merge master into pr

Author: GitToTheHub

.asf-release/.gitkeep

@@ -0,0 +1,22 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# ---
+# This directory is used as apart of the release process.
+# Package tarballs will be generated in stored temporarily
+# within this directory and should not be commited to repo.
+# ---

.asf.yaml

@@ -5,9 +5,9 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

.gitattributes

@@ -1,3 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
 * text eol=lf
 
 # source code

.github/workflows/android.yml

@@ -6,12 +6,12 @@
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
-# http://www.apache.org/licenses/LICENSE-2.0
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#  KIND, either express or implied.  See the License for the
+# KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 
@@ -30,6 +30,9 @@ on:
       - 'LICENSE'
       - '.eslint*'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Android ${{ matrix.versions.android }} Test
@@ -41,7 +44,7 @@ jobs:
       # Storing a copy of the repo
       repo: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
 
-      node-version: 20
+      node-version: 24
 
       # These are the default Java configurations used by most tests.
       # To customize these options, add "java-distro" or "java-version" to the strategy matrix with its overriding value.
@@ -57,28 +60,6 @@ jobs:
     strategy:
       matrix:
         versions:
-          - android: 7
-            android-api: 24
-
-          - android: 7.1
-            android-api: 25
-
-          - android: 8
-            android-api: 26
-
-          - android: 8.1
-            android-api: 27
-            system-image-arch: x86
-
-          - android: 9
-            android-api: 28
-
-          - android: 10
-            android-api: 29
-
-          - android: 11
-            android-api: 30
-
           - android: 12
             android-api: 31
 
@@ -91,14 +72,20 @@ jobs:
           - android: 14
             android-api: 34
 
+          - android: 15
+            android-api: 35
+
+          - android: 16
+            android-api: 36
+
     timeout-minutes: 60
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version: ${{ env.node-version }}
-      - uses: actions/setup-java@v4
+      - uses: actions/setup-java@v5
         env:
           java-version: ${{ matrix.versions.java-version == '' && env.default_java-version || matrix.versions.java-version }}
           java-distro: ${{ matrix.versions.java-distro == '' && env.default_java-distro || matrix.versions.java-distro }}
@@ -129,7 +116,7 @@ jobs:
         if: ${{ endswith(env.repo, '/cordova-paramedic') != true }}
         run: npm i -g github:apache/cordova-paramedic
 
-      - uses: reactivecircus/android-emulator-runner@v2
+      - uses: reactivecircus/android-emulator-runner@b530d96654c385303d652368551fb075bc2f0b6b
         env:
           system-image-arch: ${{ matrix.versions.system-image-arch == '' && env.default_system-image-arch || matrix.versions.system-image-arch }}
           system-image-target: ${{ matrix.versions.system-image-target == '' && env.default_system-image-target || matrix.versions.system-image-target }}
@@ -143,7 +130,7 @@ jobs:
           script: echo "Pregenerate the AVD before running Paramedic"
 
       - name: Run paramedic tests
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@b530d96654c385303d652368551fb075bc2f0b6b
         env:
           system-image-arch: ${{ matrix.versions.system-image-arch == '' && env.default_system-image-arch || matrix.versions.system-image-arch }}
           system-image-target: ${{ matrix.versions.system-image-target == '' && env.default_system-image-target || matrix.versions.system-image-target }}

.github/workflows/chrome.yml

@@ -6,12 +6,12 @@
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
-# http://www.apache.org/licenses/LICENSE-2.0
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#  KIND, either express or implied.  See the License for the
+# KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 
@@ -29,6 +29,9 @@ on:
       - 'LICENSE'
       - '.eslint*'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Chrome Latest Test
@@ -39,11 +42,11 @@ jobs:
       # Storing a copy of the repo
       repo: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
 
-      node-version: 20
+      node-version: 24
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version: ${{ env.node-version }}
 

.github/workflows/draft-release.yml

@@ -0,0 +1,149 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: Draft Release
+
+on:
+  push:
+    tags:
+      - 'draft/**'
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  upload-to-atr:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 24
+
+      - name: Setup environment variables
+        run: |
+          REPO_NAME="${GITHUB_REPOSITORY#*/}"
+          TAG_NAME="${GITHUB_REF#refs/tags/}"
+          TARGET_RELEASE_VERSION="${TAG_NAME#draft/}"
+          SRC_PACKAGE_NAME=${REPO_NAME}-source-${TARGET_RELEASE_VERSION}
+          SRC_PACKAGE_TAR=${SRC_PACKAGE_NAME}.tar
+          SRC_PACKAGE_TAR_GZ=${SRC_PACKAGE_NAME}.tar.gz
+          SRC_PACKAGE_ZIP=${SRC_PACKAGE_NAME}.zip
+          NPM_PACKAGE_NAME=${REPO_NAME}-npm-${TARGET_RELEASE_VERSION}
+
+          echo "REPO_NAME=$REPO_NAME" >> $GITHUB_ENV
+          echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV
+          echo "TARGET_RELEASE_VERSION=$TARGET_RELEASE_VERSION" >> $GITHUB_ENV
+          echo "SRC_PACKAGE_NAME=$SRC_PACKAGE_NAME" >> $GITHUB_ENV
+          echo "SRC_PACKAGE_TAR=$SRC_PACKAGE_TAR" >> $GITHUB_ENV
+          echo "SRC_PACKAGE_TAR_GZ=$SRC_PACKAGE_TAR_GZ" >> $GITHUB_ENV
+          echo "SRC_PACKAGE_ZIP=$SRC_PACKAGE_ZIP" >> $GITHUB_ENV
+          echo "NPM_PACKAGE_NAME=$NPM_PACKAGE_NAME" >> $GITHUB_ENV
+
+          echo "REPO_NAME=$REPO_NAME"
+          echo "TAG_NAME=$TAG_NAME"
+          echo "TARGET_RELEASE_VERSION=$TARGET_RELEASE_VERSION"
+          echo "SRC_PACKAGE_NAME=$SRC_PACKAGE_NAME"
+          echo "SRC_PACKAGE_TAR=$SRC_PACKAGE_TAR"
+          echo "SRC_PACKAGE_TAR_GZ=$SRC_PACKAGE_TAR_GZ"
+          echo "SRC_PACKAGE_ZIP=$SRC_PACKAGE_ZIP"
+          echo "NPM_PACKAGE_NAME=$NPM_PACKAGE_NAME"
+
+      - name: Verify Target Release Version
+        run: |
+          PACKAGE_VERSION=$(jq -r '.version' package.json)
+          if [ $PACKAGE_VERSION != "$TARGET_RELEASE_VERSION" ]; then
+            echo "Mismatch version detected between tag version ($TARGET_RELEASE_VERSION) and package version ($PACKAGE_VERSION)"
+            exit 1
+          fi
+
+          if [ -f "plugin.xml" ]; then
+            PLUGIN_VERSION=$(yq -p=xml -o=json '.plugin.+@version' plugin.xml)
+            if [ $PLUGIN_VERSION != "$TARGET_RELEASE_VERSION" ]; then
+              echo "Mismatch version detected between tag version ($TARGET_RELEASE_VERSION) and plugin version ($PLUGIN_VERSION)"
+              exit 1
+            fi
+          fi
+
+      - name: Generate "tgz" npm convenience package
+        run: |-
+          npm install
+          NPM_PKG_NAME=$(npm pack --json | jq -r '.[0].filename')
+          mv ./.asf-release/$NPM_PKG_NAME ./.asf-release/${NPM_PACKAGE_NAME}.tgz
+        env:
+          TZ: UTC
+
+      - name: Generate "tar" source package
+        run: |-
+          export SRC_LAST_COMMIT_EPOCH=$(git log -1 --format=%ct "$TAG_NAME")
+
+          git archive \
+            --prefix=$SRC_PACKAGE_NAME/ \
+            --mtime=$SRC_LAST_COMMIT_EPOCH \
+            -o ./.asf-release/${SRC_PACKAGE_TAR} \
+            $TAG_NAME
+        env:
+          TZ: UTC
+
+      - name: Generate "tar.gz" source archive
+        working-directory: ./.asf-release
+        run: |-
+          gzip -n -9 -c "$SRC_PACKAGE_TAR" > "$SRC_PACKAGE_TAR_GZ"
+        env:
+          TZ: UTC
+
+      - name: Generate "zip" source archive
+        working-directory: ./.asf-release
+        run: |-
+          export ASF_RELEASE_DIR=$(pwd)
+          export TMP_DIR=$(mktemp -d)
+
+          tar -xf "$SRC_PACKAGE_TAR" -C "$TMP_DIR"
+          (
+            cd "$TMP_DIR"
+            find . -type f | LC_ALL=C sort | zip -X -q "$ASF_RELEASE_DIR/$SRC_PACKAGE_ZIP" -@
+          )
+          rm -rf $TMP_DIR
+        env:
+          TZ: UTC
+
+      - name: Cleanup Process
+        working-directory: ./.asf-release
+        run: |-
+          rm -rf $SRC_PACKAGE_TAR
+          rm -rf .gitkeep
+
+      - name: Create Sign and Checksum
+        working-directory: .asf-release
+        run: |-
+          for f in *.tar.gz *.tgz *.zip; do
+            [ -e "$f" ] || continue
+            echo "$CORDOVA_GPG_SECRET_KEY" | gpg --batch --import --import-options import-show
+            gpg --armor --detach-sign "$f"
+            sha512sum "$f" > "${f}.sha512"
+          done
+        env:
+          CORDOVA_GPG_SECRET_KEY: ${{ secrets.CORDOVA_GPG_SECRET_KEY }}
+
+      - name: Upload to Apache Trusted Release (ATR)
+        uses: apache/tooling-actions/upload-to-atr@b7e972c11790ee16eca101900af1b3c7fd1b106e
+        with:
+          project: ${{ env.REPO_NAME }}
+          version: ${{ env.TARGET_RELEASE_VERSION }}
+          src: .asf-release