moar moar 8

Author: wolpert

.github/dependabot.yml

@@ -0,0 +1,21 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gradle" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily" # Check for updates every day
+    groups:
+      # Specify a name for the group, which will be used in pull request titles
+      # and branch names
+      dev-dependencies:
+        # Define patterns to include dependencies in the group (based on
+        # dependency name)
+        applies-to: version-updates # Applies the group rule to version updates
+        patterns:
+          - "*"       # Yolo!
+

.github/workflows/auto-dependabot.yml

@@ -0,0 +1,27 @@
+name: Approve Dependabot Pushes
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --squash --delete-branch "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/auto-wolpert.yml

@@ -0,0 +1,22 @@
+name: Approve Wolpert Pushes
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  wolpert:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'wolpert'
+    steps:
+      - name: Enable auto-merge
+        run: gh pr merge --auto --squash --delete-branch "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: auto-approve
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/gradle.yml

@@ -0,0 +1,67 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+
+name: Java CI with Gradle
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      # Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies.
+      # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+
+      - name: Build with Gradle Wrapper
+        run: ./gradlew build test
+
+    # NOTE: The Gradle Wrapper is the default and recommended way to run Gradle (https://docs.gradle.org/current/userguide/gradle_wrapper.html).
+    # If your project does not have the Gradle Wrapper configured, you can use the following configuration to run Gradle with a specified version.
+    #
+    # - name: Setup Gradle
+    #   uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+    #   with:
+    #     gradle-version: '8.5'
+    #
+    # - name: Build with Gradle 8.5
+    #   run: gradle build
+
+  dependency-submission:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+      # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
+      - name: Generate and submit dependency graph
+        uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0

.github/workflows/manual-release.yml

@@ -0,0 +1,189 @@
+name: Manual Build Release to Maven Central
+
+on:
+  workflow_dispatch:
+
+jobs:
+  auto-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Need full history for git tags
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get latest tag and increment version
+        id: version
+        run: |
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Get the latest tag matching semantic versioning
+          LATEST_TAG=$(git tag -l "v[0-9]*.[0-9]*.[0-9]*" --sort=-v:refname | head -n 1)
+
+          if [ -z "$LATEST_TAG" ]; then
+            echo "No existing tags found, starting with v0.0.1"
+            NEW_VERSION="0.0.1"
+            NEW_TAG="v0.0.1"
+          else
+            echo "Latest tag: $LATEST_TAG"
+
+            # Extract version without 'v' prefix
+            VERSION=${LATEST_TAG#v}
+
+            # Split version into major.minor.patch
+            IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION"
+
+            # Strip any pre-release suffix from patch before incrementing (e.g., "0-alpha" -> "0")
+            PATCH=${PATCH%%-*}
+
+            # Increment patch version
+            PATCH=$((PATCH + 1))
+
+            NEW_VERSION="$MAJOR.$MINOR.$PATCH"
+            NEW_TAG="v$NEW_VERSION"
+          fi
+
+          echo "New version: $NEW_VERSION"
+          echo "New tag: $NEW_TAG"
+
+          # Export to GitHub env
+          echo "VERSION=$NEW_VERSION" >> $GITHUB_ENV
+          echo "TAG=$NEW_TAG" >> $GITHUB_ENV
+
+          # Create and push the tag
+          git tag -a "$NEW_TAG" -m "Auto-release $NEW_VERSION"
+          git push origin "$NEW_TAG"
+
+          echo "Created and pushed tag: $NEW_TAG"
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+          cache: 'gradle'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Verify version matches tag
+        run: |
+          GRADLE_VERSION=$(./gradlew properties -q | grep "^version:" | awk '{print $2}')
+          echo "Gradle version: $GRADLE_VERSION"
+          echo "Expected version: $VERSION"
+          if [ "$GRADLE_VERSION" != "$VERSION" ]; then
+            echo "ERROR: Gradle version ($GRADLE_VERSION) does not match tag version ($VERSION)"
+            exit 1
+          fi
+
+      - name: Build and test
+        run: ./gradlew clean build test
+
+      - name: Import GPG key
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          echo "$GPG_PRIVATE_KEY" | base64 -d | gpg --batch --import
+          # Test signing capability
+          echo "test" | gpg --clearsign --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" > /dev/null
+          echo "GPG key imported and tested successfully"
+
+      - name: Configure GPG for signing
+        run: |
+          # Configure gpg for non-interactive signing
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+          gpg-connect-agent reloadagent /bye
+
+      - name: Publish to Maven Central
+        env:
+          CENTRAL_PORTAL_USERNAME: ${{ secrets.CENTRAL_PORTAL_USERNAME }}
+          CENTRAL_PORTAL_PASSWORD: ${{ secrets.CENTRAL_PORTAL_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
+        run: |
+          # Export GPG_TTY for passphrase
+          export GPG_TTY=$(tty)
+
+          # Create gradle.properties with GPG credentials
+          cat > ~/.gradle/gradle.properties << EOF
+          signing.gnupg.keyName=$GPG_KEY_ID
+          signing.gnupg.passphrase=$GPG_PASSPHRASE
+          EOF
+
+          chmod 600 ~/.gradle/gradle.properties
+
+          # Publish to Maven Central via Central Portal
+          ./gradlew publishAggregationToCentralPortal \
+            --no-daemon \
+            --stacktrace
+
+      - name: Build distribution archives
+        run: |
+          ./gradlew :hofmann-rfc:jar :hofmann-rfc:javadocJar :hofmann-rfc:sourcesJar
+          ./gradlew :hofmann-server:jar :hofmann-server:javadocJar :hofmann-server:sourcesJar
+          ./gradlew :hofmann-client:jar :hofmann-client:javadocJar :hofmann-client:sourcesJar
+          ./gradlew :hofmann-dropwizard:jar :hofmann-dropwizard:javadocJar :hofmann-dropwizard:sourcesJar
+          ./gradlew :hofmann-springboot:jar :hofmann-springboot:javadocJar :hofmann-springboot:sourcesJar
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ env.TAG }}
+          name: Release ${{ env.VERSION }}
+          body: |
+            ## Hofmann Elimination ${{ env.VERSION }}
+
+            **Auto-released** on merge to main.
+
+            ### Maven Central
+
+            Sample dependency for Maven:
+
+            ```xml
+            <dependency>
+              <groupId>com.codeheadsystems</groupId>
+              <artifactId>hofmann-rfc</artifactId>
+              <version>${{ env.VERSION }}</version>
+            </dependency>
+            ```
+
+            ```gradle
+            implementation("com.codeheadsystems:hofmann-rfc:${{ env.VERSION }}")
+            ```
+
+            ### Modules Published
+            - `com.codeheadsystems:hofmann-rfc:${{ env.VERSION }}`
+            - `com.codeheadsystems:hofmann-server:${{ env.VERSION }}`
+            - `com.codeheadsystems:hofmann-client:${{ env.VERSION }}`
+            - `com.codeheadsystems:hofmann-dropwizard:${{ env.VERSION }}`
+            - `com.codeheadsystems:hofmann-springboot:${{ env.VERSION }}`
+
+            ### What's Changed
+            See commits since last release for details.
+
+            **Note:** Artifacts may take up to 2 hours to appear in Maven Central after release.
+          files: |
+            hofmann-rfc/build/libs/*.jar
+            hofmann-server/build/libs/*.jar
+            hofmann-client/build/libs/*.jar
+            hofmann-dropwizard/build/libs/*.jar
+            hofmann-springboot/build/libs/*.jar
+          draft: false
+          prerelease: false
+          generate_release_notes: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Notify on failure
+        if: failure()
+        run: |
+          echo "::error::Auto-release failed! Check logs for details."