files=".*[/\\]plugins[/\\]src[/\\]main[/\\]java[/\\]org[/\\]gradle[/\\]api[/\\]tasks[/\\][^/\\]+"/>
    <suppress checks="JavadocPackage"
              files=".*[/\\]process-services[/\\]src[/\\]main[/\\]java[/\\]org[/\\]gradle[/\\]process[/\\][^/\\]+"/>
    <suppress checks="JavadocPackage"
              files=".*[/\\]plugins[/\\]src[/\\]main[/\\]java[/\\]org[/\\]gradle[/\\]jvm[/\\][^/\\]+"/>

on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.

Use `Objects.requireNonNull` statement or `Preconditions` rather than `assert` or `@SuppressWarning` annotation to suppress if possible.

For gradual adoption, enable checks project-by-project.
Do not rely on `@NullMarked` annotations.
Only enable checks for a project if all its dependencies have checks enabled, in order to avoid back-and-forth when refining the annotations.

                            "clean performance:%testProject%PerformanceAdHocTest --tests \"%scenario%\"",
                            "%performance.baselines%",
                            """--warmups %warmups% --runs %runs% --checks %checks% --profiler %profiler% %generateDiffs% %additional.gradle.parameters%""",
                            os,
                            arch,
                            "%testJavaVersion%",

     *
     * @param expiryDate the expiry date
     */
    public void setExpiryDate(final Date expiryDate) {
        this.expiryDate = expiryDate;
    }

    /**
     * Checks if the cookie is secure.
     *
     * @return true if secure
     */
    public boolean isSecure() {
        return secure;
    }

    /**
     * Sets whether the cookie is secure.
     *

     *
     * @return array of file protocol strings with colon suffix (e.g., "file:", "ftp:")
     */
    public String[] getFileProtocols() {
        return fileProtocols;
    }

    /**
     * Checks if the given URL uses a valid web protocol.
     *
     * @param url the URL to validate
     * @return true if the URL starts with a supported web protocol, false otherwise
     */

on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '26 3 * * 2'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.

      MockResponse
        .Builder()
        .body("abc")
        .addHeader("Content-Type: text/plain")
        .build(),
    )

    // Make a request from client to server. It should succeed certificate checks (unfortunately the
    // rogue CA is trusted) but it should fail certificate pinning.
    val request =
      Request
        .Builder()
        .url(server.url("/"))
        .build()

      - uses: gradle/actions/wrapper-validation@v5
      - name: Validate Renovate
        uses: rinchsan/renovate-config-validator@v0.2.0
        with:
          pattern: '.github/renovate.json'

  checks:
    permissions:
      checks: write # for mikepenz/action-junit-report
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Configure JDK

import org.jspecify.annotations.NullMarked;
import org.jspecify.annotations.Nullable;
import org.junit.Test;

/**
 * Automatically runs sanity checks against top level classes in the same package of the test that
 * extends {@code AbstractPackageSanityTests}. Currently sanity checks include {@link
 * NullPointerTester}, {@link EqualsTester} and {@link SerializableTester}. For example:
 *
 * <pre>