Restore Java deps (bundle.jar, maven.default.index) in release zips

[fabianvf]

The cleanup in 119e59f accidentally removed the CI job that bundled Java analysis dependencies into the release zips. The editor-extensions collect-assets.js expects to extract maven.default.index and bundle.jar from the kai-analyzer-rpc zip, so without them Java issue detection silently fails.

Summary by CodeRabbit

• Chores
  • Build pipeline now includes a dedicated job to gather Java analysis dependencies and attach them as artifacts.
  • Main build depends on that job and retrieves the Java deps before packaging.
  • Distributed binaries for Linux, macOS, and Windows now bundle Java dependencies; Windows uses a staging-and-compress step for a combined archive.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a new GitHub Actions job that extracts cross-platform Java analysis dependencies from a container image, uploads them as an artifact, and updates the build job to download and embed those dependencies into Linux/macOS and Windows distribution archives.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/build-and-push-binaries.yml	Adds download_java_deps job to pull bundle.jar and maven.default.index from a container image and upload them as java-deps artifact. Updates build job to depend on and download this artifact; renames main build step to "Build and package"; includes Java deps in Linux/macOS archives and stages + bundles them into Windows archive.

Sequence Diagram(s)

sequenceDiagram
  participant Runner as GitHub Actions Runner
  participant Registry as Container Image Registry
  participant ArtifactStore as GH Actions Artifact Storage
  participant BuildJob as Build & Package Job
  participant Release as Release/Upload Step

  Runner->>Registry: pull image (contains bundle.jar, maven.default.index)
  Registry-->>Runner: container filesystem
  Runner->>Runner: extract `bundle.jar` and `maven.default.index`
  Runner->>ArtifactStore: upload artifact `java-deps`
  ArtifactStore-->>BuildJob: make `java-deps` available
  BuildJob->>ArtifactStore: download `java-deps`
  BuildJob->>BuildJob: include deps into Linux/macOS archives and stage for Windows
  BuildJob->>Release: produce final archives (with Java deps embedded)
  Release->>ArtifactStore: upload final release archives

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped into a container deep,
Pulled jars and indexes from their keep,
Bundled them snug in every pack,
Builds now carry the Java stack,
A tiny hop — a unified leap!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: restoring Java dependencies (bundle.jar and maven.default.index) in release zips.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-and-push-binaries.yml:
- Around line 42-53: Add an explicit existence check immediately after the
"Download Java deps from container image" step to fail the job if either
artifact is missing: verify both example/analysis/maven.default.index and
example/analysis/bundle.jar (the files uploaded in the "Upload Java deps as
artifact" step) exist and exit non‑zero if not, so the workflow stops before
attempting the upload when those files are absent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 11e4a462-d66c-40cc-bc0b-9012c74cafe4

📥 Commits

Reviewing files that changed from the base of the PR and between e3afc00 and 33cf915.

📒 Files selected for processing (1)

• .github/workflows/build-and-push-binaries.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fail fast if either Java dependency is missing before upload.

After Line 44, add explicit file checks so packaging stops immediately when maven.default.index or bundle.jar is absent. This prevents reintroducing silent Java-analysis regressions.

Proposed fix

       - name: Download Java deps from container image
         run: |
           make get-analyzer-deps CONTAINER_RUNTIME=docker
+          test -f example/analysis/maven.default.index
+          test -f example/analysis/bundle.jar

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Download Java deps from container image
	run: |
	make get-analyzer-deps CONTAINER_RUNTIME=docker
	- name: Upload Java deps as artifact
	uses: actions/upload-artifact@v4
	with:
	name: java-deps
	path: |
	example/analysis/maven.default.index
	example/analysis/bundle.jar
	- name: Download Java deps from container image
	run: |
	make get-analyzer-deps CONTAINER_RUNTIME=docker
	test -f example/analysis/maven.default.index
	test -f example/analysis/bundle.jar
	- name: Upload Java deps as artifact
	uses: actions/upload-artifact@v4
	with:
	name: java-deps
	path: |
	example/analysis/maven.default.index
	example/analysis/bundle.jar

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-and-push-binaries.yml around lines 42 - 53, Add an
explicit existence check immediately after the "Download Java deps from
container image" step to fail the job if either artifact is missing: verify both
example/analysis/maven.default.index and example/analysis/bundle.jar (the files
uploaded in the "Upload Java deps as artifact" step) exist and exit non‑zero if
not, so the workflow stops before attempting the upload when those files are
absent.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-and-push-binaries.yml:
- Around line 38-41: The workflow is using actions/checkout@v3 (seen as the
uses: actions/checkout@v3 entries), which depends on Node 16 and will fail on
current runners; update both occurrences of uses: actions/checkout@v3 to uses:
actions/checkout@v5 (or `@v6`) to ensure Node 24 compatibility, commit the change
and verify the workflow runs successfully.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7e0892d1-5f6f-4d5f-b7dc-f353dddc3101

📥 Commits

Reviewing files that changed from the base of the PR and between 33cf915 and 5f0e28b.

📒 Files selected for processing (1)

• .github/workflows/build-and-push-binaries.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Verify checkout action version in the workflow file
cat -n .github/workflows/build-and-push-binaries.yml | sed -n '35,45p'

Repository: konveyor/kai

Length of output: 410

---

🏁 Script executed:

# Check all checkout action versions used in this workflow
rg -n 'uses:\s*actions/checkout@' .github/workflows/build-and-push-binaries.yml

Repository: konveyor/kai

Length of output: 129

---

🌐 Web query:

GitHub Actions checkout action v3 v4 deprecation end of life support status 2025 2026

💡 Result:

actions/checkout v3 vs v4 (and what changes in 2025–2026)

• checkout@v3 (Node 16-based): Not “formally deprecated” as an action version, but it was built for the Node.js 16 Actions runtime. Node 16 was removed from GitHub-hosted runners on Nov 12, 2024, so Node16-based JavaScript actions are no longer usable there (unless GitHub provides a compatibility fallback in specific cases). Practically, you should treat checkout@v3 as end-of-life on GitHub-hosted runners from Nov 12, 2024. [1]

• checkout@v4 (Node 20-based): This is the upgrade path from v3 for the Node16 → Node20 transition (GitHub started moving runners’ default from Node16 to Node20 in mid-2024). [2]

What to plan for in 2026 (Node 20 → Node 24)

• GitHub announced Node 20 deprecation on Actions runners. As of the updated timeline:
  • June 2, 2026: runners begin using Node 24 by default
  • Later in fall 2026: GitHub plans to remove Node 20 from runners [3]

That means checkout@v4 (Node20) is the next thing you should plan to move off of during 2026.

Recommended versions now

• GitHub’s checkout action already has a Node 24 major line:
  • checkout@v5: updated to node24 (requires runner v2.327.1+) [4][5]
  • checkout@v6: current docs describe it as the latest major, with additional credential-handling changes (and notes about runner minimums for some scenarios). [4][5]

So for 2026 readiness: move v3 → v4 → v5 (or v6) depending on your compatibility needs and runner versions. [1][3][4][5]

Sources

[1] https://github.blog/changelog/2024-09-25-end-of-life-for-actions-node16/
[2] https://github.blog/changelog/2024-05-17-updated-dates-for-actions-runner-using-node20-instead-of-node16-by-default/
[3] https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
[4] https://github.com/actions/checkout
[5] https://github.com/actions/checkout/releases

---

Upgrade actions/checkout to v5 or v6 for Node.js runtime compatibility.

Line 38 (and line 81) use actions/checkout@v3, which relies on Node.js 16. GitHub removed Node 16 from hosted runners on November 12, 2024. Upgrading to v4 (Node 20) would restore functionality temporarily, but Node 20 is deprecated in 2026: runners default to Node 24 on June 2, 2026, and Node 20 will be removed in fall 2026. Use checkout@v5 or v6 (both Node 24-based) for current and future compatibility.

Proposed fix

-      - name: Checkout code
-        uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v5

🧰 Tools

🪛 actionlint (1.7.11)

[error] 38-38: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-and-push-binaries.yml around lines 38 - 41, The
workflow is using actions/checkout@v3 (seen as the uses: actions/checkout@v3
entries), which depends on Node 16 and will fail on current runners; update both
occurrences of uses: actions/checkout@v3 to uses: actions/checkout@v5 (or `@v6`)
to ensure Node 24 compatibility, commit the change and verify the workflow runs
successfully.