Merge branch 'main' into dependabot/github_actions/github/super-linter-6

adoptium · May 20, 2024 · 6adf898 · 6adf898
2 parents 6074164 + 9a1bd14
commit 6adf898
Show file tree

Hide file tree

Showing 36 changed files with 1,007 additions and 418 deletions.
diff --git a/.github/workflows/blog-validator.yml b/.github/workflows/blog-validator.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         persist-credentials: false
 

diff --git a/.github/workflows/check-adopters.yml b/.github/workflows/check-adopters.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         persist-credentials: false
 

diff --git a/.github/workflows/check-contributors.yml b/.github/workflows/check-contributors.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         persist-credentials: false
         fetch-depth: 0

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
     name: Run CI
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
@@ -27,6 +27,6 @@ jobs:
       - run: npm run coverage
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+        uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
           persist-credentials: false

diff --git a/.github/workflows/locale-checker.yml b/.github/workflows/locale-checker.yml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
           fetch-depth: 0

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -22,10 +22,10 @@ jobs:
       id-token: write
 
     steps:
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         persist-credentials: false
-    - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+    - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
       with:
         results_file: results.sarif
         results_format: sarif

diff --git a/.github/workflows/update_snapshot.yml b/.github/workflows/update_snapshot.yml
@@ -10,7 +10,7 @@ jobs:
     if: startsWith(github.event.comment.body, '/update-snapshot')
     steps:
       - name: Checkout repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           ref: ${{ github.event.issue.head_ref }}
           repository: ${{ github.event.issue.repository.full_name }}

diff --git a/content/asciidoc-pages/support/_partials/support-table.adoc b/content/asciidoc-pages/support/_partials/support-table.adoc
@@ -17,14 +17,14 @@ Sep 2024
 [.small]#jdk-22+0.1+9#
 | 16 Jul 2024 +
 [.small]#jdk-22.0.2#
-| Sep 2023
+| Sep 2024
 
 | Java 21 (LTS)
 | Sep 2023
-| 24 Jan 2024 +
-[.small]#jdk-21.0.2+13#
 | 16 Apr 2024 +
-[.small]#jdk-21.0.3#
+[.small]#jdk-21.0.3+9#
+| 16 Jul 2024 +
+[.small]#jdk-21.0.4#
 | At least Dec 2029
 
 | Java 20

diff --git a/content/blog/aqavit-scope/1PlatformSH.png b/content/blog/aqavit-scope/1PlatformSH.png
diff --git a/content/blog/aqavit-scope/54PlatformsSH.png b/content/blog/aqavit-scope/54PlatformsSH.png
diff --git a/content/blog/aqavit-scope/index.md b/content/blog/aqavit-scope/index.md
@@ -0,0 +1,38 @@
+---
+title: The Scope of AQAvit
+date: "2024-05-15T12:00:00+00:00"
+author: shelleylambert
+description: What are the main user stories the AQAvit project covers.
+tags:
+  - aqavit
+---
+
+## Eclipse AQAvit Project Scope
+
+Eclipse AQAvit is a very active subproject with the Eclipse Adoptium Working Group. It is a project where a broad set of contributors come together around the topic of quality assurance for OpenJDK builds. By working together in an open-source project, the goal is to share in the workload and activities around testing OpenJDK distributions with the additional goals of deduplicating effort, and freeing folks to work on more innovation!
+Within the [scope of AQAvit](https://github.com/adoptium/aqa-tests/blob/master/docs/pages/Scope.md) falls both AQAvit verification, which is really a quality bar for OpenJDK binaries, and development support especially for JDK developers.
+
+### AQAvit Verification
+
+AQAvit has rapidly become the de facto standard by which companies can measure whether they trust the quality of the OpenJDK distribution they are selecting. This trust is earned because AQAvit has developed a consistent and open approach to measuring quality, as well providing an open toolset that any JDK distributor can use to demonstrate that they meet the AQAvit quality bar. This is why one of the criteria for listing a distribution in the [Adoptium marketplace](https://adoptium.net/marketplace/) includes the requirement to run and pass the [AQAvit verification suite](https://adoptium.net/docs/aqavit-verification/).
+
+At this time, there are a number of vendors listed in the [Adoptium marketplace](https://adoptium.net/marketplace/). The marketplace API includes links to AQAvit results for the different distributions. This serves as direct evidence of the quality of the binaries listed in the marketplace as well as an indicator of the open and transparent nature of their quality assurance work.
+
+![Adoptium Marketplace Vendors](marketplaceVendors.png)
+
+The Adoptium project uses AQAvit verification for the release activities for its Eclipse Temurin binaries. Since Temurin covers a broad set of platforms and versions, this is an ambitious effort! An overview of the activities of AQAvit testing and triage is covered by this [presentation](https://youtu.be/TWD_b8cwIVg), which takes a look at the January and April 2024 Critical Patch Update (CPU) triage activities.
+
+![April AQAvit Triage](1PlatformSH.png)
+![April AQAvit Triage](54PlatformsSH.png)
+
+In summary, millions of tests are run during a release! The test pipelines produce artifacts to show details about which binary is under test, what tests were run against that product, noting where the test material was sourced, whether the product passed those tests, what machines the tests were run on and so forth. These artifacts are then uploaded and made available via the Adoptium marketplace API for reference alongside the binaries.
+
+### Developer Support
+
+AQAvit provides [developer support](https://github.com/adoptium/aqa-tests/blob/master/docs/pages/Scope.md#2-developer-support) for JDK and Java application developers through its regular, publicly visible test runs, and bug tracking. The developer support also includes a flexible system that allows for addition of new test material, and for tuning to a specific development need. [AQAvit was designed](https://github.com/adoptium/aqa-tests/blob/master/docs/pages/LayeredDesign.md) to integrate with various CI/CD tools, including GitHub Actions, making it a great choice for pull request testing and offering a continuous lens on the quality of code commits.
+
+## 2024 AQAvit Plan
+
+The [AQAvit manifesto](https://github.com/adoptium/aqa-tests/blob/master/docs/pages/Manifesto.md) sets out the criteria that we created to guide the work of the AQAvit project. We aim to continuously evolve AQAvit alongside the continuously changing OpenJDK implementations in order to stay relevant and useful. The 'vit' in AQAvit from the Latin root and reminds us of this criteria to remain vital. With that in mind, we have a great deal of cool work in the 2024 plan!
+
+We gave an initial view of some targeted items of 2024 in our recent [AQAvit Community call](https://github.com/adoptium/aqa-tests/issues/5090). This included some stretch goals such as enhanced developer support through the upcoming [Trestle initiative](https://github.com/adoptium/ci-jenkins-pipelines/wiki/Trestle-Initiative), additional tools to support AQAvit verification, and much more. You can find a list of 2024 features in the proposed agenda, and please feel welcome to join and/or put comments into upcoming [community calls](https://github.com/adoptium/aqa-tests/issues?q=is%3Aopen+is%3Aissue+label%3A%22AQAvit+Meeting%22).
diff --git a/content/blog/aqavit-scope/marketplaceVendors.png b/content/blog/aqavit-scope/marketplaceVendors.png