diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ada5dd74f089..22a0ebc84c9d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -117,6 +117,9 @@ jobs:
run: |
./mvnw test -am -pl "$(.github/scripts/find-modules-with-unit-tests.sh)"
+ - name: Sanity Check
+ run: ./mvnw rewrite:dryRun
+
base-integration-tests:
name: Base IT
needs: build
diff --git a/boms/pom.xml b/boms/pom.xml
index a9f5de04ddb8..9f615be03ced 100644
--- a/boms/pom.xml
+++ b/boms/pom.xml
@@ -82,6 +82,30 @@
com.diffplug.spotless
spotless-maven-plugin
${spotless-plugin.version}
+
+
+
+
+
+
+
+ org.openrewrite.maven
+ rewrite-maven-plugin
+ 6.23.0
+
+
+ org.keycloak.openrewrite.SanityCheck
+
+ true
+ true
+
+
+
+ org.openrewrite.recipe
+ rewrite-rewrite
+ 0.15.0
+
+
diff --git a/pom.xml b/pom.xml
index d3cabd03cb9f..efd145e344fc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1557,6 +1557,25 @@
+
+ org.openrewrite.maven
+ rewrite-maven-plugin
+ 6.23.0
+
+
+ org.keycloak.openrewrite.SanityCheck
+
+ true
+ true
+
+
+
+ org.openrewrite.recipe
+ rewrite-rewrite
+ 0.15.0
+
+
+
diff --git a/rewrite.yml b/rewrite.yml
new file mode 100644
index 000000000000..2374e51540b2
--- /dev/null
+++ b/rewrite.yml
@@ -0,0 +1,8 @@
+---
+type: specs.openrewrite.org/v1beta/recipe
+name: org.keycloak.openrewrite.SanityCheck
+displayName: Apply Java & Maven best practices
+description: Comprehensive code quality recipe combining modernization, security, and best practices.
+recipeList:
+ - org.openrewrite.java.security.JavaSecurityBestPractices
+---