From 5938c98f1e40b43394871329ee5cb06cfaabcd5d Mon Sep 17 00:00:00 2001
From: glaude <glaude@traffino.com>
Date: Tue, 26 May 2026 22:49:45 +0200
Subject: [PATCH 1/2] ci: unify on github-workflow-standard (build.yml +
 release.yml)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- maven.yml → build.yml: build-only, push (branches-ignore main, kein
  pull_request → keine Doppel-Läufe), concurrency, least-priv permissions;
  JDK-Matrix [11,17,21] behalten; mvn verify statt compile test.
- Action-Versionen auf latest major (checkout@v4, setup-java@v4).
- Toter ACCESS_TOKEN-Env-Var entfernt (in keiner pom.xml referenziert).
- release.yml: explizite permissions: contents: write (JitPack/README).
- Runner unverändert ubuntu-latest (kein self-hosted).

Standard: personal vault/concepts/github-workflow-standard.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/build.yml   | 30 ++++++++++++++++++++++++++++++
 .github/workflows/maven.yml   | 26 --------------------------
 .github/workflows/release.yml |  3 +++
 3 files changed, 33 insertions(+), 26 deletions(-)
 create mode 100644 .github/workflows/build.yml
 delete mode 100644 .github/workflows/maven.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..b3ebf31
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,30 @@
+name: Build
+
+on:
+  push:
+    branches-ignore: [main]   # main = release branch → release.yml; PRs inherit via head SHA
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build for JDK ${{ matrix.java }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [11, 17, 21]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: temurin
+          cache: maven
+      - name: Build & test
+        run: mvn -B -ntp verify
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
deleted file mode 100644
index 4d87afa..0000000
--- a/.github/workflows/maven.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
-
-name: Java CI with Maven
-
-on: [ push,  pull_request ]
-
-jobs:
-  build:
-    name: Build for JDK ${{ matrix.java }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        java: [ 11, 17, 21 ]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v4
-        with:
-          java-version: ${{ matrix.java }}
-          distribution: 'temurin'
-          cache: maven
-      - name: Build with Maven
-        run: mvn -B -U compile test --file pom.xml
-        env:
-          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c33c1d2..266db08 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,9 @@ on:
   release:
     types: [published]
 
+permissions:
+  contents: write   # README version bump push
+
 jobs:
   trigger-jitpack:
     name: Trigger JitPack Build

From 49ffb97c8a4a9e5863d3fbb9cd4fef34b5fd7fab Mon Sep 17 00:00:00 2001
From: glaude <glaude@traffino.com>
Date: Tue, 26 May 2026 22:56:54 +0200
Subject: [PATCH 2/2] ci: add CODEOWNERS + auto-assign (codejanovic)

Reviewer via CODEOWNERS, Assignee via auto-assign workflow.
Standard: personal vault/concepts/github-workflow-standard.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/CODEOWNERS                |  3 +++
 .github/workflows/auto-assign.yml | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/auto-assign.yml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..8bbcad1
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# Code owner: auto-request review from codejanovic on every PR.
+# Enforce via branch protection "Require review from Code Owners".
+* @codejanovic
diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml
new file mode 100644
index 0000000..bf216bf
--- /dev/null
+++ b/.github/workflows/auto-assign.yml
@@ -0,0 +1,24 @@
+# Sets codejanovic as ASSIGNEE on every PR (reviewer handled by .github/CODEOWNERS).
+name: Auto-assign
+
+on:
+  pull_request:
+    types: [opened, reopened]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  assign:
+    if: github.event.pull_request.head.repo.full_name == github.repository
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.addAssignees({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              assignees: ['codejanovic'],
+            });