This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch maintenance-branch
in repository https://gitbox.apache.org/repos/asf/causeway.git
The following commit(s) were added to refs/heads/maintenance-branch by this
push:
new f1ee1378ba1 CAUSEWAY-3952: [v2] attempts starter-parent fix (pom)
f1ee1378ba1 is described below
commit f1ee1378ba14e6ff41d81b1b8414cb2f052ea4ba
Author: andi-huber <[email protected]>
AuthorDate: Fri Jan 16 13:05:32 2026 +0100
CAUSEWAY-3952: [v2] attempts starter-parent fix (pom)
---
README.adoc | 31 +++++++++++++++
starters/pom.xml | 118 ++++---------------------------------------------------
2 files changed, 38 insertions(+), 111 deletions(-)
diff --git a/README.adoc b/README.adoc
index 2c965893c51..829e4757e6d 100644
--- a/README.adoc
+++ b/README.adoc
@@ -6,6 +6,12 @@ Version `2.1.0` was the very last _2.x_ release.
For _Apache Causeway_ documentation see: https://causeway.apache.org/
+[WARNING]
+====
+This branch has vulnerabilities, see
+https://www.cve.org/CVERecord?id=CVE-2025-64408[CVE-2025-64408]
+====
+
== Build your own (Version `2.x`)
Here are the recommended build instructions:
@@ -39,3 +45,28 @@ jshell scripts/ci/rename-all-published-sources.jsh
This will rename artifacts and packages from `causeway` to `isis`.
+== CI Build using Gitlab
+
+One can setup a gitlab repository just for the purpose of
+building and deploying _Causeway_ artifacts.
+
+A minimal build script could look like:
+
+[source,yaml]
+..gitlab-ci.yml
+----
+image: maven:3.9.12-eclipse-temurin-25
+
+include:
+ - local: ci/causeway-v2.yml
+ - local: ci/isis-v2.yml
+
+stages:
+ - checkout-patch-deploy
+----
+
+where the actual jobs are declared in their own files in the `ci` directory:
+
+TODO flesh out `ci/causeway-v2.yml`
+
+TODO flesh out `ci/isis-v2.yml`
\ No newline at end of file
diff --git a/starters/pom.xml b/starters/pom.xml
index 70b61e11e4f..626aa6a2763 100644
--- a/starters/pom.xml
+++ b/starters/pom.xml
@@ -49,6 +49,13 @@
-Drevision=2.7.8 -->
<maven.compiler.release>11</maven.compiler.release>
+
<maven-compiler-plugin.version>3.14.1</maven-compiler-plugin.version>
+ <maven-release-plugin.version>3.3.1</maven-release-plugin.version>
+ <maven-source-plugin.version>3.4.0</maven-source-plugin.version>
+ <maven-surefire-plugin.version>3.5.4</maven-surefire-plugin.version>
+
<maven-surefire-report-plugin.version>3.5.4</maven-surefire-report-plugin.version>
+ <!-- for surefire, failsafe and surefire-report -->
+ <maven.plugin.tools.version>3.15.2</maven.plugin.tools.version>
<spring-boot.version>2.7.18</spring-boot.version>
<approvaltests.version>24.2.0</approvaltests.version>
@@ -362,116 +369,5 @@
</build>
</profile>
- <profile>
- <id>apache-release</id>
- <activation>
- <property>
- <name>apache-release</name>
- </property>
- </activation>
- <properties>
- <skipTests>true</skipTests>
-
<altDeploymentRepository>apache.releases.https::default::https://repository.apache.org/service/local/staging/deploy/maven2</altDeploymentRepository>
- </properties>
- <build>
- <plugins>
- <!-- We want to sign the artifact, the
POM, and all attached artifacts -->
- <plugin>
-
<groupId>org.apache.maven.plugins</groupId>
-
<artifactId>maven-gpg-plugin</artifactId>
- <version>3.2.4</version>
- <executions>
- <execution>
-
<id>sign-release-artifacts</id>
- <goals>
-
<goal>sign</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <gpgArguments>
-
<arg>--digest-algo=SHA512</arg>
- </gpgArguments>
- </configuration>
- </plugin>
- <plugin>
-
<groupId>net.nicoulaj.maven.plugins</groupId>
-
<artifactId>checksum-maven-plugin</artifactId>
- <version>1.11</version>
- <executions>
- <execution>
-
<id>source-release-checksum</id>
- <goals>
-
<goal>files</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <algorithms>
-
<algorithm>SHA-512</algorithm>
- </algorithms>
-
<csvSummary>false</csvSummary>
- <fileSets>
- <fileSet>
-
<directory>${project.build.directory}</directory>
-
<includes>
-
<include>${project.artifactId}-${project.version}-source-release.zip</include>
-
<include>${project.artifactId}-${project.version}-source-release.tar*</include>
-
</includes>
- </fileSet>
- </fileSets>
-
<failIfNoFiles>false</failIfNoFiles><!-- usually, no file to do checksum:
- don't consider
error -->
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
-
- <profile>
- <id>github</id>
- <activation>
- <property>
- <name>github</name>
- </property>
- </activation>
- <distributionManagement>
- <repository>
- <id>github</id>
- <name>Github Releases</name>
-
<url>https://maven.pkg.github.com/apache/causeway</url>
- </repository>
- </distributionManagement>
- </profile>
-
- <profile>
- <id>nightly-localfs-repo</id>
- <activation>
- <property>
- <name>nightly-localfs-repo</name>
- </property>
- </activation>
- <distributionManagement>
- <repository>
- <id>nightly-localfs-repo</id>
- <name>Temporary Local Filesystem Staging
Repository</name>
- <url>file://${MVN_SNAPSHOTS_PATH}</url>
- </repository>
- </distributionManagement>
- <build>
- <plugins>
- <plugin>
-
<artifactId>maven-deploy-plugin</artifactId>
- <version>3.1.2</version>
- <configuration>
- <altDeploymentRepository>
-
nightly-localfs-repo::file://${MVN_SNAPSHOTS_PATH}
- </altDeploymentRepository>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
-
</profiles>
</project>
