chore: migrate workflows to ubuntu-26.04, drop PGDG repo dependency

[Copilot]

Ubuntu 26.04 ships PostgreSQL 18 natively, eliminating the need for the external PGDG apt repository. Updates all pinned runners and removes the dead weight.

Description

Ubuntu 26.04 GA ships with PostgreSQL 18 in the standard apt sources. The manual PGDG repo bootstrap (key fetch + sources.list injection) is no longer needed and was an external network dependency in hardened egress workflows.

Changes

Runner OS upgrades (ubuntu-24.04 → ubuntu-26.04):

• codeql-analysis.yml
• release.yml
• javadoc-generation.yml
• site-generation.yml

PGDG repo removal (no longer needed — PostgreSQL 18 in default apt):

• Removed Add PostgreSQL PGDG repository step from codeql-analysis.yml, release.yml, copilot-setup-steps.yml
• Removed apt.postgresql.org:443 and www.postgresql.org:443 from egress allowlists in codeql-analysis.yml and release.yml (egress-policy: block in release)

Docs:

• WORKFLOWS.md: updated runtime to Ubuntu 26.04
• End-of-Life-Strategy.md: added CI/CD runner OS entry under JVM Compatibility

Type of Change

Primary Changes

• 🚀 New Feature
• 🔄 Enhancement
• 🐛 Bug Fix
• 📦 Dependency Update

Political Analysis

• 📊 Political Data Analysis
• 📈 Analytics & Metrics

Technical Changes

• 🎨 UI/UX Changes
• 🏗️ Infrastructure
  • Database Changes
  • Performance Optimization
  • Configuration Updates
• 🔒 Security & Compliance
• 📝 Documentation
  • Technical Documentation
  • User Documentation
  • API Documentation
• ✅ Testing

Impact Analysis

Political Analysis Impact

• Impact on data quality: None
• Impact on analysis accuracy: None
• Impact on transparency features: None

Technical Impact

• Performance impact: Removes one external network round-trip (key fetch + apt source add) from every PostgreSQL-dependent workflow run
• Security implications: Reduces external egress surface in hardened runners; www.postgresql.org and apt.postgresql.org removed from allowlists
• Dependency changes: PostgreSQL 18 now sourced from Ubuntu 26.04 default apt — no external repo required

Testing

• Unit tests added/updated
• Integration tests added/updated
• Political data validation completed
• Security compliance verified
• Performance testing completed

Documentation

• JavaDoc updated
• README updated
• API documentation updated
• Package/module documentation updated
• Political analysis documentation updated

Screenshots

Checklist

• Code follows project coding standards
• Comments are clear and helpful
• Documentation is updated
• Tests are passing
• Security compliance is maintained
• Performance impact is acceptable
• Breaking changes are documented
• Changes are backward compatible

Additional Notes

copilot-setup-steps.yml stays on ubuntu-latest by design (Copilot agent environment tracks latest).

Security Considerations

• No sensitive data exposed
• Security best practices followed
• Compliance requirements met

Release Notes

Workflows now run on Ubuntu 26.04. PostgreSQL 18 is installed from the standard Ubuntu apt repository; the external PGDG repository bootstrap has been removed.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 89fa9fd.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud