build: run CI on JDK 11; lock API surface to Java 8; bump to 8.2.2#168
Merged
Merged
Conversation
The spotbugs-maven-plugin 4.9.8.3 enforced by Build-Steps requires JDK 11 to execute, which caused the v8.2.1 release pipeline to fail before publish. Switch the Maven build task to JDK 11 so spotbugs runs, while keeping the emitted bytecode targeted at Java 8 for customer compatibility. - pipeline-templates/build-steps.yml: jdkVersionOption 1.8 -> 1.11 - pom.xml (maven-compiler-plugin): add <release>8</release> alongside the existing <source>/<target>1.8 so the compiler also restricts the API surface to the Java 8 stdlib (prevents accidental use of 9+ methods that would NoSuchMethodError at runtime on customer JDK 8). - pom.xml: bump <revision> 8.2.1-SNAPSHOT -> 8.2.2-SNAPSHOT - pipeline-templates/global-variables.yml: semanticVersion 8.2.1 -> 8.2.2 Verified locally: 'mvn -DskipTests -Drevision=8.2.2 verify' on JDK 11 produces safeguardjava-8.2.2.jar; javap reports class major version 52 (Java 8). No source changes; v8.2.1 security content ships unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The v8.2.1 release pipeline (build 366149) failed before publish because
spotbugs-maven-plugin:4.9.8.3requires JDK 11 to execute, but the Maven build task was pinned tojdkVersionOption: '1.8'. As a result the v8.2.1 security content was tagged but never landed on Maven Central.Changes
pipeline-templates/build-steps.ymljdkVersionOption: '1.8'→'1.11'(lets spotbugs run).pom.xmladd<release>8</release>tomaven-compiler-pluginalongside the existing<source>/<target>1.8. This explicitly restricts the API surface to the Java 8 stdlib, which prevents accidental use of Java 9+ methods (e.g.String.strip(),List.of()) that would compile fine on JDK 11 butNoSuchMethodErrorat runtime on customer JDK 8 deployments.pom.xml<revision>8.2.1-SNAPSHOT→8.2.2-SNAPSHOTpipeline-templates/global-variables.ymlsemanticVersion8.2.1→8.2.2No source changes. The v8.2.1 security content (TLS 1.2 floor in RestClient + EventListener) ships unchanged under the 8.2.2 label.
Verification
Locally on JDK 11:
mvn -DskipTests -Drevision=8.2.2 verifyProduces
target/safeguardjava-8.2.2.jar.javap -von a compiled class reportsmajor version: 52(Java 8 bytecode), confirming customer compatibility is preserved.Release note
After merge, push tag
v8.2.2to trigger Maven Central publish. The orphanv8.2.1tag will remain in history pointing at the failed-publish commit; no harm leaving it.