Scriptella 1.4: Release hardening, JDK 17 compatibility, and dependency modernization
Target: Scriptella 1.4
JDK experiment: #31
Summary
The Scriptella 1.3 publication run exposed two test-environment defects and
several release-procedure gaps. Scriptella 1.4 must address them alongside a
JDK 17 compatibility upgrade and comprehensive dependency modernization, so
future releases have deterministic validation, current supported libraries,
correctly signed Central uploads, and clearer operator recovery steps.
Scriptella 1.3 is immutable. This ticket does not authorize a 1.3.1 release.
Whether Java 17 becomes the required baseline or is supported alongside Java 8
is explicitly TBD and must be decided from the compatibility audit before
implementation locks the compiler target or public requirements.
Observed problems
1. Cancellation test contaminates later JMX tests
scriptella.execution.CancellationTest interrupts the Maven/Surefire test
runner thread from a helper thread. The helper is neither coordinated nor
joined. In tagged release builds this intermittently left an interrupted
state that caused scriptella.execution.JmxEtlManagerITest to fail with
EtlCancelledException.
The affected release-build symptoms were:
CancellationTest assertion failure; and
JmxEtlManagerITest receiving an unexpected cancellation.
The same clean test gate passed on retry, confirming a test-isolation/race
problem rather than a release artifact defect.
2. Launcher extension detection depends on the full absolute path
scriptella.tools.launcher.EtlLauncher.resolveFile determines whether an
input has an extension with name.indexOf('.'). When name is an absolute
path and a parent directory contains a dot (for example a worktree named
scriptella-1.3-validation), the launcher believes an extension is already
present and does not try the expected .etl.xml suffix.
This made EtlLauncherTest fail in a dotted disposable worktree even though
the fixture files existed. A dot-free worktree allowed the same tests to pass.
3. GPG signing needs an explicit interactive preflight
Non-interactive Maven invocations failed with Inappropriate ioctl for device
when the GPG agent was locked. An interactive detached-sign operation in the
operator terminal correctly unlocked the key, after which Maven signing
succeeded.
4. release:perform needs local checkout and propagated release flags
The repository's Maven SCM metadata uses an SSH developer connection, while
the release workstation authenticated Git over HTTPS. The default
release:perform clone failed with Permission denied (publickey).
Using -DlocalCheckout=true allowed Maven Release Plugin to use the already
pushed local tag. The first Central deployment then failed validation because
performRelease=true was not propagated into the checkout build, so Central
received unsigned POMs and JARs. Retrying with both of these arguments
produced a manually managed VALIDATED deployment:
-DlocalCheckout=true
-Darguments="-DperformRelease=true -Dgpg.keyname=<full-fingerprint>"
The failed deployment had to be dropped before retrying.
Required changes
Test reliability
- Refactor
CancellationTest to use explicit synchronization for the helper
thread and the ETL start/cancel boundary.
- Join the helper thread before test completion and assert that it completed
normally.
- Ensure the test runner's interrupted status is cleared or asserted at the
test boundary so later tests cannot inherit cancellation state.
- Keep the cancellation behavior assertions: cancellation is reported, the
operation terminates promptly, and temporary tables are cleaned up.
- Add a regression sequence that exercises cancellation followed by the JMX
integration path repeatedly under Java 8.
Launcher path handling
- Change
EtlLauncher.resolveFile to inspect the final filename component
when deciding whether to append .etl.xml; do not use dots in parent
directories as evidence of a filename extension.
- Preserve existing behavior for explicit filenames, relative paths, and the
default etl.xml file.
- Add tests covering extensionless absolute ETL paths below a directory whose
name contains a dot, plus explicit .etl.xml filenames.
Java 17 and dependency modernization
- Inventory every direct, transitive, bundled, test, and build-plugin
dependency, including copies shipped in standalone and examples archives.
- Upgrade each dependency and Maven plugin to a currently supported stable
version compatible with the selected 1.4 Java baseline; record the old and
new coordinates, licenses, transitive changes, and compatibility impact.
- Resolve API and namespace migrations deliberately, including the
javax.*/jakarta.* transition for mail-related integrations, Spring API
compatibility, Rhino/JSR-223 behavior, Ant integration, and supported JDBC
driver behavior. Do not silently replace public APIs or change module
coordinates.
- Decide and document the Java baseline after the audit: either require Java
17 or retain Java 8 compatibility while making Java 17 a supported runtime.
Update compiler configuration, runtime documentation, examples, CI, and
release validation consistently with that decision.
- Reconcile Maven dependencies with all bundled distribution and sample
libraries. Update license notices and verify required byte-identical copies
where the archives intentionally share artifacts.
- Remove, replace, or explicitly defer obsolete reporting/build plugins only
after confirming they are not part of the supported release path.
Reusable release runbook
Update docs/releases/RELEASE-RUNBOOK.md with these durable steps:
- Before each signed Maven phase, verify GPG-agent/pinentry using an
interactive detached-sign check. Do not put the passphrase on a command
line.
- Name disposable worktrees without dots when launcher/path smoke tests are
part of validation until the launcher fix is available.
- When the SCM developer connection is SSH but the operator uses HTTPS,
invoke release:perform with -DlocalCheckout=true after the approved tag
is pushed.
- Always propagate
-DperformRelease=true and the approved full GPG
fingerprint through release:perform -Darguments=....
- Before accepting Central validation, inspect the staged bundle/deployment
for .asc signatures for every required POM and JAR.
- On a
FAILED Central deployment, capture sanitized errors, drop the
unpublished deployment, correct the invocation/configuration, and rerun
validation without changing an already-pushed tag unless separately
authorized.
- Note that an unpublished GitHub draft can use an
untagged-... URL while
still correctly carrying the selected release tag; verify tagName, draft
state, title, prerelease state, and exact asset count instead of relying on
the draft URL shape.
- Treat Maven release-plugin backup POMs and
release.properties as expected
local state needed for release:perform; keep them out of Git and clean
them only after release execution/evidence retention is complete.
Acceptance criteria
- Core tests pass repeatedly under Temurin Java 8 with no cancellation/JMX
cross-test contamination.
- Tools launcher tests pass from dotted and dot-free absolute worktree paths.
- A reviewed dependency inventory accounts for every direct, transitive,
bundled, test, and build-plugin dependency, with modern supported versions
selected and license/compatibility changes documented.
- The Java 17 baseline decision is explicitly recorded and validated with the
corresponding runtime/compiler matrix; no Java compatibility promise changes
implicitly.
- Maven, Ant, standalone distributions, examples, and representative drivers
pass their smoke tests using the modernized dependency set.
- The full Java 8 Maven/Ant/DTDDoc no-upload release gate passes with the
documented test totals (Core 149, Drivers 141, Tools 12; 302 total), or the
test environment and totals are deliberately updated for the selected 1.4
Java baseline.
- A no-upload signed Maven build produces detached signatures for every
Central POM/JAR.
- A manual Central validation rehearsal uses the documented local-checkout
invocation and reaches VALIDATED with complete signatures, without
automatic publication.
- The runbook contains the new preflight, invocation, verification, recovery,
and draft-release guidance without credentials, private paths, or passphrases.
Evidence to link when opening the issue
- Scriptella 1.3 tag and release URL.
- Sanitized Maven/Ant validation summaries and test totals.
- The failed unsigned Central deployment's sanitized validation reason and the
successful validated deployment ID/state, if appropriate for public issue
history.
Do not include tokens, passwords, passphrases, private-key material,
authentication headers, private Maven settings, or credential-bearing logs.
Scriptella 1.4: Release hardening, JDK 17 compatibility, and dependency modernization
Target: Scriptella 1.4
JDK experiment: #31
Summary
The Scriptella 1.3 publication run exposed two test-environment defects and
several release-procedure gaps. Scriptella 1.4 must address them alongside a
JDK 17 compatibility upgrade and comprehensive dependency modernization, so
future releases have deterministic validation, current supported libraries,
correctly signed Central uploads, and clearer operator recovery steps.
Scriptella 1.3 is immutable. This ticket does not authorize a 1.3.1 release.
Whether Java 17 becomes the required baseline or is supported alongside Java 8
is explicitly TBD and must be decided from the compatibility audit before
implementation locks the compiler target or public requirements.
Observed problems
1. Cancellation test contaminates later JMX tests
scriptella.execution.CancellationTestinterrupts the Maven/Surefire testrunner thread from a helper thread. The helper is neither coordinated nor
joined. In tagged release builds this intermittently left an interrupted
state that caused
scriptella.execution.JmxEtlManagerITestto fail withEtlCancelledException.The affected release-build symptoms were:
CancellationTestassertion failure; andJmxEtlManagerITestreceiving an unexpected cancellation.The same clean test gate passed on retry, confirming a test-isolation/race
problem rather than a release artifact defect.
2. Launcher extension detection depends on the full absolute path
scriptella.tools.launcher.EtlLauncher.resolveFiledetermines whether aninput has an extension with
name.indexOf('.'). Whennameis an absolutepath and a parent directory contains a dot (for example a worktree named
scriptella-1.3-validation), the launcher believes an extension is alreadypresent and does not try the expected
.etl.xmlsuffix.This made
EtlLauncherTestfail in a dotted disposable worktree even thoughthe fixture files existed. A dot-free worktree allowed the same tests to pass.
3. GPG signing needs an explicit interactive preflight
Non-interactive Maven invocations failed with
Inappropriate ioctl for devicewhen the GPG agent was locked. An interactive detached-sign operation in the
operator terminal correctly unlocked the key, after which Maven signing
succeeded.
4.
release:performneeds local checkout and propagated release flagsThe repository's Maven SCM metadata uses an SSH developer connection, while
the release workstation authenticated Git over HTTPS. The default
release:performclone failed withPermission denied (publickey).Using
-DlocalCheckout=trueallowed Maven Release Plugin to use the alreadypushed local tag. The first Central deployment then failed validation because
performRelease=truewas not propagated into the checkout build, so Centralreceived unsigned POMs and JARs. Retrying with both of these arguments
produced a manually managed
VALIDATEDdeployment:The failed deployment had to be dropped before retrying.
Required changes
Test reliability
CancellationTestto use explicit synchronization for the helperthread and the ETL start/cancel boundary.
normally.
test boundary so later tests cannot inherit cancellation state.
operation terminates promptly, and temporary tables are cleaned up.
integration path repeatedly under Java 8.
Launcher path handling
EtlLauncher.resolveFileto inspect the final filename componentwhen deciding whether to append
.etl.xml; do not use dots in parentdirectories as evidence of a filename extension.
default
etl.xmlfile.name contains a dot, plus explicit
.etl.xmlfilenames.Java 17 and dependency modernization
dependency, including copies shipped in standalone and examples archives.
version compatible with the selected 1.4 Java baseline; record the old and
new coordinates, licenses, transitive changes, and compatibility impact.
javax.*/jakarta.*transition for mail-related integrations, Spring APIcompatibility, Rhino/JSR-223 behavior, Ant integration, and supported JDBC
driver behavior. Do not silently replace public APIs or change module
coordinates.
17 or retain Java 8 compatibility while making Java 17 a supported runtime.
Update compiler configuration, runtime documentation, examples, CI, and
release validation consistently with that decision.
libraries. Update license notices and verify required byte-identical copies
where the archives intentionally share artifacts.
after confirming they are not part of the supported release path.
Reusable release runbook
Update
docs/releases/RELEASE-RUNBOOK.mdwith these durable steps:interactive detached-sign check. Do not put the passphrase on a command
line.
part of validation until the launcher fix is available.
invoke
release:performwith-DlocalCheckout=trueafter the approved tagis pushed.
-DperformRelease=trueand the approved full GPGfingerprint through
release:perform -Darguments=....for
.ascsignatures for every required POM and JAR.FAILEDCentral deployment, capture sanitized errors, drop theunpublished deployment, correct the invocation/configuration, and rerun
validation without changing an already-pushed tag unless separately
authorized.
untagged-...URL whilestill correctly carrying the selected release tag; verify
tagName, draftstate, title, prerelease state, and exact asset count instead of relying on
the draft URL shape.
release.propertiesas expectedlocal state needed for
release:perform; keep them out of Git and cleanthem only after release execution/evidence retention is complete.
Acceptance criteria
cross-test contamination.
bundled, test, and build-plugin dependency, with modern supported versions
selected and license/compatibility changes documented.
corresponding runtime/compiler matrix; no Java compatibility promise changes
implicitly.
pass their smoke tests using the modernized dependency set.
documented test totals (Core 149, Drivers 141, Tools 12; 302 total), or the
test environment and totals are deliberately updated for the selected 1.4
Java baseline.
Central POM/JAR.
invocation and reaches
VALIDATEDwith complete signatures, withoutautomatic publication.
and draft-release guidance without credentials, private paths, or passphrases.
Evidence to link when opening the issue
successful validated deployment ID/state, if appropriate for public issue
history.
Do not include tokens, passwords, passphrases, private-key material,
authentication headers, private Maven settings, or credential-bearing logs.