From 329b3dee162332cdecc360b85434e8f83104f3d8 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 14:39:40 +0200
Subject: [PATCH 01/62] Upload Windows binaries earlier

---
 .github/workflows/deployment.yml | 26 +++++---------------------
 1 file changed, 5 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index a24306dda91..0cfeed2237b 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -155,7 +155,7 @@ jobs:
       - name: Prepare merged jars and modules dir (macos)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
-      - name: Build installer (non-macos)
+      - name: Build installer (non-macOS)
         if: (matrix.os != 'macos-latest')
         shell: bash
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
@@ -230,8 +230,8 @@ jobs:
           ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
-      - name: Upload to builds.jabref.org (ubuntu)
-        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+      - name: Upload to builds.jabref.org (ubuntu, Windows)
+        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         uses: Pendect/action-rsyncer@v2.0.0
         env:
           DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }}
@@ -241,12 +241,6 @@ jobs:
           ssh_options: '-p 9922'
           src: 'build/distribution/'
           dest: jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
-      - name: Upload to GitHub workflow artifacts store (Windows)
-        if: (matrix.os == 'windows-latest') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        uses: actions/upload-artifact@v3
-        with:
-          name: JabRef-${{ matrix.displayName }}
-          path: build/distribution
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         uses: actions/upload-artifact@v3
@@ -294,23 +288,19 @@ jobs:
           name: JabRef-macOS-tbn
           path: build/distribution/
       - name: Notarize dmg
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') ||  inputs.notarization == true)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         shell: bash
         run: |
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
           xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg --keychain-profile "notarytool-profile" --wait
           xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg
       - name: Notarize pkg
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') ||  inputs.notarization == true)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         shell: bash
         run: |
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
           xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg --keychain-profile "notarytool-profile" --wait
           xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg
-      - name: Package application image
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (matrix.os != 'macos-latest')
-        shell: bash
-        run: ${{ matrix.archivePortable }}
       - name: Upload to GitHub workflow artifacts store
         if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         uses: actions/upload-artifact@v3
@@ -352,12 +342,6 @@ jobs:
         if: steps.checksecrets.outputs.secretspresent == 'YES'
         id: gitversion
         uses: gittools/actions/gitversion/execute@v0.10.2
-      - name: Get Windows binaries
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: actions/download-artifact@master
-        with:
-          name: JabRef-windows
-          path: build/distribution
       - name: Get macOS binaries unsigned
         if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == false && !startsWith(github.ref, 'refs/tags/'))
         uses: actions/download-artifact@master

From 67e6ed27a95b4775be11b961cf0d5bce1504b491 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 14:42:37 +0200
Subject: [PATCH 02/62] Refine job name

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 0cfeed2237b..91d41c67a90 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -310,7 +310,7 @@ jobs:
   upload:
     strategy:
       fail-fast: false
-    name: Upload binaries on builds.jabref.org
+    name: Upload macOS binaries on builds.jabref.org
     runs-on: ubuntu-latest
     needs: [build, notarize]
     if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}

From ec7069e9e0c705b3a0d42116faf60fe72d6708f3 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 15:19:23 +0200
Subject: [PATCH 03/62] Try plain rsync

---
 .github/workflows/deployment.yml | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 91d41c67a90..81f0cdbba45 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -354,19 +354,14 @@ jobs:
         with:
           name: JabRef-macOS
           path: build/distribution/
-      # Upload to build server using rsync
-      # The action runs on linux only (because it is a Dockerized action), therefore it is embedded in a separate workflow
       - name: Upload to builds.jabref.org
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: Pendect/action-rsyncer@v2.0.0
-        env:
-          DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }}
-        with:
-          flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync"
-          options: ''
-          ssh_options: '-p 9922'
-          src: 'build/distribution/'
-          dest: jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+        if: steps.checksecrets.outputs.secretspresent == 'YES' && !startsWith(github.ref, 'refs/heads/gh-readonly-queue')
+        shell: bash
+        run: |
+          set -e
+          mkdir -p ~/.ssh
+          cat "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Comment PR
         if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'
         uses: thollander/actions-comment-pull-request@v2

From a5fee7ebb0d9b104f34667dee3d6520df7ec9c4c Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 15:54:36 +0200
Subject: [PATCH 04/62] I hope, I got the right place now

---
 .github/workflows/deployment.yml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 81f0cdbba45..08ccca0de04 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -232,15 +232,12 @@ jobs:
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
       - name: Upload to builds.jabref.org (ubuntu, Windows)
         if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        uses: Pendect/action-rsyncer@v2.0.0
-        env:
-          DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }}
-        with:
-          flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync"
-          options: ''
-          ssh_options: '-p 9922'
-          src: 'build/distribution/'
-          dest: jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+        shell: bash
+        run: |
+          set -e
+          mkdir -p ~/.ssh
+          cat "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         uses: actions/upload-artifact@v3

From f6f508748837e1cc1bb4891e60c3acfc525da139 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 16:15:52 +0200
Subject: [PATCH 05/62] Fix "echo" vs. "cat"

---
 .github/workflows/deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 08ccca0de04..7160aae466a 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -236,7 +236,7 @@ jobs:
         run: |
           set -e
           mkdir -p ~/.ssh
-          cat "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
+          echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
@@ -357,7 +357,7 @@ jobs:
         run: |
           set -e
           mkdir -p ~/.ssh
-          cat "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
+          echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Comment PR
         if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'

From fb3093c70463b0ac588e25a7a06c9a52a6aa9a24 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 16:42:50 +0200
Subject: [PATCH 06/62] Install rsync on Windows

---
 .github/workflows/deployment.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 7160aae466a..c034e2668ad 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -230,6 +230,14 @@ jobs:
           ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
+      - name: Setup rsync (Windows)
+        # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
+        # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
+        # We cannot use "setup-rsync", because that does not work on Windows
+        if: matrix.os == 'windows-latest'
+        uses: egor-tensin/setup-cygwin@v4
+        with:
+          packages: rsync
       - name: Upload to builds.jabref.org (ubuntu, Windows)
         if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash

From 30b7c1827b2cc141dcfb59d95e10af2c2be21e9e Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 17:13:40 +0200
Subject: [PATCH 07/62] Remove non-working "set -e"

---
 .github/workflows/deployment.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c034e2668ad..7f9a6dc16ff 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -242,7 +242,6 @@ jobs:
         if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
-          set -e
           mkdir -p ~/.ssh
           echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/

From 9b0f7adef2ce7b01da9ae78baaa0f45bd5e89767 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 20:40:45 +0200
Subject: [PATCH 08/62] Debug

---
 .github/workflows/deployment.yml | 52 ++++++++++++++++++++++++++++----
 1 file changed, 46 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 7f9a6dc16ff..600504fdb46 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -85,6 +85,34 @@ jobs:
       - name: Run GitVersion
         id: gitversion
         uses: gittools/actions/gitversion/execute@v0.10.2
+      - name: Setup rsync (Windows)
+        # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
+        # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
+        # We cannot use "setup-rsync", because that does not work on Windows
+        # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
+        if: matrix.os == 'windows-latest'
+        run: choco install rsync
+      - name: Setup ssh key (linux)
+        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        run: |
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          chmod 600 ~/.ssh/id_rsa
+          mkdir -p build/distribution
+          touch build/distribution/test.txt
+      - name: Setup ssh key (Windows)
+        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        shell: bash
+        run: |
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          mkdir -p build/distribution
+          touch build/distribution/test.txt
+          chmod 600 ~/.ssh/id_rsa
+      - name: Upload to builds.jabref.org (ubuntu, Windows)
+        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        shell: bash
+        run: |
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey' -o StrictHostKeyChecking=no build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          exit 1
       - name: Setup JDK
         uses: actions/setup-java@v3
         with:
@@ -234,17 +262,29 @@ jobs:
         # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
         # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
         # We cannot use "setup-rsync", because that does not work on Windows
+        # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
         if: matrix.os == 'windows-latest'
-        uses: egor-tensin/setup-cygwin@v4
-        with:
-          packages: rsync
+        run: choco install rsync
+      - name: Setup ssh key (linux)
+        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        run: |
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          chmod 600 ~/.ssh/id_rsa
+          mkdir -p build/distribution
+          touch build/distribution/test.txt
+      - name: Setup ssh key (Windows)
+        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        shell: bash
+        run: |
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          mkdir -p build/distribution
+          touch build/distribution/test.txt
+          chmod 600 ~/.ssh/id_rsa
       - name: Upload to builds.jabref.org (ubuntu, Windows)
         if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey' -o StrictHostKeyChecking=no build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         uses: actions/upload-artifact@v3

From 1689bba34d81d2cb99f4c3f20007c1e667b15cf5 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 20:47:24 +0200
Subject: [PATCH 09/62] Fix argument

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 600504fdb46..31556edc8a7 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -111,7 +111,7 @@ jobs:
         if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey' -o StrictHostKeyChecking=no build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
           exit 1
       - name: Setup JDK
         uses: actions/setup-java@v3

From e1d6c1a8afcb4315a320c248f9bb16a3825f99c5 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 20:50:51 +0200
Subject: [PATCH 10/62] Remove outdated checks

---
 .github/workflows/deployment-arm64.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/deployment-arm64.yml b/.github/workflows/deployment-arm64.yml
index c2d54a8e7a1..87338bcee4c 100644
--- a/.github/workflows/deployment-arm64.yml
+++ b/.github/workflows/deployment-arm64.yml
@@ -172,11 +172,6 @@ jobs:
         if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
         shell: bash
         run: |
-          mkdir ${{runner.temp}}/sshkey
-          if [[ -z "${{ secrets.buildJabRefPrivateKey }}" ]]; then
-            echo "buildJabRefPrivateKey is empty, exiting"
-            exit 1
-          fi
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store
         if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}

From e27deb020ea632f2b44c9c82d92d9921f6393cdd Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 20:51:34 +0200
Subject: [PATCH 11/62] Fix path

---
 .github/workflows/deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 31556edc8a7..c1ae20f9fb7 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -96,7 +96,7 @@ jobs:
         if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
-          chmod 600 ~/.ssh/id_rsa
+          chmod 600 sshkey
           mkdir -p build/distribution
           touch build/distribution/test.txt
       - name: Setup ssh key (Windows)
@@ -106,7 +106,7 @@ jobs:
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           mkdir -p build/distribution
           touch build/distribution/test.txt
-          chmod 600 ~/.ssh/id_rsa
+          chmod 600 sshkey
       - name: Upload to builds.jabref.org (ubuntu, Windows)
         if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash

From 9c8e3d3c3999b506c24f01aabd605fbcdf1f233e Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 21:07:23 +0200
Subject: [PATCH 12/62] Try different rsync on Windows

---
 .github/workflows/deployment.yml | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c1ae20f9fb7..a4631265c20 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -91,28 +91,26 @@ jobs:
         # We cannot use "setup-rsync", because that does not work on Windows
         # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
         if: matrix.os == 'windows-latest'
-        run: choco install rsync
-      - name: Setup ssh key (linux)
-        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        run: choco install --no-progress rsync
+      - name: Setup ssh key (linux, Windows)
+        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
           mkdir -p build/distribution
           touch build/distribution/test.txt
-      - name: Setup ssh key (Windows)
-        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        shell: bash
-        run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
-          mkdir -p build/distribution
-          touch build/distribution/test.txt
-          chmod 600 sshkey
-      - name: Upload to builds.jabref.org (ubuntu, Windows)
-        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+      - name: Upload to builds.jabref.org (linux)
+        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
           exit 1
+      - name: Upload to builds.jabref.org (Windows)
+        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        shell: cmd
+        run: |
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          exit 1
       - name: Setup JDK
         uses: actions/setup-java@v3
         with:

From ebb86af8106239d62d9a9d11eb5d8af2fd200fe7 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 21:10:22 +0200
Subject: [PATCH 13/62] Fix path

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index a4631265c20..93fb8a86562 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -109,7 +109,7 @@ jobs:
         if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: cmd
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
           exit 1
       - name: Setup JDK
         uses: actions/setup-java@v3

From 4cf4a8f30cedbe1d2f0ffe266e6a17b0a45244f5 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 21:24:38 +0200
Subject: [PATCH 14/62] Try it live

---
 .github/workflows/deployment.yml | 53 +++++++-------------------------
 1 file changed, 11 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 93fb8a86562..f36671a4a41 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -85,32 +85,6 @@ jobs:
       - name: Run GitVersion
         id: gitversion
         uses: gittools/actions/gitversion/execute@v0.10.2
-      - name: Setup rsync (Windows)
-        # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
-        # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
-        # We cannot use "setup-rsync", because that does not work on Windows
-        # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
-        if: matrix.os == 'windows-latest'
-        run: choco install --no-progress rsync
-      - name: Setup ssh key (linux, Windows)
-        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
-          chmod 600 sshkey
-          mkdir -p build/distribution
-          touch build/distribution/test.txt
-      - name: Upload to builds.jabref.org (linux)
-        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        shell: bash
-        run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
-          exit 1
-      - name: Upload to builds.jabref.org (Windows)
-        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        shell: cmd
-        run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
-          exit 1
       - name: Setup JDK
         uses: actions/setup-java@v3
         with:
@@ -262,27 +236,22 @@ jobs:
         # We cannot use "setup-rsync", because that does not work on Windows
         # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
         if: matrix.os == 'windows-latest'
-        run: choco install rsync
-      - name: Setup ssh key (linux)
-        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        run: choco install --no-progress rsync
+      - name: Setup ssh key (linux, Windows)
+        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
-          chmod 600 ~/.ssh/id_rsa
-          mkdir -p build/distribution
-          touch build/distribution/test.txt
-      - name: Setup ssh key (Windows)
-        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+          chmod 600 sshkey
+      - name: Upload to builds.jabref.org (linux)
+        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
-          mkdir -p build/distribution
-          touch build/distribution/test.txt
-          chmod 600 ~/.ssh/id_rsa
-      - name: Upload to builds.jabref.org (ubuntu, Windows)
-        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        shell: bash
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+      - name: Upload to builds.jabref.org (Windows)
+        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        shell: cmd
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey' -o StrictHostKeyChecking=no build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         uses: actions/upload-artifact@v3

From 6416a36b0d1d10d3b68ac9dc4000d424e81a7ff9 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 21:26:46 +0200
Subject: [PATCH 15/62] Merge jobs

---
 .github/workflows/deployment.yml | 53 --------------------------------
 1 file changed, 53 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index f36671a4a41..c1e1ffc16f6 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -312,59 +312,6 @@ jobs:
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
           xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg --keychain-profile "notarytool-profile" --wait
           xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg
-      - name: Upload to GitHub workflow artifacts store
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        uses: actions/upload-artifact@v3
-        with:
-          name: JabRef-macOS
-          path: build/distribution
-  upload:
-    strategy:
-      fail-fast: false
-    name: Upload macOS binaries on builds.jabref.org
-    runs-on: ubuntu-latest
-    needs: [build, notarize]
-    if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
-    steps:
-      - name: Check secrets presence
-        id: checksecrets
-        shell: bash
-        run: |
-          if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
-            echo "secretspresent=NO" >> $GITHUB_OUTPUT
-          else
-            echo "secretspresent=YES" >> $GITHUB_OUTPUT
-          fi
-        env:
-          BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
-      - name: Checkout source
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: 'true'
-          show-progress: 'false'
-      - name: Install GitVersion
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: gittools/actions/gitversion/setup@v0.10.2
-        with:
-          versionSpec: '5.x'
-      - name: Run GitVersion
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        id: gitversion
-        uses: gittools/actions/gitversion/execute@v0.10.2
-      - name: Get macOS binaries unsigned
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == false && !startsWith(github.ref, 'refs/tags/'))
-        uses: actions/download-artifact@master
-        with:
-          name: JabRef-macOS-tbn
-          path: build/distribution/
-      - name: Get macOS binaries notarized
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == true || startsWith(github.ref, 'refs/tags/'))
-        uses: actions/download-artifact@master
-        with:
-          name: JabRef-macOS
-          path: build/distribution/
       - name: Upload to builds.jabref.org
         if: steps.checksecrets.outputs.secretspresent == 'YES' && !startsWith(github.ref, 'refs/heads/gh-readonly-queue')
         shell: bash

From a37430d997017b367deefe8aa630bf9eaff2df15 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 22:00:45 +0200
Subject: [PATCH 16/62] Fix host key checking on macOS upload

---
 .github/workflows/deployment.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c1e1ffc16f6..10537e8e90f 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -316,10 +316,9 @@ jobs:
         if: steps.checksecrets.outputs.secretspresent == 'YES' && !startsWith(github.ref, 'refs/heads/gh-readonly-queue')
         shell: bash
         run: |
-          set -e
           mkdir -p ~/.ssh
           echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Comment PR
         if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'
         uses: thollander/actions-comment-pull-request@v2

From c37d2b47131dead22ce739c4bdba39e1502d2ac2 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 22:12:26 +0200
Subject: [PATCH 17/62] Reuse information from previous job

---
 .github/workflows/deployment.yml | 32 ++++++++++----------------------
 1 file changed, 10 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 10537e8e90f..5d53ccab6cf 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -53,6 +53,10 @@ jobs:
             displayName: macOS
             eaJDK: https://files.jabref.org/jdks/jdk-macos-x64.tar.gz
     runs-on: ${{ matrix.os }}
+    outputs:
+      major: ${{ steps.gitversion.outputs.Major }}
+      minor: ${{ steps.gitversion.outputs.Minor }}
+      branchname: ${{ steps.gitversion.outputs.branchName }}
     name: Create installer and portable version for ${{ matrix.displayName }}
     steps:
       - name: Check secrets presence
@@ -276,23 +280,7 @@ jobs:
           fi
         env:
           BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
-      - name: Fetch all history for all tags and branches
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: 'true'
-          show-progress: 'false'
-      - name: Install GitVersion
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: gittools/actions/gitversion/setup@v0.10.2
-        with:
-          versionSpec: "5.x"
-      - name: Run GitVersion
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
-        id: gitversion
-        uses: gittools/actions/gitversion/execute@v0.10.2
-      - name: Get macOS binaries
+      - name: Download from GitHub workflow artifacts store (macOS)
         if: steps.checksecrets.outputs.secretspresent == 'YES'
         uses: actions/download-artifact@master
         with:
@@ -303,22 +291,22 @@ jobs:
         shell: bash
         run: |
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
-          xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg --keychain-profile "notarytool-profile" --wait
-          xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg
+          xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.dmg --keychain-profile "notarytool-profile" --wait
+          xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.dmg
       - name: Notarize pkg
         if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         shell: bash
         run: |
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
-          xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg --keychain-profile "notarytool-profile" --wait
-          xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg
+          xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.pkg --keychain-profile "notarytool-profile" --wait
+          xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.pkg
       - name: Upload to builds.jabref.org
         if: steps.checksecrets.outputs.secretspresent == 'YES' && !startsWith(github.ref, 'refs/heads/gh-readonly-queue')
         shell: bash
         run: |
           mkdir -p ~/.ssh
           echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
       - name: Comment PR
         if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'
         uses: thollander/actions-comment-pull-request@v2

From 7a0ff36c8d8df464998c048a38c98f55ac2f230a Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 22:34:00 +0200
Subject: [PATCH 18/62] Announce available builds earlier

---
 .github/workflows/deployment.yml | 38 ++++++++++++++++----------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 5d53ccab6cf..132b84b9b0a 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -241,13 +241,13 @@ jobs:
         # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
         if: matrix.os == 'windows-latest'
         run: choco install --no-progress rsync
-      - name: Setup ssh key (linux, Windows)
-        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+      - name: Setup ssh key
+        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-      - name: Upload to builds.jabref.org (linux)
-        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+      - name: Upload to builds.jabref.org (linux, macOS)
+        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
@@ -256,15 +256,23 @@ jobs:
         shell: cmd
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+      - name: Comment PR
+        if: (github.event_name == 'pull_request') && (steps.checksecrets.outputs.secretspresent == 'YES')
+        uses: thollander/actions-comment-pull-request@v2
+        with:
+          message: |
+            The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>.
+          comment_tag: download-link
+          mode: recreate
       - name: Upload to GitHub workflow artifacts store (macOS)
-        if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
         with:
           # tbn = to-be-notarized
           name: JabRef-macOS-tbn
           path: build/distribution
   notarize: # outsourced in a separate job to be able to rerun if this fails for timeouts
-    name: Notarize and package macOS binaries
+    name: Notarize macOS binaries
     runs-on: macos-latest
     needs: [build]
     if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
@@ -281,7 +289,7 @@ jobs:
         env:
           BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
       - name: Download from GitHub workflow artifacts store (macOS)
-        if: steps.checksecrets.outputs.secretspresent == 'YES'
+        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/download-artifact@master
         with:
           name: JabRef-macOS-tbn
@@ -301,17 +309,9 @@ jobs:
           xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.pkg --keychain-profile "notarytool-profile" --wait
           xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.pkg
       - name: Upload to builds.jabref.org
-        if: steps.checksecrets.outputs.secretspresent == 'YES' && !startsWith(github.ref, 'refs/heads/gh-readonly-queue')
+        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         shell: bash
         run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.buildJabRefPrivateKey }}" > ~/.ssh/id_rsa
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
-      - name: Comment PR
-        if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'
-        uses: thollander/actions-comment-pull-request@v2
-        with:
-          message: |
-            The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>.
-          comment_tag: download-link
-          mode: recreate
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          chmod 600 sshkey
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

From 82f7e262cdc3eb736deb1ae1be58108bd03651c2 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 22:34:27 +0200
Subject: [PATCH 19/62] Generate journal-list.mv file only if necessary

---
 .github/workflows/refresh-journal-lists.yml            |  2 +-
 build.gradle                                           | 10 +++++++---
 .../java/org/jabref/cli/JournalListMvGenerator.java    |  6 ------
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/refresh-journal-lists.yml b/.github/workflows/refresh-journal-lists.yml
index 340fb4553f3..5ab88581d88 100644
--- a/.github/workflows/refresh-journal-lists.yml
+++ b/.github/workflows/refresh-journal-lists.yml
@@ -41,7 +41,7 @@ jobs:
           cache: 'gradle'
       - name: Check whether journal-list.mv can be generated (the "real" generation is done inside JabRef's build process)
         run: |
-          ./gradlew generateJournalAbbreviationList
+          ./gradlew generateJournalListMV
       - uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/build.gradle b/build.gradle
index a35aeb84d2f..707dc6ecc75 100644
--- a/build.gradle
+++ b/build.gradle
@@ -329,14 +329,18 @@ tasks.register("generateSearchGrammarSource", JavaExec) {
     args  = ["-o","src-gen/main/java/org/jabref/search" , "-visitor", "-no-listener", "-package", "org.jabref.search", "$projectDir/src/main/antlr4/org/jabref/search/Search.g4"]
 }
 
-tasks.register("generateJournalAbbreviationList", JavaExec) {
+tasks.register("generateJournalListMV", JavaExec) {
     group = "JabRef"
     description = "Converts the comma-separated journal abbreviation file to a H2 MVStore"
     classpath = sourceSets.main.runtimeClasspath
     main = "org.jabref.cli.JournalListMvGenerator"
+    outputs.file("build/resources/main/journals/journal-list.mv")
+    onlyIf {
+        !file("build/resources/main/journals/journal-list.mv").exists()
+    }
 }
-jar.dependsOn "generateJournalAbbreviationList"
-test.dependsOn "generateJournalAbbreviationList"
+jar.dependsOn "generateJournalListMV"
+test.dependsOn "generateJournalListMV"
 
 tasks.register('generateCitaviSource', XjcTask) {
     group = 'JabRef'
diff --git a/src/main/java/org/jabref/cli/JournalListMvGenerator.java b/src/main/java/org/jabref/cli/JournalListMvGenerator.java
index 35f25a6edbe..9a4fd3d67c6 100644
--- a/src/main/java/org/jabref/cli/JournalListMvGenerator.java
+++ b/src/main/java/org/jabref/cli/JournalListMvGenerator.java
@@ -27,12 +27,6 @@ public static void main(String[] args) throws IOException {
             System.exit(0);
         }
         Path journalListMvFile = Path.of("build", "resources", "main", "journals", "journal-list.mv");
-        if (Files.exists(journalListMvFile)) {
-            System.out.println("Target " + journalListMvFile.toAbsolutePath() + " already exists.");
-            System.out.println("Skipping generation.");
-            System.out.println("If you really want to re-generate, please delete the file.");
-            System.exit(0);
-        }
 
         Set<String> ignoredNames = Set.of(
                 // remove all lists without dot in them:

From 915413f9060908f1bec704830344fac0c5ef12ec Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 22:40:44 +0200
Subject: [PATCH 20/62] Merge jlinkZip and jpackage calls

---
 .github/workflows/deployment.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 132b84b9b0a..d717d719c7e 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -153,16 +153,9 @@ jobs:
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           create-keychain: false
           keychain-password: jabref
-      - name: Build runtime image (non-macOS)
-        if: (matrix.os != 'macos-latest')
-        run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jlinkZip
       - name: Prepare merged jars and modules dir (macos)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
-      - name: Build installer (non-macOS)
-        if: (matrix.os != 'macos-latest')
-        shell: bash
-        run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
       - name: Build dmg (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
@@ -213,7 +206,11 @@ jobs:
           --resource-dir buildres/mac \
           --file-associations buildres/mac/bibtexAssociations.properties \
           --jlink-options --bind-services
-      - name: Package application image (non-macOS)
+      - name: Build runtime image and installer (linux, Windows)
+        if: (matrix.os != 'macos-latest')
+        shell: bash
+        run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jlinkZip jpackage
+      - name: Package application image (linux, Windows)
         if: (matrix.os != 'macos-latest')
         shell: bash
         run: ${{ matrix.archivePortable }}

From 36511c0b439aeb0cc67874f217f6a5a34e44a8ec Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 23:02:54 +0200
Subject: [PATCH 21/62] Add workaround for badass issue

---
 .github/workflows/deployment.yml | 2 +-
 build.gradle                     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index d717d719c7e..11421d39ef1 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -209,7 +209,7 @@ jobs:
       - name: Build runtime image and installer (linux, Windows)
         if: (matrix.os != 'macos-latest')
         shell: bash
-        run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jlinkZip jpackage
+        run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage jlinkZip
       - name: Package application image (linux, Windows)
         if: (matrix.os != 'macos-latest')
         shell: bash
diff --git a/build.gradle b/build.gradle
index 1ccaec7c451..e12ae4020af 100644
--- a/build.gradle
+++ b/build.gradle
@@ -554,6 +554,7 @@ tasks.register('deleteInstallerTemp', Delete) {
 }
 
 jpackage.dependsOn deleteInstallerTemp
+jlinkZip.dependsOn jpackageImage
 jlink {
     addOptions('--strip-debug', '--compress', '2', '--no-header-files', '--no-man-pages')
     launcher {

From 803b3963e067a0526c88209b90ecca9127eb8869 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 23:16:51 +0200
Subject: [PATCH 22/62] Fix dependency

---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index e12ae4020af..b37d54f51ce 100644
--- a/build.gradle
+++ b/build.gradle
@@ -554,7 +554,7 @@ tasks.register('deleteInstallerTemp', Delete) {
 }
 
 jpackage.dependsOn deleteInstallerTemp
-jlinkZip.dependsOn jpackageImage
+jlinkZip.dependsOn jpackage
 jlink {
     addOptions('--strip-debug', '--compress', '2', '--no-header-files', '--no-man-pages')
     launcher {

From 8acbe0090ca025107de511df3d337b13de345c9a Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 23:42:25 +0200
Subject: [PATCH 23/62] Fix dependency

---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index b37d54f51ce..3de8a685fff 100644
--- a/build.gradle
+++ b/build.gradle
@@ -334,7 +334,7 @@ tasks.register("generateJournalListMV", JavaExec) {
     }
 }
 jar.dependsOn "generateJournalListMV"
-test.dependsOn "generateJournalListMV"
+compileTestJava.dependsOn "generateJournalListMV"
 
 tasks.register('generateCitaviSource', XjcTask) {
     group = 'JabRef'

From 8019928f8dffc6aaabb8e85ccbeba3de3613c779 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 23:43:32 +0200
Subject: [PATCH 24/62] Fix condition

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 11421d39ef1..cf006551a1d 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -244,7 +244,7 @@ jobs:
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
       - name: Upload to builds.jabref.org (linux, macOS)
-        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'windows-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'macos-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/

From 67b0abfd5b6d77c9e5086f44afa62fcc2e43ed3b Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 23:50:23 +0200
Subject: [PATCH 25/62] Remove output (causes issues and does not speed up)

---
 build.gradle | 1 -
 1 file changed, 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 3de8a685fff..17fe64deda5 100644
--- a/build.gradle
+++ b/build.gradle
@@ -328,7 +328,6 @@ tasks.register("generateJournalListMV", JavaExec) {
     description = "Converts the comma-separated journal abbreviation file to a H2 MVStore"
     classpath = sourceSets.main.runtimeClasspath
     mainClass = "org.jabref.cli.JournalListMvGenerator"
-    outputs.file("build/resources/main/journals/journal-list.mv")
     onlyIf {
         !file("build/resources/main/journals/journal-list.mv").exists()
     }

From 2403af99f6f4641052b338c9335b26b16e153b34 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Tue, 19 Sep 2023 23:58:55 +0200
Subject: [PATCH 26/62] Fix casing

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index cf006551a1d..992d918eff0 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -153,7 +153,7 @@ jobs:
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           create-keychain: false
           keychain-password: jabref
-      - name: Prepare merged jars and modules dir (macos)
+      - name: Prepare merged jars and modules dir (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
       - name: Build dmg (macOS)

From 75e6d7cc995d52414972622abad07e1a06736174 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 00:11:00 +0200
Subject: [PATCH 27/62] Comment on PR after *all* builds are uploaded

---
 .github/workflows/deployment.yml | 33 ++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 992d918eff0..ee1e64b518b 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -253,14 +253,6 @@ jobs:
         shell: cmd
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
-      - name: Comment PR
-        if: (github.event_name == 'pull_request') && (steps.checksecrets.outputs.secretspresent == 'YES')
-        uses: thollander/actions-comment-pull-request@v2
-        with:
-          message: |
-            The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>.
-          comment_tag: download-link
-          mode: recreate
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
@@ -268,6 +260,31 @@ jobs:
           # tbn = to-be-notarized
           name: JabRef-macOS-tbn
           path: build/distribution
+  announce:
+    name: Comment on Pull Request
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ github.event_name == 'pull_request' }}
+    steps:
+      - name: Check secrets presence
+        id: checksecrets
+        shell: bash
+        run: |
+          if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
+            echo "secretspresent=NO" >> $GITHUB_OUTPUT
+          else
+            echo "secretspresent=YES" >> $GITHUB_OUTPUT
+          fi
+        env:
+          BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
+      - name: Comment PR
+        if: steps.checksecrets.outputs.secretspresent == 'YES'
+        uses: thollander/actions-comment-pull-request@v2
+        with:
+          message: |
+            The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>.
+          comment_tag: download-link
+          mode: recreate
   notarize: # outsourced in a separate job to be able to rerun if this fails for timeouts
     name: Notarize macOS binaries
     runs-on: macos-latest

From db58f46fcf033d326daf0543b3bcf7681d79bb7e Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 00:11:23 +0200
Subject: [PATCH 28/62] Try better condition for notarization

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index ee1e64b518b..cea153a4e30 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -289,7 +289,7 @@ jobs:
     name: Notarize macOS binaries
     runs-on: macos-latest
     needs: [build]
-    if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
+    if: ${{ startsWith(github.ref, 'refs/tags/') || inputs.notarization == true }}
     steps:
       - name: Check secrets presence
         id: checksecrets

From cae9c42e830d1bd0944fc9e1ba8a7afae0153766 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 00:19:13 +0200
Subject: [PATCH 29/62] macOS: Upload only one version

---
 .github/workflows/deployment.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index cea153a4e30..d8da238599f 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -243,8 +243,15 @@ jobs:
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-      - name: Upload to builds.jabref.org (linux, macOS)
-        if: ((matrix.os == 'ubuntu-latest') || (matrix.os == 'macos-latest')) && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+      - name: Upload to builds.jabref.org (linux)
+        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        shell: bash
+        run: |
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+      - name: Upload to builds.jabref.org (macOS)
+        # Negated condition of "Upload to GitHub workflow artifacts store (macOS)" (and excluding the merge queue)
+        # Reason: We either upload the non-notarized files - or notarize the files later (and upload these later) - (or do nothing in the case of the merge queue)
+        if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && !((matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)) }}
         shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
@@ -254,7 +261,7 @@ jobs:
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
-        if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
+        if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
         with:
           # tbn = to-be-notarized

From 368a8105c40d451f63da3b1cbc24e9ae60e775c8 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:03:08 +0200
Subject: [PATCH 30/62] Use most recent rsync on macOS

---
 .github/workflows/deployment.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index d8da238599f..11b73c8990c 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -231,6 +231,8 @@ jobs:
           ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
+      - name: Setup rsync (macOS)
+        run: brew install rsync
       - name: Setup rsync (Windows)
         # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
         # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows

From 4d333a4b93623edd86a1fdfb3359903d181e9f88 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:13:50 +0200
Subject: [PATCH 31/62] Use GuillaumeFalourd/setup-rsync

---
 .github/workflows/deployment.yml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 11b73c8990c..5721217717f 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -231,15 +231,12 @@ jobs:
           ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
-      - name: Setup rsync (macOS)
-        run: brew install rsync
-      - name: Setup rsync (Windows)
-        # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
-        # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
-        # We cannot use "setup-rsync", because that does not work on Windows
-        # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
-        if: matrix.os == 'windows-latest'
-        run: choco install --no-progress rsync
+      # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
+      # We cannot use rsync directly, because it is outdated on macOS and not available on Windows
+      # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
+      # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
+      - name: Setup rsync
+        uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key
         if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |

From 8a7022202c24036a80586cd9fe751aa85243e65b Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:14:01 +0200
Subject: [PATCH 32/62] Put OS as first in the overview

---
 .github/workflows/deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 5721217717f..c179f3cabdb 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -57,7 +57,7 @@ jobs:
       major: ${{ steps.gitversion.outputs.Major }}
       minor: ${{ steps.gitversion.outputs.Minor }}
       branchname: ${{ steps.gitversion.outputs.branchName }}
-    name: Create installer and portable version for ${{ matrix.displayName }}
+    name: ${{ matrix.displayName }} installer and portable version
     steps:
       - name: Check secrets presence
         id: checksecrets
@@ -292,7 +292,7 @@ jobs:
           comment_tag: download-link
           mode: recreate
   notarize: # outsourced in a separate job to be able to rerun if this fails for timeouts
-    name: Notarize macOS binaries
+    name: macOS notarization
     runs-on: macos-latest
     needs: [build]
     if: ${{ startsWith(github.ref, 'refs/tags/') || inputs.notarization == true }}

From 2f3f020a29ee19bd79c3da971805558ef2774d8e Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:16:07 +0200
Subject: [PATCH 33/62] Refine step names

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c179f3cabdb..7fed0571ac2 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -109,7 +109,7 @@ jobs:
          cat gradle.properties
 
          sed -i "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle
-      - name: Setup JDK jabref-fix (ubuntu)
+      - name: Setup JDK jabref-fix (linux)
         if: (matrix.os == 'ubuntu-latest')
         shell: bash
         run: |
@@ -138,14 +138,14 @@ jobs:
           cat gradle.properties
 
           sed -i'.bak' -e "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle
-      - name: Setup OSX key chain (macOS)
+      - name: Setup macOS key chain
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
         uses: apple-actions/import-codesign-certs@v2
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           keychain-password: jabref
-      - name: Setup OSX key chain on OSX for app id cert (macOS)
+      - name: Setup macOS key chain for app id cert
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
         uses: apple-actions/import-codesign-certs@v2
         with:

From e5f231eaeeedb6ae87eda934c48379b0129b261a Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:22:00 +0200
Subject: [PATCH 34/62] Test new setup rsync

---
 .github/workflows/deployment.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 7fed0571ac2..4c39db47f32 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -35,6 +35,22 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  rsynctest:
+    runs-on: windows-latest
+    steps:
+      - name: Setup rsync
+        uses: GuillaumeFalourd/setup-rsync@test
+      - name: Setup ssh key
+        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
+        run: |
+          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
+          chmod 600 sshkey
+          mkdir -p build/distribution/
+          touch build/distribution/test.txt
+      - name: Upload to builds.jabref.org (Windows)
+        shell: cmd
+        run: |
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
     strategy:
       fail-fast: false

From eec814871a820bea50823f13395301817edc5055 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:26:08 +0200
Subject: [PATCH 35/62] Fix debug

---
 .github/workflows/deployment.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 4c39db47f32..9593371f253 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -41,7 +41,6 @@ jobs:
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey

From df62a79bd1b269274ba9dac2df1a23b4f10c1c95 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:44:57 +0200
Subject: [PATCH 36/62] Try other ssh key location

---
 .github/workflows/deployment.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 9593371f253..daa23c94661 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -41,15 +41,16 @@ jobs:
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key
+        shell: bash
         run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
-          chmod 600 sshkey
+          echo "${{ secrets.buildJabRefPrivateKey }}" > /tmp/sshkey
+          chmod 600 /tmp/sshkey
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)
         shell: cmd
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i /tmp/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
     strategy:
       fail-fast: false

From adeaf8b94d45f55f2658a1212d462b0c84185015 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:49:28 +0200
Subject: [PATCH 37/62] Try other shell

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index daa23c94661..c50f8fccd4b 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -48,7 +48,7 @@ jobs:
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)
-        shell: cmd
+        shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i /tmp/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:

From 2e0190d4b55fef99240ddc563c5986c4d1721a28 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 09:58:48 +0200
Subject: [PATCH 38/62] Try ~/sshkey as path

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c50f8fccd4b..91fc52b86c5 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -43,14 +43,14 @@ jobs:
       - name: Setup ssh key
         shell: bash
         run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > /tmp/sshkey
-          chmod 600 /tmp/sshkey
+          echo "${{ secrets.buildJabRefPrivateKey }}" > ~/sshkey
+          chmod 600 ~/sshkey
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i /tmp/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i ~/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
     strategy:
       fail-fast: false

From 84f15b2a5d31e00b6886cd81617448c741a1c840 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 10:11:19 +0200
Subject: [PATCH 39/62] Revert "Use GuillaumeFalourd/setup-rsync"

This reverts commit 4d333a4b93623edd86a1fdfb3359903d181e9f88.
---
 .github/workflows/deployment.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 91fc52b86c5..d5f94873e27 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -247,12 +247,15 @@ jobs:
           ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
-      # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
-      # We cannot use rsync directly, because it is outdated on macOS and not available on Windows
-      # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
-      # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
-      - name: Setup rsync
-        uses: GuillaumeFalourd/setup-rsync@test
+      - name: Setup rsync (macOS)
+        run: brew install rsync
+      - name: Setup rsync (Windows)
+        # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
+        # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
+        # We cannot use "setup-rsync", because that does not work on Windows
+        # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
+        if: matrix.os == 'windows-latest'
+        run: choco install --no-progress rsync
       - name: Setup ssh key
         if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |

From c8aecd2c7649ca44d021f339a9edbc6b3b84789b Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 10:18:55 +0200
Subject: [PATCH 40/62] Merce linux and macos (by smartly merging the
 conditions

---
 .github/workflows/deployment.yml | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index d5f94873e27..e8bc210ecdf 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -248,36 +248,37 @@ jobs:
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
       - name: Setup rsync (macOS)
+        if: matrix.os == 'macos-latest'
         run: brew install rsync
       - name: Setup rsync (Windows)
+        if: matrix.os == 'windows-latest'
         # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
         # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
         # We cannot use "setup-rsync", because that does not work on Windows
         # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
-        if: matrix.os == 'windows-latest'
         run: choco install --no-progress rsync
       - name: Setup ssh key
         if: (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-      - name: Upload to builds.jabref.org (linux)
-        if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
-        shell: bash
-        run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
-      - name: Upload to builds.jabref.org (macOS)
-        # Negated condition of "Upload to GitHub workflow artifacts store (macOS)" (and excluding the merge queue)
-        # Reason: We either upload the non-notarized files - or notarize the files later (and upload these later) - (or do nothing in the case of the merge queue)
-        if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && !((matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)) }}
-        shell: bash
-        run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to builds.jabref.org (Windows)
         if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         shell: cmd
+        # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+      - name: Upload to builds.jabref.org (linux, macOS)
+        # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
+        #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
+        if: >
+          ${{
+            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
+            ((matrix.os == 'ubuntu-latest') ||
+             (matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
+        shell: bash
+        run: |
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3

From fc10a8ab64f63b0bb6f3f78a2c24ea0200dd9e53 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 10:31:47 +0200
Subject: [PATCH 41/62] Simplify conditions

---
 .github/workflows/deployment.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index e8bc210ecdf..c80e0bdd41d 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -329,27 +329,27 @@ jobs:
         env:
           BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
       - name: Download from GitHub workflow artifacts store (macOS)
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         uses: actions/download-artifact@master
         with:
           name: JabRef-macOS-tbn
           path: build/distribution/
       - name: Notarize dmg
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
           xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.dmg --keychain-profile "notarytool-profile" --wait
           xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.dmg
       - name: Notarize pkg
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "vorstand@jabref.org" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
           xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.pkg --keychain-profile "notarytool-profile" --wait
           xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.pkg
       - name: Upload to builds.jabref.org
-        if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
+        if: (steps.checksecrets.outputs.secretspresent == 'YES')
         shell: bash
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey

From 512fc247b2d06630c377be953f5332d9079a57ce Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 11:48:36 +0200
Subject: [PATCH 42/62] Try to fix condition

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c80e0bdd41d..baaa515ffd8 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -275,7 +275,7 @@ jobs:
           ${{
             (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
             ((matrix.os == 'ubuntu-latest') ||
-             (matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
+             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/

From 4483a1b1b6da9bbb32cf959128ad45ffa5eda478 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 11:48:58 +0200
Subject: [PATCH 43/62] Try to apply
 https://maxschmitt.me/posts/github-actions-ssh-key (and also test condition
 early)

---
 .github/workflows/deployment.yml | 37 ++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index baaa515ffd8..ebd64352909 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -36,8 +36,41 @@ concurrency:
 
 jobs:
   rsynctest:
-    runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
     steps:
+      - name: Check secrets presence
+        id: checksecrets
+        shell: bash
+        run: |
+          if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
+            echo "secretspresent=NO" >> $GITHUB_OUTPUT
+          else
+            echo "secretspresent=YES" >> $GITHUB_OUTPUT
+          fi
+        env:
+          BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
+      - name: should be executed on Windows only
+        if: >
+          ${{
+            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
+            ((matrix.os == 'ubuntu-latest') ||
+             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+        shell: bash
+        run: echo Hello
+      - name: Add SSH key
+        env:
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+        run: |
+          mkdir -p /home/runner/.ssh
+          ssh-keyscan build-upload.jabref.org >> /home/runner/.ssh/known_hosts
+          echo "${{ secrets.buildJabRefPrivateKey }}" > /home/runner/.ssh/github_actions
+          chmod 600 /home/runner/.ssh/github_actions
+          ssh-agent -a $SSH_AUTH_SOCK
+          ssh-add /home/runner/.ssh/github_actions
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key
@@ -50,7 +83,7 @@ jobs:
       - name: Upload to builds.jabref.org (Windows)
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i ~/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
     strategy:
       fail-fast: false

From 61f8f1f15f941b0d456dc42f90535e211c0e8471 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 11:56:45 +0200
Subject: [PATCH 44/62] Try runner.temp for ssh key

---
 .github/workflows/deployment.yml | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index ebd64352909..20eea3f78af 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -61,29 +61,23 @@ jobs:
              ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: echo Hello
-      - name: Add SSH key
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-        run: |
-          mkdir -p /home/runner/.ssh
-          ssh-keyscan build-upload.jabref.org >> /home/runner/.ssh/known_hosts
-          echo "${{ secrets.buildJabRefPrivateKey }}" > /home/runner/.ssh/github_actions
-          chmod 600 /home/runner/.ssh/github_actions
-          ssh-agent -a $SSH_AUTH_SOCK
-          ssh-add /home/runner/.ssh/github_actions
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key
         shell: bash
         run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > ~/sshkey
-          chmod 600 ~/sshkey
+          pwd
+          whoami
+          ls -la /tmp
+          ls -la /home
+          echo "${{ secrets.buildJabRefPrivateKey }}" > ${{runner.temp}}/sshkey
+          chmod 600 ${{runner.temp}}/sshkey
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i  ${{runner.temp}}/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
     strategy:
       fail-fast: false

From bd5ec11cb154c0fb47bc9c749ef0934fd35a0c9d Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 11:58:20 +0200
Subject: [PATCH 45/62] Debug conditions

---
 .github/workflows/deployment.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 20eea3f78af..48e68935e18 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -53,14 +53,19 @@ jobs:
           fi
         env:
           BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
-      - name: should be executed on Windows only
+      - name: should NOT be executed on Windows
         if: >
           ${{
             (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
             ((matrix.os == 'ubuntu-latest') ||
              ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
-        run: echo Hello
+        run: |
+          echo Hello
+          echo ${{(!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') }}
+          echo ${{ (matrix.os == 'ubuntu-latest') }}
+          echo ${{ ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
+          echo ${{((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key

From 0aa935cc445e5ce3d34e8f493f4a9965e36ea4c2 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:02:06 +0200
Subject: [PATCH 46/62] Try to debug on Windows, too

---
 .github/workflows/deployment.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 48e68935e18..2fe38643a36 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -71,8 +71,6 @@ jobs:
       - name: Setup ssh key
         shell: bash
         run: |
-          pwd
-          whoami
           ls -la /tmp
           ls -la /home
           echo "${{ secrets.buildJabRefPrivateKey }}" > ${{runner.temp}}/sshkey

From acb341e57ac724149626cbc91fad3ff04814743b Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:03:40 +0200
Subject: [PATCH 47/62] Disable large workflow until tests succeed

---
 .github/workflows/deployment.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 2fe38643a36..0abfe8fc988 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -82,6 +82,7 @@ jobs:
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i  ${{runner.temp}}/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
+    if: false
     strategy:
       fail-fast: false
       matrix:

From 7a6fad8c67480540763b0131312f0fddd5cb9836 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:05:20 +0200
Subject: [PATCH 48/62] WTF GitHub

---
 .github/workflows/deployment.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 0abfe8fc988..0c343f153b6 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -65,7 +65,13 @@ jobs:
           echo ${{(!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') }}
           echo ${{ (matrix.os == 'ubuntu-latest') }}
           echo ${{ ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
-          echo ${{((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+          echo ${{ ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+          echo ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') ||             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+      - run: >
+          echo ${{
+            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
+            ((matrix.os == 'ubuntu-latest') ||
+             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key

From bc44e76d98325cbf2af8bd6b7bdd9e929031751a Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:14:23 +0200
Subject: [PATCH 49/62] Some more debug

---
 .github/workflows/deployment.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 0c343f153b6..2788c633d3e 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -67,11 +67,18 @@ jobs:
           echo ${{ ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
           echo ${{ ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
           echo ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') ||             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-      - run: >
+      - if: >
+          ${{
+            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
+            ((matrix.os == 'ubuntu-latest') ||
+            ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+        run: >
           echo ${{
             (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
             ((matrix.os == 'ubuntu-latest') ||
              ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+      - if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+        run: echo ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key

From 1368a8f0219261a0a428a3a34daab78bdaeaf1e3 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:16:55 +0200
Subject: [PATCH 50/62] Remove debug

---
 .github/workflows/deployment.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 2788c633d3e..5210724abf0 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -84,8 +84,6 @@ jobs:
       - name: Setup ssh key
         shell: bash
         run: |
-          ls -la /tmp
-          ls -la /home
           echo "${{ secrets.buildJabRefPrivateKey }}" > ${{runner.temp}}/sshkey
           chmod 600 ${{runner.temp}}/sshkey
           mkdir -p build/distribution/

From 73cd78e98b0eca005f38c639fa95251b26f2663d Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:19:24 +0200
Subject: [PATCH 51/62] Fix condition

---
 .github/workflows/deployment.yml | 44 ++------------------------------
 1 file changed, 2 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 5210724abf0..5def3ec927e 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -42,43 +42,6 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - name: Check secrets presence
-        id: checksecrets
-        shell: bash
-        run: |
-          if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
-            echo "secretspresent=NO" >> $GITHUB_OUTPUT
-          else
-            echo "secretspresent=YES" >> $GITHUB_OUTPUT
-          fi
-        env:
-          BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
-      - name: should NOT be executed on Windows
-        if: >
-          ${{
-            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
-            ((matrix.os == 'ubuntu-latest') ||
-             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-        shell: bash
-        run: |
-          echo Hello
-          echo ${{(!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') }}
-          echo ${{ (matrix.os == 'ubuntu-latest') }}
-          echo ${{ ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true))) }}
-          echo ${{ ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-          echo ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') ||             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-      - if: >
-          ${{
-            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
-            ((matrix.os == 'ubuntu-latest') ||
-            ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-        run: >
-          echo ${{
-            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
-            ((matrix.os == 'ubuntu-latest') ||
-             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-      - if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
-        run: echo ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
       - name: Setup rsync
         uses: GuillaumeFalourd/setup-rsync@test
       - name: Setup ssh key
@@ -313,11 +276,8 @@ jobs:
       - name: Upload to builds.jabref.org (linux, macOS)
         # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
         #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
-        if: >
-          ${{
-            (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') &&
-            ((matrix.os == 'ubuntu-latest') ||
-             ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
+        # needs to be on one line; multi line does not work
+        if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
           rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/

From 8dbd3f10f80201acf2ced87f897fbdcd7d0bfd72 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:21:00 +0200
Subject: [PATCH 52/62] Try mixed slashes

Source: https://stackoverflow.com/a/68689097/873282
---
 .github/workflows/deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 5def3ec927e..8f193a94252 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -47,8 +47,8 @@ jobs:
       - name: Setup ssh key
         shell: bash
         run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > ${{runner.temp}}/sshkey
-          chmod 600 ${{runner.temp}}/sshkey
+          echo "${{ secrets.buildJabRefPrivateKey }}" > '${{runner.temp}}/sshkey'
+          chmod 600 '${{runner.temp}}/sshkey'
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)

From ae341175a09ff4b7b9d03ac2fbbfb3b50a7ae30a Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:29:18 +0200
Subject: [PATCH 53/62] Try some slash replacement

---
 .github/workflows/deployment.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 8f193a94252..421e489803a 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -47,14 +47,19 @@ jobs:
       - name: Setup ssh key
         shell: bash
         run: |
-          echo "${{ secrets.buildJabRefPrivateKey }}" > '${{runner.temp}}/sshkey'
+          temp_path="${{ runner.temp }}"
+          temp_path="${temp_path//\\//}"
+          echo "${{ secrets.buildJabRefPrivateKey }}" > '${temp_path}/sshkey'
           chmod 600 '${{runner.temp}}/sshkey'
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e 'ssh -p 9922 -i  ${{runner.temp}}/sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
+          temp_path="${{ runner.temp }}"
+          sshkeypath="${temp_path//\\//}/sshkey"
+          echo ${sshkeypath}
+          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e "ssh -p 9922 -i ${sshkeypath} -o StrictHostKeyChecking=no" build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
     if: false
     strategy:

From 3ef20529277a95c92fc4195fa93bdb411a817965 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:30:42 +0200
Subject: [PATCH 54/62] Fix quotes

---
 .github/workflows/deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 421e489803a..ec1783a4ecd 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -49,8 +49,8 @@ jobs:
         run: |
           temp_path="${{ runner.temp }}"
           temp_path="${temp_path//\\//}"
-          echo "${{ secrets.buildJabRefPrivateKey }}" > '${temp_path}/sshkey'
-          chmod 600 '${{runner.temp}}/sshkey'
+          echo "${{ secrets.buildJabRefPrivateKey }}" > "${temp_path}/sshkey"
+          chmod 600 "${{runner.temp}}/sshkey"
           mkdir -p build/distribution/
           touch build/distribution/test.txt
       - name: Upload to builds.jabref.org (Windows)

From 1fa9d2fafcbd825fdc017b119fe3deb4217a6ea1 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:34:57 +0200
Subject: [PATCH 55/62] Remove debug

---
 .github/workflows/deployment.yml | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index ec1783a4ecd..f472e8fa701 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -35,33 +35,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  rsynctest:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup rsync
-        uses: GuillaumeFalourd/setup-rsync@test
-      - name: Setup ssh key
-        shell: bash
-        run: |
-          temp_path="${{ runner.temp }}"
-          temp_path="${temp_path//\\//}"
-          echo "${{ secrets.buildJabRefPrivateKey }}" > "${temp_path}/sshkey"
-          chmod 600 "${{runner.temp}}/sshkey"
-          mkdir -p build/distribution/
-          touch build/distribution/test.txt
-      - name: Upload to builds.jabref.org (Windows)
-        shell: bash
-        run: |
-          temp_path="${{ runner.temp }}"
-          sshkeypath="${temp_path//\\//}/sshkey"
-          echo ${sshkeypath}
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /tmp/test && rsync" -e "ssh -p 9922 -i ${sshkeypath} -o StrictHostKeyChecking=no" build/distribution/ jrrsync@build-upload.jabref.org:/tmp/test/
   build:
-    if: false
     strategy:
       fail-fast: false
       matrix:

From c8487a015d4d81cf25df1219123590c4914b0e73 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:51:07 +0200
Subject: [PATCH 56/62] rsync setup only if required

---
 .github/workflows/deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index f472e8fa701..1b107283e2c 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -232,10 +232,10 @@ jobs:
           rm debian-binary control.tar.* data.tar.*
           mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb  jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
       - name: Setup rsync (macOS)
-        if: matrix.os == 'macos-latest'
+        if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         run: brew install rsync
       - name: Setup rsync (Windows)
-        if: matrix.os == 'windows-latest'
+        if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue'))
         # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
         # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
         # We cannot use "setup-rsync", because that does not work on Windows

From 7b1997d1a5fac100c9d6a41aaa5f0f87759ce70f Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 12:55:15 +0200
Subject: [PATCH 57/62] Fix casing

---
 .github/workflows/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 1b107283e2c..03a5865797b 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -268,7 +268,7 @@ jobs:
           name: JabRef-macOS-tbn
           path: build/distribution
   announce:
-    name: Comment on Pull Request
+    name: Comment on pull request
     runs-on: ubuntu-latest
     needs: [build]
     if: ${{ github.event_name == 'pull_request' }}

From cfb5ac6e311b7cdb01255159f03ffe3b3cdad757 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 13:38:18 +0200
Subject: [PATCH 58/62] We don't need --partial

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 03a5865797b..6f1d2394d7f 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -251,7 +251,7 @@ jobs:
         shell: cmd
         # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to builds.jabref.org (linux, macOS)
         # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
         #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
@@ -259,7 +259,7 @@ jobs:
         if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
@@ -335,4 +335,4 @@ jobs:
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-          rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
+          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

From 4b3375eaeef2807dbfb7fcf8572076bd0fb38383 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 13:45:26 +0200
Subject: [PATCH 59/62] Replace -Pavz by -rt (because we do not need full
 ownership transfer etc)

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 6f1d2394d7f..cf555af78b8 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -251,7 +251,7 @@ jobs:
         shell: cmd
         # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
         run: |
-          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to builds.jabref.org (linux, macOS)
         # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
         #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
@@ -259,7 +259,7 @@ jobs:
         if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
@@ -335,4 +335,4 @@ jobs:
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
+          rsync -rt --inplace --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

From 7fbf77deff556df06bd224ebc0a4ace1c425af7f Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 14:09:23 +0200
Subject: [PATCH 60/62] Revert "Replace -Pavz by -rt (because we do not need
 full ownership transfer etc)"

This reverts commit 4b3375eaeef2807dbfb7fcf8572076bd0fb38383.
---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index cf555af78b8..6f1d2394d7f 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -251,7 +251,7 @@ jobs:
         shell: cmd
         # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
         run: |
-          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to builds.jabref.org (linux, macOS)
         # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
         #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
@@ -259,7 +259,7 @@ jobs:
         if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
-          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
@@ -335,4 +335,4 @@ jobs:
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-          rsync -rt --inplace --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
+          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

From d303ba751f9b6de46857812494392071daa03b76 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 14:14:46 +0200
Subject: [PATCH 61/62] Revert "Revert "Replace -Pavz by -rt (because we do not
 need full ownership transfer etc)""

This reverts commit 7fbf77deff556df06bd224ebc0a4ace1c425af7f.
---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 6f1d2394d7f..cf555af78b8 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -251,7 +251,7 @@ jobs:
         shell: cmd
         # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
         run: |
-          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to builds.jabref.org (linux, macOS)
         # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
         #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
@@ -259,7 +259,7 @@ jobs:
         if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
-          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
@@ -335,4 +335,4 @@ jobs:
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-          rsync -Pavz --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
+          rsync -rt --inplace --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

From 9be1a139d27171157d63dc617cf10c8d03d26e17 Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Wed, 20 Sep 2023 14:17:22 +0200
Subject: [PATCH 62/62] Need to fix permissions at the target side (Windows)

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index cf555af78b8..636db9ae5d7 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -251,7 +251,7 @@ jobs:
         shell: cmd
         # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
         run: |
-          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to builds.jabref.org (linux, macOS)
         # macOS: Negated condition of "Upload to GitHub workflow artifacts store (macOS)"
         #        Reason: We either upload the non-notarized files - or notarize the files later (and upload these later)
@@ -259,7 +259,7 @@ jobs:
         if: ${{ (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && (steps.checksecrets.outputs.secretspresent == 'YES') && ((matrix.os == 'ubuntu-latest') || ((matrix.os == 'macos-latest') && !((startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)))) }}
         shell: bash
         run: |
-          rsync -rt --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
+          rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
       - name: Upload to GitHub workflow artifacts store (macOS)
         if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
         uses: actions/upload-artifact@v3
@@ -335,4 +335,4 @@ jobs:
         run: |
           echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
           chmod 600 sshkey
-          rsync -rt --inplace --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/
+          rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/