diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000000..64e47283ef
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,90 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+# ******** NOTE ********
+
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ master ]
+ schedule:
+ - cron: '16 7 * * 5'
+
+permissions:
+ contents: read
+
+jobs:
+ analyze:
+ permissions:
+ actions: read # for github/codeql-action/init to get workflow details
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/analyze to upload SARIF results
+ name: Analyze
+ runs-on: ubuntu-latest
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'java' ]
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+ # Learn more...
+ # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+ # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ #- name: Autobuild
+ # uses: github/codeql-action/autobuild@v1
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ https://git.io/JvXDl
+
+ # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
+
+ - run: mvn clean package -DskipTests -Drat.skip=true -Dcheckstyle.skip
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000000..83886a45a3
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+ contents: read
+
+jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Checkout Repository'
+ uses: actions/checkout@v3
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
new file mode 100644
index 0000000000..860943592b
--- /dev/null
+++ b/.github/workflows/maven.yml
@@ -0,0 +1,62 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Java CI
+
+on: [push, pull_request]
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+
+ runs-on: ${{ matrix.os }}
+ continue-on-error: ${{ matrix.experimental }}
+ strategy:
+ matrix:
+ # windows-latest is not used due to intermittent lucene failures
+ os: [ubuntu-latest, macos-latest, windows-latest]
+ # All LTS versions plus the current version
+ # 23, 24 do not work currently due to javax.security
+ java: [ 17, 18, 19, 21, 22 ]
+ experimental: [false]
+# include:
+# - java: 20-ea
+# os: ubuntu-latest
+# experimental: true
+# - java: 20-ea
+# os: windows-latest
+# experimental: true
+# - java: 20-ea
+# os: macos-latest
+# experimental: true
+ fail-fast: false
+
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/cache@v3
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-maven-
+ - name: Set up JDK ${{ matrix.java }}
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'temurin'
+ java-version: ${{ matrix.java }}
+ - name: Build with Maven
+ run: mvn clean package -T 1C -V -B
diff --git a/jspwiki-util/src/test/java/org/apache/wiki/util/PropertyReaderTest.java b/jspwiki-util/src/test/java/org/apache/wiki/util/PropertyReaderTest.java
index 9f93d0fedb..6e4d546ba0 100644
--- a/jspwiki-util/src/test/java/org/apache/wiki/util/PropertyReaderTest.java
+++ b/jspwiki-util/src/test/java/org/apache/wiki/util/PropertyReaderTest.java
@@ -137,14 +137,15 @@ void testSetWorkDir() {
PropertyReader.setWorkDir( servletContext, properties );
// Test when the "jspwiki.workDir" is not set, it should get set to servlet's temporary directory
- String workDir = properties.getProperty( "jspwiki.workDir" );
- Assertions.assertEquals( tmp.getAbsolutePath(), workDir );
+ PropertyReader.setWorkDir(servletContext, properties);
+ String workDir = properties.getProperty("jspwiki.workDir");
+ Assertions.assertEquals(tmp.getAbsolutePath(), workDir);
// Test when the "jspwiki.workDir" is set, it should remain as it is
- properties.setProperty( "jspwiki.workDir", "/custom/dir" );
- PropertyReader.setWorkDir( servletContext, properties );
- workDir = properties.getProperty( "jspwiki.workDir" );
- Assertions.assertEquals( "/custom/dir", workDir );
+ properties.setProperty("jspwiki.workDir", "/custom/dir");
+ PropertyReader.setWorkDir(servletContext, properties);
+ workDir = properties.getProperty("jspwiki.workDir");
+ Assertions.assertEquals("/custom/dir", workDir);
// Test when the servlet's temporary directory is null, it should get set to system's temporary directory
Mockito.when( servletContext.getAttribute( "jakarta.servlet.context.tempdir" ) ).thenReturn( null );
diff --git a/pom.xml b/pom.xml
index 6908d0160c..3f63a02a01 100644
--- a/pom.xml
+++ b/pom.xml
@@ -828,6 +828,7 @@
**/src/main/webapp/favicons/*.svg
**/src/overlay/launchers/tomcat/woas.app/Contents/*.plist
**/src/overlay/launchers/tomcat/woas.app/Contents/Resources/*.none
+ **/.eslintrc