D ${{ env.UPDATE_BRANCH_MERGED }} || true - - echo "Deleting auto-merge branch - if present" - git push -f origin --delete ${{ env.UPDATE_BRANCH_MERGED }} || true - - echo "create_update_branch_pr=1" >> $GITHUB_OUTPUT - echo "create_update_branch_merged_pr=0" >> $GITHUB_OUTPUT - exit 0 - fi - - echo "Post processing: Trying to automatically fill in template variables" - find . -type f \ - -not -path "./.git/**" \ - -not -path "./.github/workflows/update-from-template.yml" -print0 \ - | xargs -0 sed -i "s/template-placeholder/${GITHUB_REPOSITORY#*/}/g" - - git status - git add --all - - if [[ "$(git status --porcelain)" != "" ]]; then - echo "Filled in template; Committing" - - git commit -m "Fill in template" - fi - - echo "Pushing auto-merged branch" - git push -f -u origin ${{ env.UPDATE_BRANCH_MERGED }} - - echo "update_branch_merged_commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - - echo "Restoring base branch $base_branch" - git checkout $base_branch - - echo "create_update_branch_pr=0" >> $GITHUB_OUTPUT - echo "create_update_branch_merged_pr=1" >> $GITHUB_OUTPUT - echo "try_close_update_branch_pr=1" >> $GITHUB_OUTPUT - - - name: Create/Update PR update_branch - if: steps.manage-branches.outputs.create_update_branch_pr == 1 - env: - GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }} - run: | - gh_pr_up() { - gh pr create -H "${{ env.UPDATE_BRANCH }}" "$@" || (git checkout "${{ env.UPDATE_BRANCH }}" && gh pr edit "$@") - } - gh_pr_up -B "${{ steps.manage-branches.outputs.base_branch }}" \ - --title "Update from template" \ - --body "An automated PR to sync changes from the template into this repo" - - # Ensure that only a single PR is open (otherwise confusion and spam) - - name: Close PR update_branch - if: steps.manage-branches.outputs.try_close_update_branch_pr == 1 - env: - GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }} - run: | - gh pr close "${{ env.UPDATE_BRANCH }}" || true - - - name: Create/Update PR update_branch_merged - if: steps.manage-branches.outputs.create_update_branch_merged_pr == 1 - env: - GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }} - run: | - gh_pr_up() { - gh pr create -H "${{ env.UPDATE_BRANCH_MERGED }}" "$@" || (git checkout "${{ env.UPDATE_BRANCH_MERGED }}" && gh pr edit "$@") - } - gh_pr_up -B "${{ steps.manage-branches.outputs.base_branch }}" \ - --title "Update from template (auto-merged)" \ - --body "An automated PR to sync changes from the template into this repo" - - # Wait a moment so that checks of PR have higher prio than following job - sleep 3 - - # Split into two jobs to help with executor starvation - auto-merge: - needs: [update] - if: needs.update.outputs.create_update_branch_merged_pr == 1 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - with: - # Required because otherwise there are always changes detected when executing diff/rev-list - fetch-depth: 0 - # If no PAT is used the following error occurs on a push: - # refusing to allow a GitHub App to create or update workflow `.github/workflows/xxx.yml` without `workflows` permission - token: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }} - - - name: Init Git - run: | - git config --global user.email "111048771+xdev-gh-bot@users.noreply.github.com" - git config --global user.name "XDEV Bot" - - - name: Checking if auto-merge for PR update_branch_merged can be done - id: auto-merge-check - env: - GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }} - run: | - not_failed_conclusion="skipped|neutral|success" - not_relevant_app_slug="dependabot|github-pages|sonarqubecloud" - - echo "Waiting for checks to start..." - sleep 40s - - for i in {1..20}; do - echo "Checking if PR can be auto-merged. Try: $i" - - echo "Checking if update-branch-merged exists" - git fetch - if [[ $(git ls-remote --heads origin refs/heads/${{ env.UPDATE_BRANCH_MERGED }}) ]]; then - echo "Branch still exists; Continuing..." - else - echo "Branch origin/${{ env.UPDATE_BRANCH_MERGED }} is missing" - exit 0 - fi - - echo "Fetching checks" - cs_response=$(curl -sL \ - --fail-with-body \ - --connect-timeout 60 \ - --max-time 120 \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GH_TOKEN" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/${{ github.repository }}/commits/${{ needs.update.outputs.update_branch_merged_commit }}/check-suites) - - cs_data=$(echo $cs_response | jq '.check_suites[] | { conclusion: .conclusion, slug: .app.slug, check_runs_url: .check_runs_url }') - echo $cs_data - - if [[ -z "$cs_data" ]]; then - echo "No check suite data - Assuming that there are no checks to run" - - echo "perform=1" >> $GITHUB_OUTPUT - exit 0 - fi - - cs_failed=$(echo $cs_data | jq --arg x "$not_failed_conclusion" 'select ((.conclusion == null or (.conclusion | test($x))) | not)') - if [[ -z "$cs_failed" ]]; then - echo "No check failed so far; Checking if relevant checks are still running" - - cs_relevant_still_running=$(echo $cs_data | jq --arg x "$not_relevant_app_slug" 'select (.conclusion == null and (.slug | test($x) | not))') - if [[ -z $cs_relevant_still_running ]]; then - echo "All relevant checks finished - PR can be merged" - - echo "perform=1" >> $GITHUB_OUTPUT - exit 0 - else - echo "Relevant checks are still running" - echo $cs_relevant_still_running - fi - else - echo "Detected failed check" - echo $cs_failed - - echo "perform=0" >> $GITHUB_OUTPUT - exit 0 - fi - - echo "Waiting before next run..." - sleep 30s - done - - echo "Timed out - Assuming executor starvation - Forcing merge" - echo "perform=1" >> $GITHUB_OUTPUT - - - name: Auto-merge update_branch_merged - if: steps.auto-merge-check.outputs.perform == 1 - run: | - echo "Getting base branch" - base_branch=$(git branch --show-current) - echo "Base branch is $base_branch" - - echo "Fetching..." - git fetch - if [[ $(git rev-parse origin/${{ env.UPDATE_BRANCH_MERGED }}) ]]; then - echo "Branch still exists; Continuing..." - else - echo "Branch origin/${{ env.UPDATE_BRANCH_MERGED }} is missing" - exit 0 - fi - - expected_commit="${{ needs.update.outputs.update_branch_merged_commit }}" - actual_commit=$(git rev-parse origin/${{ env.UPDATE_BRANCH_MERGED }}) - if [[ "$expected_commit" != "$actual_commit" ]]; then - echo "Branch ${{ env.UPDATE_BRANCH_MERGED }} contains unexpected commit $actual_commit" - echo "Expected: $expected_commit" - - exit 0 - fi - - echo "Ensuring that current branch $base_branch is up-to-date" - git pull - - echo "Merging origin/${{ env.UPDATE_BRANCH_MERGED }} into $base_branch" - git merge origin/${{ env.UPDATE_BRANCH_MERGED }} && merge_exit_code=$? || merge_exit_code=$? - if [ $merge_exit_code -ne 0 ]; then - echo "Unexpected merge failure $merge_exit_code - Requires manual resolution" - - exit 0 - fi - - if [[ "${{ inputs.no_automatic_merge }}" == "true" ]]; then - echo "Exiting due no_automatic_merge" - - exit 0 - fi - - echo "Pushing" - git push - - echo "Cleaning up" - git branch -D ${{ env.UPDATE_BRANCH }} || true - git branch -D ${{ env.UPDATE_BRANCH_MERGED }} || true - git push -f origin --delete ${{ env.UPDATE_BRANCH }} || true - git push -f origin --delete ${{ env.UPDATE_BRANCH_MERGED }} || true