Index: trunk/.github/workflows/ant.yml
===================================================================
--- trunk/.github/workflows/ant.yml	(revision 17373)
+++ trunk/.github/workflows/ant.yml	(revision 17487)
@@ -24,9 +24,10 @@
       josm_revision: ${{ steps.create_revision.outputs.josm_revision }}
       josm_prerelease: ${{ steps.create_revision.outputs.josm_prerelease }}
+      josm_release_tag: ${{ steps.create_revision.outputs.josm_release_tag }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
         with:
-          fetch-depth: 32
+          fetch-depth: 256
       - name: Set revision env variable
         id: create_revision
@@ -35,15 +36,16 @@
           josm_revision="$(git log -1 --grep 'git-svn-id: https://josm.openstreetmap.de/svn/trunk@' --pretty=format:%B | tail -1 | sed -n 's%git-svn-id: https://josm.openstreetmap.de/svn/trunk@\([0-9]*\) [-0-9a-f]*%\1%p')"
           if [[ "$josm_revision" == "$(curl --silent https://josm.openstreetmap.de/tested)" ]]; then
-            sed -i '/Is-Local-Build/d' resources/REVISION
             echo "josm_prerelease=false" >> $GITHUB_ENV
             echo "::set-output name=josm_prerelease::false"
-            echo "josm_release=$josm_revision-tested" >> $GITHUB_ENV
+            josm_release_tag=$josm_revision-tested
           else
             echo "josm_prerelease=true" >> $GITHUB_ENV
             echo "::set-output name=josm_prerelease::true"
-            echo "josm_release=$josm_revision" >> $GITHUB_ENV
+            josm_release_tag=$josm_revision
           fi
           echo "josm_revision=$josm_revision" >> $GITHUB_ENV
           echo "::set-output name=josm_revision::$josm_revision"
+          echo "josm_release_tag=$josm_release_tag" >> $GITHUB_ENV
+          echo "::set-output name=josm_release_tag::$josm_release_tag"
       - name: Create release
         id: create_release
@@ -52,8 +54,8 @@
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
         with:
-          tag_name: ${{ env.josm_release }}
-          release_name: JOSM.app release ${{ env.josm_release }}
+          tag_name: ${{ env.josm_release_tag }}
+          release_name: JOSM.app release ${{ env.josm_release_tag }}
           body: |
-            JOSM.app release ${{ env.josm_release }}
+            JOSM.app release ${{ env.josm_release_tag }}
           draft: false
           prerelease: ${{ env.josm_prerelease }}
@@ -84,5 +86,5 @@
         uses: actions/checkout@v2
         with:
-          fetch-depth: 32
+          fetch-depth: 256
       - name: Cache
         uses: actions/cache@v2.0.0
@@ -120,4 +122,9 @@
           defaults write net.pornel.ImageOptim PngOutEnabled 1
           /Applications/ImageOptim.app/Contents/MacOS/ImageOptim resources/images
+      - name: Set Is-Local-Build
+        if: ${{ ! needs.createrelease.outputs.josm_prerelease }}
+        run: |
+          ant create-revision
+          sed -i.bak '/Is-Local-Build/d' resources/REVISION
       - name: Build with Ant
         # Disables errorprone for Java 16
@@ -130,9 +137,11 @@
           fi
       - name: Upload jar
-        if: ${{ always() && matrix.headless }}
+        # Only run on matrix.headless to avoid double jars. They should be the same jars.
+        # uses `gh release upload` to avoid https://github.com/actions/upload-release-asset/issues/69
+        if: ${{ always() && matrix.headless == 'true' }}
         id: upload-jar
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ needs.createrelease.outputs.upload_url }} # This pulls from the CREATE RELEASE job above, referencing its ID to get its outputs object, which include a `upload_url`.
@@ -140,4 +149,7 @@
           asset_name: JOSM-${{ runner.os}}-java${{ matrix.java }}-${{ needs.createrelease.outputs.josm_revision }}.jar
           asset_content_type: application/java-archive
+        # run: |
+        #   cp dist/josm-custom.jar JOSM-${{ runner.os}}-java${{ matrix.java }}-${{ needs.createrelease.outputs.josm_revision }}.jar
+        #   gh release upload ${{ needs.createrelease.outputs.josm_release_tag }} JOSM-${{ runner.os}}-java${{ matrix.java }}-${{ needs.createrelease.outputs.josm_revision }}.jar
       - name: Test with Ant, headless ${{ matrix.headless }}
         if: ${{ needs.createrelease.outputs.josm_prerelease }}
@@ -158,4 +170,16 @@
           name: Ant reports for JOSM ${{ needs.createrelease.outputs.josm_revision }} on java ${{ matrix.java }} on ${{ matrix.os }} with headless=${{ matrix.headless }}
           path: test/report/*.txt
+      - name: Publish Test Report with junit-report-annotations-action
+        uses: ashley-taylor/junit-report-annotations-action@1.3
+        if: always()
+        with:
+          access-token: ${{ secrets.GITHUB_TOKEN }}
+          path: 'test/report/TEST*.xml'
+      - name: Publish Test Report with action-junit-report
+        if: always()
+        uses: mikepenz/action-junit-report@v1
+        with:
+          report_paths: 'test/report/TEST*.xml'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and package for macOS
         if: ${{ runner.os == 'macos' && always() }}
Index: trunk/.github/workflows/codeql-analysis.yml
===================================================================
--- trunk/.github/workflows/codeql-analysis.yml	(revision 17487)
+++ trunk/.github/workflows/codeql-analysis.yml	(revision 17487)
@@ -0,0 +1,64 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '45 4 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+          fetch-depth: 256
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    # - name: Autobuild
+    #   uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+    - name: Build with Ant
+      run: |
+        ant 
+        
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1