From 0f354e63f3d196f916a54f535fa764b6cd311829 Mon Sep 17 00:00:00 2001
From: Holger Friedrich <mail@holger-friedrich.de>
Date: Wed, 26 Mar 2025 08:40:58 +0100
Subject: [PATCH] Improve GitHub Actions (#4660)

* pin external action stCarolas/setup-maven to specific SHA
* set global timeout
* comments
* restore broken registration of problem matchers

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
---
 .github/workflows/ci-build.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index b8c4331d74..600b35b710 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -23,6 +23,8 @@ jobs:
         os: [ 'ubuntu-24.04' ]
     name: Build (Java ${{ matrix.java }}, ${{ matrix.os }})
     runs-on: ${{ matrix.os }}
+    # typical duration is ~20min, set twice the amount as limit (default is 6h)
+    timeout-minutes: 40
     steps:
       - name: Checkout
         if: github.head_ref == ''
@@ -50,13 +52,14 @@ jobs:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
 
+      # pinning to SHA to mitigate possible supply chain attacks
       - name: Set up Maven ${{ matrix.maven }}
-        uses: stCarolas/setup-maven@v5
+        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
         with:
           maven-version: ${{ matrix.maven }}
 
       - name: Register Problem Matchers
-        if: ${{ matrix.java == '17' }}
+        if: ${{ matrix.java == '21' }}
         id: problem_matchers
         run: |
           echo "::add-matcher::.github/openhab-compile-problems.json"
@@ -93,6 +96,8 @@ jobs:
           path: '**/checkstyle-result.xml'
           mode: inline
 
+      # this will identify modifications to files under source control during the workflow run;
+      # untracked files will be included as well!
       - name: Verify Changed Files
         id: verify-changed-files
         run: |