From f6aa627130c3632af3f6317409cabafbe91a1443 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?James=20Pether=20S=C3=B6rling?=
 <pethers@users.noreply.github.com>
Date: Sun, 26 Jan 2025 14:39:50 +0100
Subject: [PATCH] Update release.yml

---
 .github/workflows/release.yml | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fdd3e9a68a..7940f3ec54 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,10 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-24.04
+    timeout-minutes: 60
+    concurrency: 
+      group: release-${{ github.ref }}
+      cancel-in-progress: true
     permissions:
       contents: write     # Needed for checkout, git-auto-commit-action, and creating releases
       packages: write     # Needed for publishing packages
@@ -70,11 +74,10 @@ jobs:
           fulcio.sigstore.dev:443
           packages.microsoft.com:443
           rekor.sigstore.dev:443
+
     - name: Checkout repository
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
         fetch-depth: 2
 
     - name: Set up JDK 21
@@ -82,7 +85,11 @@ jobs:
       with:
         distribution: 'temurin'
         java-version: '21-ea'
+        java-package: 'jdk'  # Explicitly specify JDK package
+        check-latest: true   # Always get latest patch version
         cache: 'maven'
+        server-id: 'github' # Optional: For GitHub Packages authentication
+        architecture: 'x64'  # Explicitly specify architecture
 
     - name: APT update
       run: sudo apt-get update
@@ -116,31 +123,40 @@ jobs:
         commit_message: Automated Release ${{ github.event.inputs.release }}
         branch: release-${{ github.event.inputs.release }}
         tagging_message: '${{ github.event.inputs.release }}'
-        create_branch: true      
+        create_branch: true
+
     - name: Build with Maven
-      run: maven/bin/mvn -B --file pom.xml clean install -Prelease-site,all-modules -DforkMode=once '-Dtest=!**ITest*,!**DocumentationTest*' -Dmaven.test.skip=true -DfailIfNoTests=false  -Dsurefire.failIfNoSpecifiedTests=false  -Dsurefire.reportNameSuffix=UNIT
+      run: maven/bin/mvn -B --file pom.xml clean install -Prelease-site,all-modules -DforkMode=once '-Dtest=!**ITest*,!**DocumentationTest*' -Dmaven.test.skip=true -DfailIfNoTests=false
+
     - name: Generate artifact attestation
       uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
       id: attest
       with:
         subject-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb'
         bundle-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl'
+
     - name: Copy artifact attestation
       run: cp ${{ steps.attest.outputs.bundle-path }} cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl
+
     - name: Generate SBOM attestation
       id: attestsbom
       uses: actions/attest-sbom@115c3be05ff3974bcbd596578934b3f9ce39bf68 # v2.2.0
       with:
         subject-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb'
         sbom-path: 'cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json'
+
     - name: Copy SBOM attestation
       run: cp ${{ steps.attestsbom.outputs.bundle-path }} cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json.intoto.jsonl
+
     - name: Create a GitHub release
       uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
       with:
         tag: '${{ github.event.inputs.release }}'
         generateReleaseNotes: false
         name: Release ${{ github.event.inputs.release }}
-        artifacts: "cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb,cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json.intoto.jsonl,cia-dist-cloudformation/target/dependency/cia-dist-cloudformation-${{ github.event.inputs.release }}.template,citizen-intelligence-agency/target/site/com.hack23.cia_citizen-intelligence-agency-${{ github.event.inputs.release }}.spdx.json,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json,cia-dist-cloudformation/target/dependency/cia-dist-cloudformation-${{ github.event.inputs.release }}.template"
+        artifacts: "cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb,cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl"
+
     - name: Submit Dependency Release
       uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d
+      with:
+        skip-maven-install: true  # Skip Maven install since build is already done