* Upgrade GitHub actions & pin to commit hash
The only exception is `google/oss-fuzz` which does not seem to have releases
or Git tags, so pinning might not make sense there.
Also adds `actions/setup-java` to the `codeql-analysis` workflow to
explicitly specify the JDK version to use (and to use the caching of
that action) instead of relying on the default JDK of the runner image.
* Enable Dependabot for GitHub actions
---------
Co-authored-by: Éamonn McManus <emcmanus@google.com>
* Add CI build using JDK 21
This is mainly to make sure that besides the known JDK 21 build
incompatibilities Gson can be built and run using JDK 21.
* Update ProGuard
* Update Protobuf
3.25.1 is actually newer than 4.0.0-rc-2
However, it might still be necessary to use the same OS and JDK version
to actually be able to create identical artifacts.
This commit also formats the `pom.xml` files in the way the Maven Release
Plugin would.
* Add integration test for GraalVM Native Image
* Enable 'quickBuild' mode
Seems to improve build speed, and at least for the previous issue with
`RecordComponent` still causes test failures (as expected) if the fix
is reverted.
Disables the download transfer progress which is shown when Maven downloads
(or uploads) artifacts which are not available in the local repository.
This download progress can be quite verbose and is normally not that relevant.
* Build on JDK 8 and 17 as well as 11.
* Remove JDK 8 for now.
`DefaultDateTypeAdapterTest` fails.
* Tweak javadoc to avoid warnings.
Mostly these are about using `<h3>` when the previous tag was `<h1>`,
and the like. This previous tag might be implicit (part of what javadoc
itself outputs rather than the HTML in doc comments).
Apparently JDK 11 puts method javadoc inside `<h2>` while JDK 11 puts it
inside `<h3>`. Or something like that. Anyway it doesn't appear to be
possible to use `<h3>` _or_ `<h4>` and please both.
The oss-parent configuration has been applied manually to the root pom.xml,
except that now newer plugin versions are used for source and javadoc JAR
creation, and for GPG signing.
This required some reordering of the plugins for the gson module to make
sure they are executed in the correct order. Otherwise this would cause
failures for javadoc:jar.
* Fix consecutive Maven builds failing without performing `clean`
By default moditect-maven-plugin refuses to overwrite the JAR file it
generated in a previous run.
* Make GitHub Maven build workflow detect Javadoc issues