name: Build and verify on: pull_request: push: branches: [ master ] permissions: contents: read jobs: build: strategy: matrix: os: [ ubuntu-24.04 ] jdk: [ 17.0.13, 21.0.5, 23.0.1 ] distribution: [ temurin ] experimental: [ false ] include: - os: macos-15 jdk: 17.0.13 distribution: temurin experimental: false - os: windows-2025 jdk: 17.0.13 distribution: temurin experimental: false runs-on: ${{ matrix.os }} continue-on-error: ${{ matrix.experimental }} steps: - name: Install Harden-Runner uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-sudo: true egress-policy: block allowed-endpoints: > api.adoptium.net:443 github.com:443 github-registry-files.githubusercontent.com:443 jitpack.io:443 maven.pkg.github.com:443 objects.githubusercontent.com:443 repo.maven.apache.org:443 # We run the build twice for each supported JDK: once against the # original Error Prone release, using only Error Prone checks available # on Maven Central, and once against the Picnic Error Prone fork, # additionally enabling all checks defined in this project and any Error # Prone checks available only from other artifact repositories. - name: Check out code and set up JDK and Maven uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0 with: java-version: ${{ matrix.jdk }} java-distribution: ${{ matrix.distribution }} maven-version: 3.9.9 - name: Display build environment details run: mvn --version - name: Build project against vanilla Error Prone, compile Javadoc run: mvn -T1C install javadoc:jar - name: Build project with self-check against Error Prone fork run: mvn -T1C clean verify -Perror-prone-fork -Pnon-maven-central -Pself-check -s settings.xml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Remove installed project artifacts run: mvn dependency:purge-local-repository -DmanualInclude='${project.groupId}' -DresolutionFuzziness=groupId # XXX: Enable Codecov once we "go public".