From e75c9312e0e1ba60cb10723a1acb8ef5412f106a Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Mon, 15 Apr 2024 18:02:56 +0100 Subject: [PATCH 1/4] Add workflow to release from GitHub Actions Co-Authored-By: Moritz Halbritter Closes gh-40407 --- .github/actions/build/action.yml | 9 +- .../actions/create-github-release/action.yml | 23 ++++ .../changelog-generator.yml | 23 ++++ .../actions/publish-gradle-plugin/action.yml | 34 +++++ .../publish-gradle-plugin/artifacts.spec | 20 +++ .../publish-gradle-plugin/build.gradle | 14 ++ .../publish-gradle-plugin/settings.gradle | 0 .github/actions/publish-to-sdkman/action.yml | 38 ++++++ .../actions/sync-to-maven-central/action.yml | 50 ++++++++ .../sync-to-maven-central/artifacts.spec | 20 +++ .github/workflows/release.yml | 121 ++++++++++++++++++ .github/workflows/verify.yml | 7 + 12 files changed, 353 insertions(+), 6 deletions(-) create mode 100644 .github/actions/create-github-release/action.yml create mode 100644 .github/actions/create-github-release/changelog-generator.yml create mode 100644 .github/actions/publish-gradle-plugin/action.yml create mode 100644 .github/actions/publish-gradle-plugin/artifacts.spec create mode 100644 .github/actions/publish-gradle-plugin/build.gradle create mode 100644 .github/actions/publish-gradle-plugin/settings.gradle create mode 100644 .github/actions/publish-to-sdkman/action.yml create mode 100644 .github/actions/sync-to-maven-central/action.yml create mode 100644 .github/actions/sync-to-maven-central/artifacts.spec create mode 100644 .github/workflows/release.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index b9d2fefb75e..0e729003870 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -1,36 +1,33 @@ name: 'Build' +description: 'Builds the project, optionally publishing it to a local deployment repository' inputs: java-version: required: false - type: string default: '17' description: 'The Java version to compile and test with' java-toolchain: required: false - type: boolean default: false description: 'Whether a Java toolchain should be used' publish: required: false - type: boolean default: false description: 'Whether to publish artifacts ready for deployment to Artifactory' gradle-enterprise-secret-access-key: required: false - type: string description: 'The secret access key for authentication with ge.spring.io' gradle-enterprise-cache-user: required: false - type: string description: 'The username for authentication with the remote build cache' gradle-enterprise-cache-password: required: false - type: string description: 'The password for authentication with the remote build cache' outputs: build-scan-url: + description: 'The URL, if any, of the build scan produced by the build' value: ${{ (inputs.publish && steps.build-and-publish.outputs.build-scan-url) || steps.build.outputs.build-scan-url }} version: + description: 'The version that was built' value: ${{ steps.read-version.outputs.version }} runs: using: composite diff --git a/.github/actions/create-github-release/action.yml b/.github/actions/create-github-release/action.yml new file mode 100644 index 00000000000..49b460c097a --- /dev/null +++ b/.github/actions/create-github-release/action.yml @@ -0,0 +1,23 @@ +name: Create GitHub Release +description: Create the release on GitHub with a changelog +inputs: + milestone: + description: Name of the GitHub milestone for which a release will be created + required: true + token: + description: Token to use for authentication with GitHub + required: true +runs: + using: composite + steps: + - name: Generate Changelog + uses: spring-io/github-changelog-generator@052892c62af51f8af87a9da6de55e70864b7df12 + with: + milestone: ${{ inputs.milestone }} + token: ${{ inputs.token }} + config-file: ${{ github.action_path }}/changelog-generator.yml + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ inputs.token }} + shell: bash + run: gh release create ${{ github.ref_name }} --notes-file changelog.md diff --git a/.github/actions/create-github-release/changelog-generator.yml b/.github/actions/create-github-release/changelog-generator.yml new file mode 100644 index 00000000000..67db9ca4f9d --- /dev/null +++ b/.github/actions/create-github-release/changelog-generator.yml @@ -0,0 +1,23 @@ +changelog: + repository: spring-projects/spring-boot + sections: + - title: ":star: New Features" + labels: + - "type: enhancement" + - title: ":lady_beetle: Bug Fixes" + labels: + - "type: bug" + - "type: regression" + - title: ":notebook_with_decorative_cover: Documentation" + labels: + - "type: documentation" + - title: ":hammer: Dependency Upgrades" + sort: "title" + labels: + - "type: dependency-upgrade" + issues: + ports: + - label: "status: forward-port" + bodyExpression: 'Forward port of issue #(\d+).*' + - label: "status: back-port" + bodyExpression: 'Back port of issue #(\d+).*' diff --git a/.github/actions/publish-gradle-plugin/action.yml b/.github/actions/publish-gradle-plugin/action.yml new file mode 100644 index 00000000000..22272a6b478 --- /dev/null +++ b/.github/actions/publish-gradle-plugin/action.yml @@ -0,0 +1,34 @@ +name: Publish Gradle Plugin +description: Publishes Spring Boot's Gradle plugin to the Plugin Portal +inputs: + jfrog-cli-config-token: + description: 'Config token for the JFrog CLI' + required: true + plugin-version: + description: 'Version of the plugin' + required: true + gradle-plugin-publish-key: + description: 'Gradle publishing key' + required: true + gradle-plugin-publish-secret: + description: 'Gradle publishing secret' + required: true +runs: + using: composite + steps: + - name: Set Up JFrog CLI + uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1 + env: + JF_ENV_SPRING: ${{ inputs.jfrog-cli-config-token }} + - name: Download Artifacts + shell: bash + run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-boot-{0}', inputs.plugin-version) }};buildNumber=${{ github.run_number }}' + - name: Publish + shell: bash + run: > + ./gradlew publishExisting + -p ${{ github.action_path }} + -Pgradle.publish.key=${{ inputs.gradle-plugin-publish-key }} + -Pgradle.publish.secret=${{ inputs.gradle-plugin-publish-secret }} + -PbootVersion=${{ inputs.plugin-version }} + -PrepositoryRoot=$(pwd)/repository diff --git a/.github/actions/publish-gradle-plugin/artifacts.spec b/.github/actions/publish-gradle-plugin/artifacts.spec new file mode 100644 index 00000000000..f84a25bb9b1 --- /dev/null +++ b/.github/actions/publish-gradle-plugin/artifacts.spec @@ -0,0 +1,20 @@ +{ + "files": [ + { + "aql": { + "items.find": { + "$and": [ + { + "@build.name": "${buildName}", + "@build.number": "${buildNumber}", + "path": { + "$match": "org/springframework/boot/spring-boot-gradle-plugin/*" + } + } + ] + } + }, + "target": "repository/" + } + ] +} diff --git a/.github/actions/publish-gradle-plugin/build.gradle b/.github/actions/publish-gradle-plugin/build.gradle new file mode 100644 index 00000000000..bff025a7e44 --- /dev/null +++ b/.github/actions/publish-gradle-plugin/build.gradle @@ -0,0 +1,14 @@ +plugins { + id "com.gradle.plugin-publish" version "1.2.1" +} + +tasks.register("publishExisting", com.gradle.publish.PublishExistingTask) { + pluginId = "org.springframework.boot" + fileRepositoryRoot = new File("${repositoryRoot}") + pluginVersion = "${bootVersion}" + pluginCoordinates = "org.springframework.boot:spring-boot-gradle-plugin:${bootVersion}" + displayName = "Spring Boot Gradle Plugin" + pluginDescription = "Spring Boot Gradle Plugin" + website = "https://spring.io/projects/spring-boot" + vcsUrl = "https://github.com/spring-projects/spring-boot" +} diff --git a/.github/actions/publish-gradle-plugin/settings.gradle b/.github/actions/publish-gradle-plugin/settings.gradle new file mode 100644 index 00000000000..e69de29bb2d diff --git a/.github/actions/publish-to-sdkman/action.yml b/.github/actions/publish-to-sdkman/action.yml new file mode 100644 index 00000000000..189fcdb5725 --- /dev/null +++ b/.github/actions/publish-to-sdkman/action.yml @@ -0,0 +1,38 @@ +name: Publish to SDKMAN! +description: Publishes the release as a new candidate version on SDKMAN! +inputs: + sdkman-consumer-key: + description: 'Key for publishing to SDKMAN!' + required: true + sdkman-consumer-secret: + description: 'Secret for publishing to SDKMAN!' + required: true + spring-boot-version: + description: 'The version to publish' + required: true + make-default: + description: 'Whether the release should be made the default version' + required: false + default: false +runs: + using: composite + steps: + - shell: bash + run: > + curl -X POST \ + -H "Consumer-Key: ${{ inputs.sdkman-consumer-key }}" + -H "Consumer-Token: ${{ inputs.sdkman-consumer-token }}" + -H "Content-Type: application/json" + -H "Accept: application/json" + -d '{"candidate": "springboot", "version": "${{ inputs.spring-boot-version }}", "url": "${{ format('https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-cli/{0}/spring-boot-cli-{0}-bin.zip', inputs.spring-boot-version)"}' + https://vendors.sdkman.io/release + - shell: bash + if: ${{ inputs.make-default }} + run: > + curl -X POST \ + -H "Consumer-Key: ${{ inputs.sdkman-consumer-key }}" + -H "Consumer-Token: ${{ inputs.sdkman-consumer-token }}" + -H "Content-Type: application/json" + -H "Accept: application/json" + -d '{"candidate": "springboot", "version": "${{ inputs.spring-boot-version }}"}' + https://vendors.sdkman.io/default diff --git a/.github/actions/sync-to-maven-central/action.yml b/.github/actions/sync-to-maven-central/action.yml new file mode 100644 index 00000000000..b9feaad5fa9 --- /dev/null +++ b/.github/actions/sync-to-maven-central/action.yml @@ -0,0 +1,50 @@ +name: Sync to Maven Central +description: Syncs a release to Maven Central and waits for it to be available for use +inputs: + jfrog-cli-config-token: + description: 'Config token for the JFrog CLI' + required: true + spring-boot-version: + description: 'The version of Spring Boot that is being synced to Central' + required: true + ossrh-s01-token-username: + description: 'Username for authentication with s01.oss.sonatype.org' + required: true + ossrh-s01-token-password: + description: 'Password for authentication with s01.oss.sonatype.org' + required: true + ossrh-s01-staging-profile: + description: 'Staging profile to use when syncing to Central' + required: true +runs: + using: composite + steps: + - name: Set Up JFrog CLI + uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1 + env: + JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} + - name: Download Release Artifacts + shell: bash + run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-boot-{0}', inputs.spring-boot-version) }};buildNumber=${{ github.run_number }}' + - name: Sync + uses: spring-io/nexus-sync-action@42477a2230a2f694f9eaa4643fa9e76b99b7ab84 # v0.0.1 + with: + username: ${{ inputs.ossrh-s01-token-username }} + password: ${{ inputs.ossrh-s01-token-password }} + staging-profile-name: ${{ secrets.ossrh-s01-staging-profile }} + create: true + upload: true + close: true + release: true + generate-checksums: true + - name: Await + shell: bash + run: | + url=${{ format('https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot/{0}/spring-boot-{0}.jar', inputs.spring-boot-version) }} + echo "Waiting for $url" + until curl --fail --head --silent $url > /dev/null + do + echo "." + sleep 60 + done + echo "$url is available" diff --git a/.github/actions/sync-to-maven-central/artifacts.spec b/.github/actions/sync-to-maven-central/artifacts.spec new file mode 100644 index 00000000000..ee3d451af33 --- /dev/null +++ b/.github/actions/sync-to-maven-central/artifacts.spec @@ -0,0 +1,20 @@ +{ + "files": [ + { + "aql": { + "items.find": { + "$and": [ + { + "@build.name": "${buildName}", + "@build.number": "${buildNumber}", + "path": { + "$nmatch": "org/springframework/boot/spring-boot-docs/*" + } + } + ] + } + }, + "target": "nexus/" + } + ] +} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..d59b12c3423 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,121 @@ +name: Release +on: + push: + tags: + - v3.1.[0-9]+ +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + build-and-stage-release: + if: ${{ github.repository == 'spring-projects/spring-boot' }} + name: Build and Stage Release + runs-on: ubuntu22-8-32 + steps: + - name: Check Out Code + uses: actions/checkout@v4 + - name: Build and Publish + uses: ./.github/actions/build + with: + gradle-enterprise-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + gradle-enterprise-cache-password: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + gradle-enterprise-cache-user: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + publish: true + - name: Stage Release + uses: spring-io/artifactory-deploy-action@26bbe925a75f4f863e1e529e85be2d0093cac116 # v0.0.1 + with: + build-name: ${{ format('spring-boot-{0}', github.ref_name)}} + folder: 'deployment-repository' + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + repository: 'libs-staging-local' + signing-key: ${{ secrets.GPG_PRIVATE_KEY }} + signing-passphrase: ${{ secrets.GPG_PASSPHRASE }} + uri: 'https://repo.spring.io' + username: ${{ secrets.ARTIFACTORY_USERNAME }} + outputs: + version: ${{ steps.build.outputs.version }} + verify: + name: Verify + needs: build-and-stage-release + uses: ./.github/workflows/verify.yml + with: + repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} + repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + staging: true + version: ${{ needs.build-and-stage-release.outputs.version }} + sync-to-maven-central: + name: Sync to Maven Central + needs: + - build-and-stage-release + - verify + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Sync to Maven Central + uses: ./.github/actions/sync-to-maven-central + with: + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + ossrh-s01-staging-profile: ${{ secrets.OSSRH_S01_STAGING_PROFILE }} + ossrh-s01-token-password: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} + ossrh-s01-token-username: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} + spring-boot-version: ${{ needs.build-and-stage-release.outputs.version }} + promote-release: + name: Promote Release + needs: + - build-and-stage-release + - sync-to-maven-central + runs-on: ubuntu-latest + steps: + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1 + env: + JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} + - name: Promote build + run: jfrog rt build-promote ${{ format('spring-boot-{0}', needs.build-and-stage-release.outputs.version)}} ${{ github.run_number }} libs-release-local + publish-gradle-plugin: + name: Publish Gradle Plugin + needs: + - build-and-stage-release + - sync-to-maven-central + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Publish + uses: ./.github/actions/publish-gradle-plugin + with: + gradle-plugin-publish-key: ${{ secrets.GRADLE_PLUGIN_PUBLISH_KEY }} + gradle-plugin-publish-secret: ${{ secrets.GRADLE_PLUGIN_PUBLISH_SECRET }} + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + plugin-version: ${{ needs.build-and-stage-release.outputs.version }} + publish-to-sdkman: + name: Publish to SDKMAN! + needs: + - build-and-stage-release + - sync-to-maven-central + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Publish to SDKMAN! + uses: ./.github/actions/publish-to-sdkman + with: + sdkman-consumer-key: ${{ secrets.SDKMAN_CONSUMER_KEY }} + sdkman-consumer-token: ${{ secrets.SDKMAN_CONSUMER_TOKEN }} + spring-boot-version: ${{ needs.build-and-stage-release.outputs.version }} + create-github-release: + name: Create GitHub Release + needs: + - build-and-stage-release + - promote-release + - publish-gradle-plugin + - publish-to-sdkman + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Create GitHub Release + uses: ./.github/actions/create-github-release + with: + milestone: ${{ needs.build-and-stage-release.outputs.version }} + token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 507241271f8..8ffc5142598 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -5,6 +5,10 @@ on: version: required: true type: string + staging: + required: false + default: false + type: boolean jobs: verify: name: Verify @@ -41,6 +45,9 @@ jobs: env: RVT_VERSION: ${{ inputs.version }} RVT_RELEASE_TYPE: oss + RVT_STAGING: ${{ inputs.staging }} + RVT_OSS_REPOSITORY_USERNAME: ${{ inputs.repository-username }} + RVT_OSS_REPOSITORY_PASSWORD: ${{ inputs.repository-password }} run: ./gradlew spring-boot-release-verification-tests:test - name: Upload Build Reports on Failure uses: actions/upload-artifact@v4 From 9a589ea2436b4db36632a4890e4dd92cf602c5f6 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Thu, 18 Apr 2024 09:54:47 +0100 Subject: [PATCH 2/4] Fix passing of repository username and password into verify See gh-40407 --- .github/workflows/release.yml | 5 +++-- .github/workflows/verify.yml | 11 +++++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d59b12c3423..9bb80ea1f26 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,10 +38,11 @@ jobs: needs: build-and-stage-release uses: ./.github/workflows/verify.yml with: - repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} - repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} staging: true version: ${{ needs.build-and-stage-release.outputs.version }} + secrets: + repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} + repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} sync-to-maven-central: name: Sync to Maven Central needs: diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 8ffc5142598..0d4dd6bd59e 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -9,6 +9,13 @@ on: required: false default: false type: boolean + secrets: + repository-username: + required: false + type: string + repository-password: + required: false + type: string jobs: verify: name: Verify @@ -46,8 +53,8 @@ jobs: RVT_VERSION: ${{ inputs.version }} RVT_RELEASE_TYPE: oss RVT_STAGING: ${{ inputs.staging }} - RVT_OSS_REPOSITORY_USERNAME: ${{ inputs.repository-username }} - RVT_OSS_REPOSITORY_PASSWORD: ${{ inputs.repository-password }} + RVT_OSS_REPOSITORY_USERNAME: ${{ secrets.repository-username }} + RVT_OSS_REPOSITORY_PASSWORD: ${{ secrets.repository-password }} run: ./gradlew spring-boot-release-verification-tests:test - name: Upload Build Reports on Failure uses: actions/upload-artifact@v4 From 1b03cf04f4982c3532420a9242bcb51b668f17ac Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Thu, 18 Apr 2024 09:57:50 +0100 Subject: [PATCH 3/4] Remove type from secrets declarations See gh-40407 --- .github/workflows/verify.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 0d4dd6bd59e..688136d77f5 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -12,10 +12,8 @@ on: secrets: repository-username: required: false - type: string repository-password: required: false - type: string jobs: verify: name: Verify From 20e291d8dd3b110a2f3ac046a2f8e5da568c13b8 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Thu, 18 Apr 2024 10:17:19 +0100 Subject: [PATCH 4/4] Correct the name of the Gradle Enterprise access key input See gh-40407 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9bb80ea1f26..7c2ba85e497 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,9 +16,9 @@ jobs: - name: Build and Publish uses: ./.github/actions/build with: - gradle-enterprise-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} gradle-enterprise-cache-password: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} gradle-enterprise-cache-user: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + gradle-enterprise-secret-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} publish: true - name: Stage Release uses: spring-io/artifactory-deploy-action@26bbe925a75f4f863e1e529e85be2d0093cac116 # v0.0.1