Prepare for Release

.github/codeql/codeql-config.yml

@@ -11,7 +11,6 @@ paths:
   - pnnl.goss.core/src
   - pnnl.goss.core.runner/src
   - pnnl.goss.core.testutil/src
-  - pnnl.goss.core.itests/src
 
 # Paths to ignore
 paths-ignore:
@@ -22,14 +21,3 @@ paths-ignore:
   - "**/cache/**"
   - "**/releaserepo/**"
   - "**/test/**/*.java" # Focus on main source code
-
-# Disable queries that may produce too many false positives
-disable-default-queries: false
-
-# Additional packs for enhanced security analysis
-packs:
-  - codeql/java-queries:AlertSuppression.ql
-  - codeql/java-queries:Security/CWE
-  - codeql/java-queries:Security/CWE/CWE-078.ql  # OS Command Injection
-  - codeql/java-queries:Security/CWE/CWE-089.ql  # SQL Injection
-  - codeql/java-queries:Security/CWE/CWE-798.ql  # Hard-coded credentials

.github/workflows/ci.yml

@@ -21,26 +21,26 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        java-version: [21, 22]
+        java-version: [21]
         include:
           - java-version: 21
             primary: true
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
       with:
         fetch-depth: 0  # Full history for better analysis
 
     - name: Set up JDK ${{ matrix.java-version }}
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: ${{ matrix.java-version }}
         distribution: 'temurin'
         cache: gradle
 
     - name: Cache Gradle dependencies
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: |
           ~/.gradle/caches
@@ -54,64 +54,59 @@ jobs:
       run: chmod +x gradlew
 
     - name: Validate Gradle Wrapper
-      uses: gradle/wrapper-validation-action@v2
+      uses: gradle/actions/wrapper-validation@v5
 
     - name: Run unit tests
       run: ./gradlew test --continue --no-daemon
       env:
         GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
-
-    - name: Run integration tests (non-OSGi)
-      run: ./gradlew check -x :pnnl.goss.core.itests:testOSGi --continue --no-daemon
-      env:
-        GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
-
+
     - name: Build project
-      run: ./gradlew build -x :pnnl.goss.core.itests:testOSGi --no-daemon
+      run: ./gradlew assemble --no-daemon
       env:
         GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
 
     - name: Generate test report
-      uses: dorny/test-reporter@v1
+      uses: dorny/test-reporter@v2
       if: success() || failure()
       with:
         name: Test Results (JDK ${{ matrix.java-version }})
-        path: '**/generated/test-results/test/TEST-*.xml'
+        path: '**/generated/test-reports/test/TEST-*.xml'
         reporter: java-junit
         fail-on-error: false
 
     - name: Upload test results
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: test-results-jdk${{ matrix.java-version }}
         path: |
-          **/generated/test-results/
+          **/generated/test-reports/
           **/generated/reports/
         retention-days: 30
 
     - name: Upload build artifacts (primary JDK only)
       if: matrix.primary && (success() || failure())
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: build-artifacts
         path: |
           **/generated/*.jar
           cnf/releaserepo/**/*.jar
         retention-days: 90
 
-  osgi-integration-tests:
-    name: OSGi Integration Tests
+  integration-tests:
+    name: Integration Tests
     runs-on: ubuntu-latest
     needs: test
-    if: github.event_name != 'schedule' # Skip on scheduled runs
+    if: github.event_name != 'schedule'
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up JDK 21
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: 21
         distribution: 'temurin'
@@ -120,20 +115,64 @@ jobs:
     - name: Make gradlew executable
       run: chmod +x gradlew
 
-    - name: Run OSGi integration tests
-      run: ./gradlew :pnnl.goss.core.itests:testOSGi --no-daemon || true
+    - name: Build SimpleRunner JAR
+      run: ./gradlew :pnnl.goss.core.runner:createSimpleRunner --no-daemon
       env:
         GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
 
-    - name: Upload OSGi test results
+    - name: Install pixi
+      uses: prefix-dev/setup-pixi@v0.9.4
+      with:
+        pixi-version: latest
+        manifest-path: pnnl.goss.core.itests/pixi.toml
+
+    - name: Start GOSS SimpleRunner
+      run: |
+        rm -rf data/goss-broker
+        nohup java -jar pnnl.goss.core.runner/generated/executable/goss-simple-runner.jar > goss.log 2>&1 &
+        echo $! > goss.pid
+        echo "Waiting for STOMP port 61618..."
+        elapsed=0
+        while ! ss -tln | grep -q ":61618 " && [ $elapsed -lt 30 ]; do
+          sleep 1
+          elapsed=$((elapsed + 1))
+          printf "."
+        done
+        echo ""
+        if ! ss -tln | grep -q ":61618 "; then
+          echo "ERROR: GOSS did not start within 30s"
+          tail -20 goss.log
+          exit 1
+        fi
+        echo "GOSS is ready (PID $(cat goss.pid))"
+
+    - name: Run Java external server tests
+      run: ./gradlew :pnnl.goss.core.itests:testExternal --no-daemon
+      env:
+        GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
+
+    - name: Run STOMP token auth tests
+      working-directory: pnnl.goss.core.itests
+      run: pixi run test-stomp-token
+
+    - name: Run STOMP + WebSocket token auth tests
+      working-directory: pnnl.goss.core.itests
+      run: pixi run test-token-auth
+
+    - name: Stop GOSS
       if: always()
-      uses: actions/upload-artifact@v4
+      run: |
+        if [ -f goss.pid ]; then
+          kill $(cat goss.pid) 2>/dev/null || true
+          rm -f goss.pid
+        fi
+
+    - name: Upload GOSS logs
+      if: always()
+      uses: actions/upload-artifact@v6
       with:
-        name: osgi-test-results
-        path: |
-          pnnl.goss.core.itests/generated/test-results/
-          pnnl.goss.core.itests/generated/reports/
-          pnnl.goss.core.itests/**/*.log
+        name: integration-test-logs
+        path: goss.log
         retention-days: 30
 
   build-runners:
@@ -144,10 +183,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up JDK 21
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: 21
         distribution: 'temurin'
@@ -162,22 +201,19 @@ jobs:
         GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
 
     - name: Build OSGi runners using BndRunnerPlugin
-      run: |
-        ./gradlew buildRunner.goss-core --no-daemon
-        ./gradlew buildRunner.goss-core-ssl --no-daemon
+      run: ./gradlew buildRunner.goss-core --no-daemon
       env:
         GRADLE_OPTS: -Xmx2g -Dorg.gradle.daemon=false
 
     - name: Verify runner JARs created
       run: |
         ls -lh pnnl.goss.core.runner/generated/runners/
         test -f pnnl.goss.core.runner/generated/runners/goss-core-runner.jar
-        test -f pnnl.goss.core.runner/generated/runners/goss-core-ssl-runner.jar
-        echo "✅ All runner JARs built successfully"
+        echo "All runner JARs built successfully"
 
     - name: Upload runner artifacts
       if: success()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: osgi-runners
         path: pnnl.goss.core.runner/generated/runners/*.jar
@@ -186,17 +222,19 @@ jobs:
   build-status:
     name: Build Status
     runs-on: ubuntu-latest
-    needs: [test, osgi-integration-tests, build-runners]
+    needs: [test, integration-tests, build-runners]
     if: always()
 
     steps:
     - name: Check build status
       run: |
         echo "Test job status: ${{ needs.test.result }}"
-        echo "OSGi job status: ${{ needs.osgi-integration-tests.result }}"
+        echo "Integration tests job status: ${{ needs.integration-tests.result }}"
         echo "Build runners job status: ${{ needs.build-runners.result }}"
 
-        if [[ "${{ needs.test.result }}" == "success" ]] && [[ "${{ needs.build-runners.result }}" == "success" ]]; then
+        if [[ "${{ needs.test.result }}" == "success" ]] && \
+           [[ "${{ needs.integration-tests.result }}" == "success" ]] && \
+           [[ "${{ needs.build-runners.result }}" == "success" ]]; then
           echo "✅ Core build, tests, and runners passed!"
           exit 0
         else

.github/workflows/code-quality.yml

@@ -17,10 +17,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up JDK 21
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: 21
         distribution: 'temurin'
@@ -36,7 +36,7 @@ jobs:
 
     - name: Upload Checkstyle results
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: checkstyle-results
         path: |
@@ -49,10 +49,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up JDK 21
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: 21
         distribution: 'temurin'
@@ -78,10 +78,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up JDK 21
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: 21
         distribution: 'temurin'
@@ -97,7 +97,7 @@ jobs:
 
     - name: Upload PMD results
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: pmd-results
         path: |
@@ -110,10 +110,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up JDK 21
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: 21
         distribution: 'temurin'
@@ -129,7 +129,7 @@ jobs:
 
     - name: Upload dependency check results
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: dependency-check-results
         path: |