branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:

name: Build Docs
on:
  push:
    branches:
      - master
  pull_request:
    types:
      - opened
      - synchronize

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  changes:
    runs-on: ubuntu-latest
    # Required permissions
    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v6

if [[ "$TFCI_DOCKER_REBUILD_ENABLE" == 1 ]]; then
  DOCKER_BUILDKIT=1 docker build --cache-from "$TFCI_DOCKER_IMAGE" -t "$TFCI_DOCKER_IMAGE" $TFCI_DOCKER_REBUILD_ARGS
  if [[ "$TFCI_DOCKER_REBUILD_UPLOAD_ENABLE" == 1 ]]; then
    docker push "$TFCI_DOCKER_IMAGE"
  fi
fi

# Keep the existing "tf" container if it's already present.
# The container is not cleaned up automatically! Remove it with:
# docker rm tf

        for (String arg : args) {
            boolean addedToBuffer = false;

            if (arg.startsWith("\"")) {
                // if we're in the process of building up another arg, push it and start over.
                // this is for the case: "-Dfoo=bar "-Dfoo2=bar two" (note the first unterminated quote)
                if (currentArg != null) {
                    cleaned.add(currentArg.toString());

4. Add tests for new functionality
5. Ensure all tests pass: `mvn test`
6. Check license headers: `mvn license:format`
7. Commit changes: `git commit -m 'Add amazing feature'`
8. Push to branch: `git push origin feature/amazing-feature`
9. Open a Pull Request

### Code Style

- Use Eclipse formatter configuration (`src/config/eclipse/formatter/java.xml`)
- Follow existing naming conventions

      weight: Int,
      exclusive: Boolean,
    )

    /**
     * HTTP/2 only. Receive a push promise header block.
     *
     * A push promise contains all the headers that pertain to a server-initiated request, and a
     * `promisedStreamId` to which response frames will be delivered. Push promise frames are sent
     * as a part of the response to `streamId`.
     *

name: Contributor CI Build

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

concurrency:
  # On master/release, we don't want any jobs cancelled so the sha is used to name the group
  group: ${{ (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' ) && format('contributor-pr-base-{0}', github.sha) || format('contributor-pr-{0}', github.ref) }}
  cancel-in-progress: false

env:

name: Test

on:
  push:
    branches:
      - master
  pull_request:
    types:
      - opened
      - synchronize
  schedule:
    # cron every week on monday
    - cron: "0 0 * * 1"

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  test:
    strategy:
      matrix:
        os: [ windows-latest, macos-latest ]
        python-version: [ "3.14" ]
        include:
          - os: ubuntu-latest

    for (; idx < encodedLen; idx++) {
      c = encoded.charAt(idx);

      if (c == '&' || c == '?' || c == '!' || c == ':' || c == ',') {
        break;
      }
    }

    stack.push(reverse(encoded.subSequence(start, idx)));

    if (c == '!' || c == '?' || c == ':' || c == ',') {
      // '!' represents an interior node that represents a REGISTRY entry in the map.

name: "Code scanning - action"

on:
  push:
    branches: [ main, master, release ]
  schedule:
    - cron: '0 5 * * *'

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest