From 8accc44baab008854a759dfa162e75212f40d195 Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 11:08:31 +0100 Subject: [PATCH 1/7] Pin actions to specific commits --- .github/workflows/ci.yaml | 10 +++++----- .github/workflows/release-entry.yaml | 9 ++++----- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ed09a36..76fe1eb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,9 +13,9 @@ jobs: name: CI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v16 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 + - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 + - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # https://github.com/cachix/cachix-action/releases/tag/v16 with: name: devenv @@ -38,8 +38,8 @@ jobs: name: "JDK ${{ matrix.jdk_version }}" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: actions/setup-java@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # https://github.com/actions/setup-java/releases/tag/v5.2.0 with: distribution: "temurin" java-version: ${{ matrix.jdk_version }} diff --git a/.github/workflows/release-entry.yaml b/.github/workflows/release-entry.yaml index f8282de..ddb8361 100644 --- a/.github/workflows/release-entry.yaml +++ b/.github/workflows/release-entry.yaml @@ -16,7 +16,7 @@ jobs: # Needed by softprops/action-gh-release to create the GitHub Release entry: contents: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 with: persist-credentials: false clean: true @@ -25,9 +25,8 @@ jobs: fetch-depth: 0 fetch-tags: true - - uses: cachix/install-nix-action@v31 - - - uses: cachix/cachix-action@v16 + - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 + - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # https://github.com/cachix/cachix-action/releases/tag/v16 with: name: devenv @@ -47,7 +46,7 @@ jobs: cat changes.md >> "$GITHUB_STEP_SUMMARY" - name: Create GitHub Release entry - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # https://github.com/softprops/action-gh-release/releases/tag/v2.5.0 if: github.ref_type == 'tag' with: # Populate the release entry body with the notes we generated From 4d6e19ac208ef8c25806955398874d7bb364948d Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 11:10:40 +0100 Subject: [PATCH 2/7] Add JDK25 to CI matrix --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 76fe1eb..d479bad 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,7 +33,7 @@ jobs: needs: ci-using-devenv strategy: matrix: - jdk_version: [ 17, 21 ] + jdk_version: [ 17, 21, 25 ] name: "JDK ${{ matrix.jdk_version }}" runs-on: ubuntu-latest From 38d882b2f32cd7dba377ece0231ddf91ddb429cd Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 11:21:53 +0100 Subject: [PATCH 3/7] Ignore additional patterns of pre-release dependency versions --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7b38599..03f6f3a 100644 --- a/pom.xml +++ b/pom.xml @@ -279,7 +279,7 @@ 2.21.0 - .*-M.*,.*-alpha.* + .*-M.*,.*-alpha.*,.*-rc.*,.*-b.* From 9ed24711163229398fd922d870bc6b20ca16c951 Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 11:51:34 +0100 Subject: [PATCH 4/7] Use latest stable Nix channel in CI --- .github/workflows/ci.yaml | 3 +++ .github/workflows/release-entry.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d479bad..4bd229d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -15,6 +15,9 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 + with: + nix_path: nixpkgs=channel:nixos-25.11 + - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # https://github.com/cachix/cachix-action/releases/tag/v16 with: name: devenv diff --git a/.github/workflows/release-entry.yaml b/.github/workflows/release-entry.yaml index ddb8361..bd8a5ee 100644 --- a/.github/workflows/release-entry.yaml +++ b/.github/workflows/release-entry.yaml @@ -26,6 +26,9 @@ jobs: fetch-tags: true - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 + with: + nix_path: nixpkgs=channel:nixos-25.11 + - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # https://github.com/cachix/cachix-action/releases/tag/v16 with: name: devenv From ce4111cd2b4cbb5412331af0e86865d18c3797d9 Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 12:22:14 +0100 Subject: [PATCH 5/7] Use Nix channel 25.11 in DevEnv, pin inputs to specifc commits --- devenv.lock | 36 +++++++++++++++++++----------------- devenv.yaml | 6 ++++-- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/devenv.lock b/devenv.lock index 6379d7c..6102c17 100644 --- a/devenv.lock +++ b/devenv.lock @@ -3,15 +3,16 @@ "devenv": { "locked": { "dir": "src/modules", - "lastModified": 1763136231, + "lastModified": 1764115230, "owner": "cachix", "repo": "devenv", - "rev": "4b8c2bbdb4e01ef8c4093ee1224fe21ed5ea1a5e", + "rev": "51440964cd26a47e90064f9d59aa230a5cefc88b", "type": "github" }, "original": { "dir": "src/modules", "owner": "cachix", + "ref": "51440964cd26a47e90064f9d59aa230a5cefc88b", "repo": "devenv", "type": "github" } @@ -19,14 +20,14 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "owner": "edolstra", + "lastModified": 1767039857, + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -38,14 +39,15 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1763032142, + "lastModified": 1772665116, "owner": "cachix", "repo": "git-hooks.nix", - "rev": "84255025dee4c8701a99fbff65ac3c9095952f99", + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", "type": "github" }, "original": { "owner": "cachix", + "ref": "39f53203a8458c330f61cc0759fe243f0ac0d198", "repo": "git-hooks.nix", "type": "github" } @@ -72,10 +74,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763191728, + "lastModified": 1772736753, "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c", + "rev": "917fec990948658ef1ccd07cef2a1ef060786846", "type": "github" }, "original": { @@ -87,16 +89,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761313199, - "owner": "cachix", - "repo": "devenv-nixpkgs", - "rev": "d1c30452ebecfc55185ae6d1c983c09da0c274ff", + "lastModified": 1772822230, + "owner": "nixos", + "repo": "nixpkgs", + "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", "type": "github" }, "original": { - "owner": "cachix", - "ref": "rolling", - "repo": "devenv-nixpkgs", + "owner": "nixos", + "ref": "71caefce12ba78d84fe618cf61644dce01cf3a96", + "repo": "nixpkgs", "type": "github" } }, diff --git a/devenv.yaml b/devenv.yaml index b0fa886..d2bcbe6 100644 --- a/devenv.yaml +++ b/devenv.yaml @@ -1,9 +1,11 @@ # yaml-language-server: $schema=https://devenv.sh/devenv.schema.json --- inputs: + devenv: + url: github:cachix/devenv?dir=src/modules&ref=51440964cd26a47e90064f9d59aa230a5cefc88b # v1.11.1 as of 2026-03-07 nixpkgs: - url: github:cachix/devenv-nixpkgs/rolling + url: github:nixos/nixpkgs?ref=71caefce12ba78d84fe618cf61644dce01cf3a96 # latest commit on nixos-25.11 branch as of 2026-03-07 git-hooks: - url: github:cachix/git-hooks.nix + url: github:cachix/git-hooks.nix?ref=39f53203a8458c330f61cc0759fe243f0ac0d198 # latest commit on main branch as of 2026-03-07 # eof From 027bfe0a8236127bfcc4e340f06314117c480e90 Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 13:08:06 +0100 Subject: [PATCH 6/7] Stick with DevEnv 1.11.1 for now, until new 2.x bugfixes are available --- .github/workflows/ci.yaml | 15 +++++++++------ .github/workflows/release-entry.yaml | 9 +++++---- devenv.nix | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4bd229d..96930ff 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -18,19 +18,22 @@ jobs: with: nix_path: nixpkgs=channel:nixos-25.11 - - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # https://github.com/cachix/cachix-action/releases/tag/v16 - with: - name: devenv + - name: Print nixpkgs version + run: | + nix-instantiate --eval -E '(import {}).lib.version' - name: Install devenv.sh - run: nix profile install nixpkgs#devenv + run: | + nix profile add github:cachix/devenv/v1.11.1 --accept-flake-config --option extra-substituters "https://devenv.cachix.org?trusted=true&priority=3" - name: Run devenv test - run: devenv test + run: | + devenv test - name: Build, run tests, run static analysis shell: devenv shell bash -- -e {0} - run: mvn clean verify + run: | + task build check-supported-jdks: needs: ci-using-devenv diff --git a/.github/workflows/release-entry.yaml b/.github/workflows/release-entry.yaml index bd8a5ee..f16eeb6 100644 --- a/.github/workflows/release-entry.yaml +++ b/.github/workflows/release-entry.yaml @@ -29,12 +29,13 @@ jobs: with: nix_path: nixpkgs=channel:nixos-25.11 - - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # https://github.com/cachix/cachix-action/releases/tag/v16 - with: - name: devenv + - name: Print nixpkgs version + run: | + nix-instantiate --eval -E '(import {}).lib.version' - name: Install devenv.sh - run: nix profile install nixpkgs#devenv + run: | + nix profile add github:cachix/devenv/v1.11.1 --accept-flake-config --option extra-substituters "https://devenv.cachix.org?trusted=true&priority=3" - name: Generate change list shell: devenv shell bash -- -e {0} diff --git a/devenv.nix b/devenv.nix index 6e86fd9..bda60b6 100644 --- a/devenv.nix +++ b/devenv.nix @@ -56,7 +56,7 @@ extends: relaxed rules: line-length: - max: 150 + max: 180 ''; }; }; From 5b61ea68528b9a310111dd2c4d72affd804438c5 Mon Sep 17 00:00:00 2001 From: Tomasz Guzik Date: Sat, 7 Mar 2026 13:28:56 +0100 Subject: [PATCH 7/7] Sync action options and add missing step names --- .github/workflows/ci.yaml | 22 +++++++++++++++++----- .github/workflows/release-entry.yaml | 6 ++++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 96930ff..9033a79 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,8 +13,14 @@ jobs: name: CI runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 - - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 + with: + persist-credentials: false + clean: true + + - name: Install Nix + uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 with: nix_path: nixpkgs=channel:nixos-25.11 @@ -33,7 +39,7 @@ jobs: - name: Build, run tests, run static analysis shell: devenv shell bash -- -e {0} run: | - task build + mvn clean verify check-supported-jdks: needs: ci-using-devenv @@ -44,8 +50,14 @@ jobs: name: "JDK ${{ matrix.jdk_version }}" runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # https://github.com/actions/setup-java/releases/tag/v5.2.0 + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 + with: + persist-credentials: false + clean: true + + - name: "Set up JDK ${{ matrix.jdk_version }}" + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # https://github.com/actions/setup-java/releases/tag/v5.2.0 with: distribution: "temurin" java-version: ${{ matrix.jdk_version }} diff --git a/.github/workflows/release-entry.yaml b/.github/workflows/release-entry.yaml index f16eeb6..b0fb255 100644 --- a/.github/workflows/release-entry.yaml +++ b/.github/workflows/release-entry.yaml @@ -16,7 +16,8 @@ jobs: # Needed by softprops/action-gh-release to create the GitHub Release entry: contents: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # https://github.com/actions/checkout/releases/tag/v6.0.2 with: persist-credentials: false clean: true @@ -25,7 +26,8 @@ jobs: fetch-depth: 0 fetch-tags: true - - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 + - name: Install Nix + uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # https://github.com/cachix/install-nix-action/releases/tag/v31.9.1 with: nix_path: nixpkgs=channel:nixos-25.11