diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
new file mode 100644
index 0000000..b62328b
--- /dev/null
+++ b/.github/workflows/maven.yml
@@ -0,0 +1,81 @@
+name: maven-cicd
+
+on:
+ # for regular master build (after the merge)
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+ types: [opened, synchronize, reopened]
+
+jobs:
+ build:
+ strategy:
+ matrix:
+ os: [ubuntu-latest, macos-latest, windows-latest]
+ jdk: [11, 17, 21]
+ include:
+ # lengthy build steps should only be performed on linux with Java 17 (Sonarcloud analysis, deployment)
+ - os: ubuntu-latest
+ jdk: 17
+ isMainBuildEnv: true
+ namePrefix: 'Main '
+ fail-fast: false
+
+ name: ${{ matrix.namePrefix }} Maven build (${{ matrix.os }}, JDK ${{ matrix.jdk }})
+ runs-on: ${{ matrix.os }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ # always act on the modified source code (even for event pull_request_target)
+ # is considered potentially unsafe (https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) but actions are only executed after approval from committers
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+ # no additional git operations after checkout triggered in workflow, no need to store credentials
+ persist-credentials: false
+
+ - name: Set up JDK
+ uses: actions/setup-java@v4
+ with:
+ cache: 'maven'
+ distribution: 'temurin'
+ java-version: ${{ matrix.jdk }}
+ # generate settings.xml with the correct values
+ server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+ server-username: MAVEN_USERNAME # env variable for username in deploy
+ server-password: MAVEN_PASSWORD # env variable for token in deploy
+
+ # sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+ - name: Set environment variables
+ shell: bash
+ run: |
+ if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
+ echo "MVN_ADDITIONAL_OPTS=-Dsonar.projectKey=Netcentric_aem-crypto-support -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pjacoco-report" >> $GITHUB_ENV
+ if [ "${{github.ref}}" = "refs/heads/main" ] && [ "${{github.event_name}}" = "push" ]; then
+ echo "MAVEN_USERNAME=${{ secrets.OSSRH_TOKEN_USER }}" >> $GITHUB_ENV
+ echo "MAVEN_PASSWORD=${{ secrets.OSSRH_TOKEN_PASSWORD }}" >> $GITHUB_ENV
+ echo "MVN_GOAL=clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV
+ echo "STEP_NAME_SUFFIX=(Deploys to OSSRH)" >> $GITHUB_ENV
+ else
+ echo "MVN_GOAL=clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV
+ fi
+ else
+ echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV
+ echo "MVN_GOAL=clean verify" >> $GITHUB_ENV
+ fi
+ - name: ${{ matrix.namePrefix }} Build with Maven ${{ env.STEP_NAME_SUFFIX }}
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: mvn -e -B -V ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }}
+
+ - name: Publish Test Report
+ if: ${{ always() }} # make sure to run even if previous Maven execution failed (due to failed test)
+ uses: EnricoMi/publish-unit-test-result-action/composite@v2
+ with:
+ files: |
+ target/invoker-reports/TEST-*.xml
+ check_name: Test report (${{ matrix.os }}, JDK ${{ matrix.jdk }})
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 4726fb6..ee05110 100644
--- a/pom.xml
+++ b/pom.xml
@@ -58,10 +58,10 @@
-
com.adobe.granite
com.adobe.granite.crypto
+
3.0.2
@@ -106,6 +106,19 @@
${version.slf4j}
+
+
+
+
+ false
+
+
+ true
+
+ asf-nexus-snapshots
+ https://repository.apache.org/content/repositories/snapshots/
+
+
@@ -172,12 +185,12 @@
org.sonatype.plugins
nexus-staging-maven-plugin
- 1.6.8
+ 1.7.0
org.jacoco
jacoco-maven-plugin
- 0.8.11
+ 0.8.12
org.codehaus.mojo
@@ -316,4 +329,126 @@
+
+
+ jacoco-report
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+
+
+ prepare-agent
+
+ prepare-agent
+
+
+ jacoco.command.unit
+ ${project.build.directory}/jacoco-unit.exec
+
+
+
+ prepare-agent-integration
+
+ prepare-agent-integration
+
+
+ jacoco.command.it
+
+
+
+ merge-unit-and-it
+
+ merge
+
+ post-integration-test
+
+
+
+ ${project.build.directory}
+
+ jacoco-unit.exec
+ jacoco-it.exec
+
+
+
+
+
+
+ report-merged
+
+ report
+
+ verify
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+ ${jacoco.command.unit}
+
+
+
+ maven-invoker-plugin
+
+ ${jacoco.command.it}
+
+
+
+
+
+
+ release
+
+
+ performRelease
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+
+
+ attach-sources
+
+ jar-no-fork
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+
+
+ attach-javadocs
+
+ jar
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+
+
+ sign-artifacts
+
+ sign
+
+ verify
+
+
+
+
+
+
+
diff --git a/src/it/simple-filter/jcr_root/apps/foo/.content.xml b/src/it/simple-filter/jcr_root/apps/foo/.content.xml
index cedfe29..c61ff44 100644
--- a/src/it/simple-filter/jcr_root/apps/foo/.content.xml
+++ b/src/it/simple-filter/jcr_root/apps/foo/.content.xml
@@ -1,5 +1,5 @@
\ No newline at end of file