feat(http-client): add Android support and implement SPI for A2AHttpClient

.github/workflows/build-and-test.yml

@@ -18,7 +18,7 @@ jobs:
       matrix:
         java-version: ['17', '21', '25']
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Set up JDK ${{ matrix.java-version }}
       uses: actions/setup-java@v4
       with:
@@ -29,7 +29,7 @@ jobs:
       run: mvn -B package --file pom.xml -fae
     - name: Upload Test Reports
       if: failure()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: surefire-reports-java-${{ matrix.java-version }}
         path: |
@@ -39,7 +39,7 @@ jobs:
         if-no-files-found: warn
     - name: Upload Build Logs
       if: failure()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: build-logs-java-${{ matrix.java-version }}
         path: |

.github/workflows/build-with-release-profile.yml

@@ -1,12 +1,13 @@
-name: Build with '-Prelease'
-
-# Simply runs the build with -Prelease to avoid nasty surprises when running the release-to-maven-central workflow.
+name: Build with '-Prelease' (Trigger)
 
+# Trigger workflow for release profile build verification.
+# This workflow runs on PRs and uploads the PR info for the workflow_run job.
+# The actual build with secrets happens in build-with-release-profile-run.yml
+# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
 
 on:
-  # Handle all branches for now
+  pull_request:  # Changed from pull_request_target for security
   push:
-  pull_request_target:
   workflow_dispatch:
 
 # Only run the latest job
@@ -15,47 +16,35 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  trigger:
     # Only run this job for the main repository, not for forks
     if: github.repository == 'a2aproject/a2a-java'
     runs-on: ubuntu-latest
     permissions:
       contents: read
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          cache: maven
-
-      # Use secrets to import GPG key
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.GPG_SIGNING_KEY }}
-          passphrase: ${{ secrets.GPG_SIGNING_PASSPHRASE }}
-
-      # Create settings.xml for Maven since it needs the 'central-a2asdk-temp' server.
-      # Populate wqith username and password from secrets
-      - name: Create settings.xml
+      - name: Prepare PR info
         run: |
-          mkdir -p ~/.m2
-          echo "<settings><servers><server><id>central-a2asdk-temp</id><username>${{ secrets.CENTRAL_TOKEN_USERNAME }}</username><password>${{ secrets.CENTRAL_TOKEN_PASSWORD }}</password></server></servers></settings>" > ~/.m2/settings.xml
-
-      # Build with the same settings as the deploy job
-      # -s uses the settings file we created.
-      - name: Build with same arguments as deploy job
-        run: >
-          mvn -B install
-          -s ~/.m2/settings.xml
-          -P release
-          -DskipTests
-          -Drelease.auto.publish=true
-        env:
-          # GPG passphrase is set as an environment variable for the gpg plugin to use
-          GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }}
+          mkdir -p pr_info
+
+          # Store PR number for workflow_run job
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            echo ${{ github.event.number }} > pr_info/pr_number
+            echo ${{ github.event.pull_request.head.sha }} > pr_info/pr_sha
+            echo ${{ github.event.pull_request.head.ref }} > pr_info/pr_ref
+          else
+            # For push events, store the commit sha
+            echo ${{ github.sha }} > pr_info/pr_sha
+            echo ${{ github.ref }} > pr_info/pr_ref
+          fi
+
+          echo "Event: ${{ github.event_name }}"
+          cat pr_info/*
+
+      - name: Upload PR info
+        uses: actions/upload-artifact@v6
+        with:
+          name: pr-info
+          path: pr_info/
+          retention-days: 1

.github/workflows/cloud-deployment-example.yml

@@ -16,8 +16,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
-
+        uses: actions/checkout@v6
       - name: Set up JDK 17
         uses: actions/setup-java@v5
         with:
@@ -27,7 +26,7 @@ jobs:
 
       - name: Install Kind
         run: |
-          curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
+          curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.31.0/kind-linux-amd64
           chmod +x ./kind
           sudo mv ./kind /usr/local/bin/kind
           kind version
@@ -58,7 +57,8 @@ jobs:
           mvn test-compile exec:java \
             -Dexec.mainClass="io.a2a.examples.cloud.A2ACloudExampleClient" \
             -Dexec.classpathScope=test \
-            -Dagent.url=http://localhost:8080
+            -Dagent.url=http://localhost:8080 \
+            -Dci.mode=true
 
       - name: Show diagnostics on failure
         if: failure()

README.md

@@ -394,7 +394,7 @@ Different transport protocols can be configured with specific settings using spe
 
 ##### JSON-RPC Transport Configuration
 
-For the JSON-RPC transport, to use the default `JdkA2AHttpClient`, provide a `JSONRPCTransportConfig` created with its default constructor.
+For the JSON-RPC transport, to use the default HTTP client (resolved automatically by `A2AHttpClientFactory`), provide a `JSONRPCTransportConfig` created with its default constructor.
 
 To use a custom HTTP client implementation, simply create a `JSONRPCTransportConfig` as follows:
 
@@ -441,7 +441,7 @@ Client client = Client
 
 ##### HTTP+JSON/REST Transport Configuration
 
-For the HTTP+JSON/REST transport, if you'd like to use the default `JdkA2AHttpClient`, provide a `RestTransportConfig` created with its default constructor.
+For the HTTP+JSON/REST transport, to use the default HTTP client (resolved automatically by `A2AHttpClientFactory`), provide a `RestTransportConfig` created with its default constructor.
 
 To use a custom HTTP client implementation, simply create a `RestTransportConfig` as follows: