Merge remote-tracking branch 'upstream/main' into fix-for-issue-9803

* upstream/main: (68 commits)
  BibTeX 'Title' to MS Office 'Publicationtitle' field (JabRef#10864)
  Introduce BibliographyConsistencyCheckResultTxtWriter (JabRef#10847)
  Upgrade gradle-build-action to actions/setup-gradle (JabRef#10866)
  Bump org.apache.lucene:lucene-core from 9.9.1 to 9.9.2 (JabRef#10860)
  Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2 (JabRef#10863)
  Bump org.apache.lucene:lucene-highlighter from 9.9.1 to 9.9.2 (JabRef#10861)
  Bump org.tinylog:tinylog-api from 2.6.2 to 2.7.0 (JabRef#10862)
  Bump org.apache.lucene:lucene-queryparser from 9.9.1 to 9.9.2 (JabRef#10859)
  Bump gradle/wrapper-validation-action from 1 to 2 (JabRef#10858)
  Bump codecov/codecov-action from 3 to 4 (JabRef#10857)
  Bump peter-evans/create-pull-request from 5 to 6 (JabRef#10856)
  Update Gradle Wrapper from 8.5 to 8.6. (JabRef#10854)
  Enable auto merge of gradle wrapper update
  Jump to entry from cli (JabRef#10578)
  Fix closing of JabRef in case of issues with index writer (JabRef#10840)
  Update deployment-arm64.yml
  use nio path
  fix submodules
  Fix secrents presence chcek
  Update deployment-arm64.yml
  ...

Author: Siedlerchr

.github/workflows/add-greeting-to-issue.yml

@@ -16,7 +16,7 @@ jobs:
       issues: write
     steps:
     - name: GreetingFirstTimeCodeContribution
-      uses: peter-evans/create-or-update-comment@v3
+      uses: peter-evans/create-or-update-comment@v4
       with:
         issue-number: ${{ github.event.issue.number || github.event.pull_request.number }}
         body: |

.github/workflows/automerge.yml

@@ -17,7 +17,8 @@ jobs:
         (
           startsWith(github.event.pull_request.title, '[Bot] ') || 
           startsWith(github.event.pull_request.title, 'Bump ') || 
-          startsWith(github.event.pull_request.title, 'New Crowdin updates')
+          startsWith(github.event.pull_request.title, 'New Crowdin updates') ||
+          startsWith(github.event.pull_request.title, 'Update Gradle Wrapper from')
         )
       )
     steps:

.github/workflows/check-links.yml

@@ -22,14 +22,14 @@ jobs:
         with:
           show-progress: 'false'
       - name: Restore lychee cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: .lycheecache
           key: cache-lychee-${{ github.sha }}
           restore-keys: cache-lychee-
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/[email protected].1
+        uses: lycheeverse/[email protected].3
         with:
           fail: true
           args: --accept '200,201,202,203,204,429,500' --max-concurrency 1 --cache --no-progress --exclude-all-private './**/*.md'

.github/workflows/cleanup-pr.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Cancel deployment run
-        uses: styfle/[email protected].0
+        uses: styfle/[email protected].1
         with:
           ignore_sha: true
           workflow_id: 9813 # workflow "Deployment"

.github/workflows/deployment-arm64.yml

@@ -1,16 +1,23 @@
-name: Deployment Release for ARM64 - Run manually!
-
+name: Deployment for Arm64
 on:
+  push:
+    branches:
+      - main
+      - main-release
+    paths-ignore:
+      - 'docs/**'
+      - 'src/test/**'
+      - 'README.md'
+    tags:
+       - '*'
+  pull_request:
+  merge_group:
   workflow_dispatch:
     inputs:
       notarization:
         type: boolean
-        required: true
-        default: true
-  push:
-   branches:
-    - arm64mac-release
-    - updateArm64Notarization
+        required: false
+        default: false
 
 env:
   SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }}
@@ -30,19 +37,26 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [self-hosted]
         include:
-          - os: self-hosted
+          - os: macos-14
             displayName: macOS (Arm64)
             suffix: '_arm64'
     runs-on: ${{ matrix.os }}
+    outputs:
+      major: ${{ steps.gitversion.outputs.Major }}
+      minor: ${{ steps.gitversion.outputs.Minor }}
+      branchname: ${{ steps.gitversion.outputs.branchName }}
     name: Create installer and portable version for ${{ matrix.displayName }}
     steps:
       - name: Check secrets presence
         id: checksecrets
         shell: bash
         run: |
-          [ -n "$BUILDJABREFPRIVATEKEY" ] || exit 1
+          if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
+            echo "secretspresent=NO" >> $GITHUB_OUTPUT
+          else
+            echo "secretspresent=YES" >> $GITHUB_OUTPUT
+          fi
         env:
           BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
       - name: Fetch all history for all tags and branches
@@ -61,34 +75,32 @@ jobs:
       - name: Setup JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 21.0.1
+          java-version: 21.0.2
           distribution: 'liberica'
       - name: Clean up keychain
         run: |
          security delete-keychain signing_temp.keychain ${{runner.temp}}/keychain/notarization.keychain || true
-      - name: Setup OSX key chain on macOS
+      - name: Setup OSX key chain on macOS-arm
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         uses: apple-actions/import-codesign-certs@v2
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           keychain-password: jabref
       - name: Setup OSX key chain on OSX for app id cert
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         uses: apple-actions/import-codesign-certs@v2
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           create-keychain: false
           keychain-password: jabref
-      - name: Create notarization keychain
-        run: |
-          mkdir ${{runner.temp}}/keychain
-          security create-keychain -p jabref ${{runner.temp}}/keychain/notarization.keychain
-          security set-keychain-settings ${{runner.temp}}/keychain/notarization.keychain
       - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v3
       - name: Prepare merged jars and modules dir (macOS)
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
       - name: Build dmg (macOS)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
           jpackage \
@@ -113,6 +125,7 @@ jobs:
           --file-associations buildres/mac/bibtexAssociations.properties \
           --jlink-options --bind-services
       - name: Build pkg (macOS)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
           jpackage \
@@ -137,32 +150,85 @@ jobs:
           --file-associations buildres/mac/bibtexAssociations.properties \
           --jlink-options --bind-services
       - name: Rename files with arm64 suffix as well
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
           mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg  build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg
           mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg  build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg
+      - name: Setup rsync (macOS)
+        if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'macos-14') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
+        run: brew install rsync
+      - name: Setup SSH key
+        if: ${{ (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && ((matrix.os != 'macos-14') || !((startsWith(github.ref, 'refs/tags/') || (inputs.notarization == true)))) }}
+        run: |
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          chmod 600 sshkey
+      - name: Upload to builds.jabref.org (linux, macOS)
+        # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
+        #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
+        # needs to be on one line; multi line does not work
+        if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-14') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+        shell: bash
+        run: |
+          rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+      - name: Upload to GitHub workflow artifacts store (macOS)
+        if: (matrix.os == 'macos-14') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
+        uses: actions/upload-artifact@v4
+        with:
+          # tbn = to-be-notarized
+          name: JabRef-macOS-arm-tbn
+          path: build/distribution
+          compression-level: 0 # no compression
+      - name: Upload to GitHub workflow artifacts store
+        if: (steps.checksecrets.outputs.secretspresent != 'YES')
+        uses: actions/upload-artifact@v4
+        with:
+          # tbn = to-be-notarized
+          name: JabRef-${{ matrix.os }}
+          path: build/distribution
+          compression-level: 0 # no compression
+
+  notarize: # outsourced in a separate job to be able to rerun if this fails for timeouts
+    name: macOS notarization-arm
+    runs-on: macos-14
+    needs: [build]
+    if: ${{ startsWith(github.ref, 'refs/tags/') || inputs.notarization == true }}
+    steps:
+      - name: Check secrets presence
+        id: checksecrets
+        shell: bash
+        run: |
+          if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
+            echo "secretspresent=NO" >> $GITHUB_OUTPUT
+          else
+            echo "secretspresent=YES" >> $GITHUB_OUTPUT
+          fi
+        env:
+          BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
+      - name: Download from GitHub workflow artifacts store (macOS)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
+        uses: actions/download-artifact@master
+        with:
+          name: JabRef-macOS-arm-tbn
+          path: build/distribution/
       - name: Notarize dmg
-        if: (startsWith(github.ref, 'refs/tags/') || (${{ inputs.notarization }}))
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
-          xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" --keychain ${{runner.temp}}/keychain/notarization.keychain
-          xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg --keychain-profile "notarytool-profile" --keychain ${{runner.temp}}/keychain/notarization.keychain --wait
-          xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg
+          xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
+          xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}-arm64.dmg --keychain-profile "notarytool-profile" --wait
+          xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}-arm64.dmg
       - name: Notarize pkg
-        if: (startsWith(github.ref, 'refs/tags/') || (${{ inputs.notarization }}))
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
-          xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" --keychain ${{runner.temp}}/keychain/notarization.keychain
-          xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg --keychain-profile "notarytool-profile" --keychain ${{runner.temp}}/keychain/notarization.keychain --wait
-          xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg
-      - name: Upload with rsync
-        if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
+          xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
+          xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}-arm64.pkg --keychain-profile "notarytool-profile" --wait
+          xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}-arm64.pkg
+      - name: Upload to builds.jabref.org
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
-      - name: Upload to GitHub workflow artifacts store
-        if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: JabRef-${{ matrix.displayName }}
-          path: build/distribution
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          chmod 600 sshkey
+          rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

.github/workflows/deployment.yml

@@ -92,10 +92,10 @@ jobs:
       - name: Setup JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 21.0.1
+          java-version: 21.0.2
           distribution: 'liberica'
       - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v3
       - name: Prepare merged jars and modules dir (macOS)
         if: (matrix.os == 'macos-latest') || (steps.checksecrets.outputs.secretspresent == 'NO')
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
@@ -225,13 +225,15 @@ jobs:
           # tbn = to-be-notarized
           name: JabRef-macOS-tbn
           path: build/distribution
+          compression-level: 0 # no compression
       - name: Upload to GitHub workflow artifacts store
         if: (steps.checksecrets.outputs.secretspresent != 'YES')
         uses: actions/upload-artifact@v4
         with:
           # tbn = to-be-notarized
           name: JabRef-${{ matrix.os }}
           path: build/distribution
+          compression-level: 0 # no compression
   announce:
     name: Comment on pull request
     runs-on: ubuntu-latest

.github/workflows/refresh-csl-subtrees.yml

@@ -36,7 +36,7 @@ jobs:
           git add -f src/main/resources/csl-styles
           git add -f src/main/resources/csl-locales
           git diff-index --quiet HEAD || git commit -m 'Update CSL styles'
-      - uses: peter-evans/create-pull-request@v5
+      - uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.GH_TOKEN_UPDATE_GRADLE_WRAPPER }}
           branch: refresh-csl

.github/workflows/refresh-journal-lists.yml

@@ -30,18 +30,18 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 21.0.1
+          java-version: 21.0.2
           distribution: 'liberica'
       - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v3
       - name: Check whether journal-list.mv can be generated (the "real" generation is done inside JabRef's build process)
         run: |
           ./gradlew generateJournalListMV
       - name: Persist changes
         run: |
           git add -f buildres/abbrv.jabref.org
           git diff-index --quiet HEAD || git commit -m 'Update journal abbreviation lists'
-      - uses: peter-evans/create-pull-request@v5
+      - uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.GH_TOKEN_UPDATE_GRADLE_WRAPPER }}
           branch: update-journal-lists

.github/workflows/tests-fetchers.yml

@@ -48,10 +48,10 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 21.0.1
+          java-version: 21.0.2
           distribution: 'liberica'
       - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v3
       - name: Run fetcher tests
         run: ./gradlew fetcherTest
         env: