Merge branch 'main' into reactive

.git-blame-ignore-revs

@@ -1,3 +1,5 @@
 a8ec45c8ea4ba559247b654d01b0d35b21a68865
 33f3224cb40e3fa8c56ddb88962e3a4e9319685d
 430a1a0a5dd4efe78e21526c37bec9dbce036401
+
+

.github/workflows/benchmark.yml

@@ -19,7 +19,7 @@ jobs:
             - uses: gradle/wrapper-validation-action@342dbebe7272035434f9baccc29a816ec6dd2c7b
 
             - name: Setup Java
-              uses: actions/setup-java@v3
+              uses: actions/setup-java@v4
               with:
                   distribution: 'temurin'
                   java-version: '17'

.github/workflows/ci.yml

@@ -1,30 +1,53 @@
 on:
-  - push
-  - workflow_dispatch
-  - pull_request
+  push:
+    branches-ignore:
+      - 'renovate/**'
+  workflow_dispatch:
+  pull_request:
+  merge_group:
 
 name: CI
 
 # Declare default permissions as read only.
 permissions: read-all
 
+concurrency:
+    group: ${{ github.workflow }}-${{ github.ref }}
+
 jobs:
   integrationTest:
     name: Integration tests
 
     runs-on: ubuntu-latest
 
-    permissions:
-        contents: write  # for stefanzweifel/git-auto-commit-action to push code in repo
-
     steps:
+        # Get GitHub token via the CT SDKs App
+      - name: Generate GitHub token (via CT SDKs App)
+        id: generate_github_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.CT_SDKS_APP_ID }}
+          private-key: ${{ secrets.CT_SDKS_APP_PEM }}
+
+      - name: Get App user
+        id: get_app_user
+        env:
+           GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
+        run: |
+          export GH_APP_USER=`gh api /users/ct-sdks%5Bbot%5D | jq .id`
+          echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT"
+
       - name: Checkout
         uses: actions/checkout@v4
-
+        with:
+          # Pass a personal access token (using our CT SDKs App) to be able to trigger other workflows
+          # https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
+          # https://github.community/t/action-does-not-trigger-another-on-push-tag-action/17148/8
+          token: ${{ steps.generate_github_token.outputs.token }}
       - uses: gradle/wrapper-validation-action@342dbebe7272035434f9baccc29a816ec6dd2c7b
 
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
@@ -37,42 +60,57 @@ jobs:
         run: ./gradlew spotlessApply
 
       - uses: stefanzweifel/git-auto-commit-action@e8f94e4dd298db5a6a2aa2d42fe0bcef6f2c9660
+        id: commit_style_fix
         if: github.event_name == 'push' && github.ref != 'refs/heads/main'
+        env:
+           GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
         with:
+            push_options: --dry-run
             commit_message: "spotless: Fix code style"
-            commit_user_name: automation-commercetools
-            commit_user_email: automation@commercetools.com
-            commit_author: Auto Mation <automation@commercetools.com>
+            commit_author: ct-sdks[bot] <${{ steps.get_app_user.outputs.email }}>
+            commit_user_name: ct-sdks[bot]
+            commit_user_email: ${{ steps.get_app_user.outputs.email }}
 
       - name: "Run if style changes have been detected"
-        if: steps.auto-commit-action.outputs.changes_detected == 'true'
+        if: steps.commit_style_fix.outputs.changes_detected == 'true'
         run: echo "${{steps.auto-commit-action.outputs.commit_hash}}" >> .git-blame-ignore-revs
 
       - uses: stefanzweifel/git-auto-commit-action@e8f94e4dd298db5a6a2aa2d42fe0bcef6f2c9660
+        id: commit_rev_ignore
         if: github.event_name == 'push' && github.ref != 'refs/heads/main'
+        env:
+           GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
         with:
+            push_options: --dry-run
             file_pattern: '.git-blame-ignore-revs'
             commit_message: "spotless: add commit to blame ignore revs file"
-            commit_user_name: automation-commercetools
-            commit_user_email: automation@commercetools.com
-            commit_author: Auto Mation <automation@commercetools.com>
+            commit_author: ct-sdks[bot] <${{ steps.get_app_user.outputs.email }}>
+            commit_user_name: ct-sdks[bot]
+            commit_user_email: ${{ steps.get_app_user.outputs.email }}
 
       - name: License check
         run: ./gradlew checkLicense
 
       - uses: stefanzweifel/git-auto-commit-action@e8f94e4dd298db5a6a2aa2d42fe0bcef6f2c9660
+        id: commit_license_change
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        env:
+           GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
         with:
+            push_options: --dry-run
             file_pattern: 'licenses/index.json licenses/**/index.json'
             commit_message: "TASK: Updating license information"
-            commit_user_name: automation-commercetools
-            commit_user_email: automation@commercetools.com
-            commit_author: Auto Mation <automation@commercetools.com>
+            commit_author: ct-sdks[bot] <${{ steps.get_app_user.outputs.email }}>
+            commit_user_name: ct-sdks[bot]
+            commit_user_email: ${{ steps.get_app_user.outputs.email }}
             disable_globbing: true
+      - name: Push if changes
+        if: steps.commit_style_fix.outputs.changes_detected || steps.commit_license_change.outputs.changes_detected || steps.commit_rev_ignore.outputs.changes_detected
+        run: git push
 
       - name: Run integration tests for PR
-        if: github.event_name == 'pull_request'
-        run: ./gradlew clean build publishMavenPublicationToMavenLocal runMainMethodThreadLeakTest runMainMethodMemoryLeakTest
+        if: (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'renovate/')) || github.event_name == 'merge_group'
+        run: ./gradlew clean build publishMavenPublicationToMavenLocal runMainMethodThreadLeakTest runMainMethodMemoryLeakTest writeVersionToExamples
         env:
           CTP_CLIENT_ID: ${{ secrets.CTP_CLIENT_ID_PR }}
           CTP_CLIENT_SECRET: ${{ secrets.CTP_CLIENT_SECRET_PR }}
@@ -81,8 +119,8 @@ jobs:
           CTP_JVM_SDK_LOG_LEVEL: OFF
 
       - name: Run integration tests
-        if: github.event_name != 'pull_request'
-        run: ./gradlew clean build publishMavenPublicationToMavenLocal runMainMethodThreadLeakTest runMainMethodMemoryLeakTest
+        if: github.event_name != 'pull_request' && github.event_name != 'merge_group'
+        run: ./gradlew clean build publishMavenPublicationToMavenLocal runMainMethodThreadLeakTest runMainMethodMemoryLeakTest writeVersionToExamples
         env:
             CTP_CLIENT_ID: ${{ secrets.CTP_CLIENT_ID }}
             CTP_CLIENT_SECRET: ${{ secrets.CTP_CLIENT_SECRET }}
@@ -92,7 +130,6 @@ jobs:
 
       - name: Test examples
         run: |
-          ./gradlew writeVersionToExamples
           cd examples/maven-okhttp3 && mvn verify --no-transfer-progress
           cd ../maven-okhttp4 && mvn verify --no-transfer-progress
 
@@ -109,20 +146,30 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      -   name: Checkout
-          uses: actions/checkout@v4
+        # Get GitHub token via the CT SDKs App
+      - name: Generate GitHub token (via CT SDKs App)
+        id: generate_github_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.CT_SDKS_APP_ID }}
+          private-key: ${{ secrets.CT_SDKS_APP_PEM }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate_github_token.outputs.token }}
 
       - uses: gradle/wrapper-validation-action@342dbebe7272035434f9baccc29a816ec6dd2c7b
 
-      -   name: Setup Java
-          uses: actions/setup-java@v3
-          with:
-              distribution: 'temurin'
-              java-version: '17'
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
 
       - name: Setup Graphviz
         uses: ts-graphviz/setup-graphviz@c001ccfb5aff62e28bda6a6c39b59a7e061be5b9
 
-      -   name: build javadoc
-          if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' && github.ref == 'refs/heads/main'
-          run: ./gradlew alljavadoc
+      - name: build javadoc
+        if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' && github.ref == 'refs/heads/main'
+        run: ./gradlew alljavadoc

.github/workflows/codeql.yml

@@ -15,18 +15,20 @@ on:
   push:
     branches: [ "main" ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ "main" ]
   schedule:
-    - cron: '39 19 * * 5'
-
-# Declare default permissions as read only.
-permissions: read-all
+    - cron: '37 10 * * 6'
 
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners
+    # Consider using larger runners for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
     permissions:
       actions: read
       contents: read
@@ -35,43 +37,45 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'java', 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Use only 'java' to analyze code written in Java, Kotlin or both
-        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        language: [ 'java-kotlin', 'javascript-typescript' ]
+        # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
+        # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
 
-    - uses: gradle/wrapper-validation-action@342dbebe7272035434f9baccc29a816ec6dd2c7b
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-#      if: matrix.language != 'java'
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
+
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
     #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/create-pr.yml

@@ -12,19 +12,35 @@ jobs:
   create_pr:
     name: Create/Update PR
 
-    permissions:
-      pull-requests: write
     runs-on: ubuntu-latest
     steps:
+        # Get GitHub token via the CT SDKs App
+      - name: Generate GitHub token (via CT SDKs App)
+        id: generate_github_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.CT_SDKS_APP_ID }}
+          private-key: ${{ secrets.CT_SDKS_APP_PEM }}
+
+      - name: Get App user
+        id: get_app_user
+        env:
+           GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
+        run: |
+          export GH_APP_USER=`gh api /users/ct-sdks%5Bbot%5D | jq .id`
+          echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT"
+
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate_github_token.outputs.token }}
 
       - uses: gradle/wrapper-validation-action@342dbebe7272035434f9baccc29a816ec6dd2c7b
 
       - uses: jenschude/auto-create-pr-action@8733ffe7f93fbeab30113ed3964dfb02bb6984b5
         with:
             request_title: "Update generated SDKs"
-            github_token: ${{ secrets.GITHUB_TOKEN }}
+            github_token: ${{ steps.generate_github_token.outputs.token }}
             request_body: |
                 - [ ] Changeset added
 

.github/workflows/docs.yml

@@ -9,6 +9,10 @@ name: Deploy docs
 # Declare default permissions as read only.
 permissions: read-all
 
+concurrency:
+    group: ${{ github.workflow }}-${{ github.ref }}
+    cancel-in-progress: true
+
 jobs:
   docs:
     name: Build and release docs
@@ -18,19 +22,37 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
+        # Get GitHub token via the CT SDKs App
+      - name: Generate GitHub token (via CT SDKs App)
+        id: generate_github_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.CT_SDKS_APP_ID }}
+          private-key: ${{ secrets.CT_SDKS_APP_PEM }}
+
+      - name: Get App user
+        id: get_app_user
+        env:
+           GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
+        run: |
+          export GH_APP_USER=`gh api /users/ct-sdks%5Bbot%5D | jq .id`
+          echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT"
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
           path: sdk
+          token: ${{ steps.generate_github_token.outputs.token }}
 
       - name: Checkout
         uses: actions/checkout@v4
         with:
           path: doc
           ref: gh-pages
+          token: ${{ steps.generate_github_token.outputs.token }}
 
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
@@ -47,6 +69,6 @@ jobs:
         with:
           repository: doc
           commit_message: "Update javadoc"
-          commit_user_name: automation-commercetools
-          commit_user_email: automation@commercetools.com
-          commit_author: Auto Mation <automation@commercetools.com>
+          commit_author: ct-sdks[bot] <${{ steps.get_app_user.outputs.email }}>
+          commit_user_name: ct-sdks[bot]
+          commit_user_email: ${{ steps.get_app_user.outputs.email }}