diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml new file mode 100644 index 00000000000..5f5ee7a6681 --- /dev/null +++ b/.github/actions/build/action.yml @@ -0,0 +1,56 @@ +name: 'Build' +description: 'Builds the project, optionally publishing it to a local deployment repository' +inputs: + java-version: + required: false + default: '8' + description: 'The Java version to compile and test with' + java-distribution: + required: false + default: 'liberica' + description: 'The Java distribution to use for the build' + java-toolchain: + required: false + default: 'false' + description: 'Whether a Java toolchain should be used' + publish: + required: false + default: 'false' + description: 'Whether to publish artifacts ready for deployment to Artifactory' + develocity-access-key: + required: false + description: 'The access key for authentication with ge.spring.io' +outputs: + build-scan-url: + description: 'The URL, if any, of the build scan produced by the build' + value: ${{ (inputs.publish == 'true' && steps.publish.outputs.build-scan-url) || steps.build.outputs.build-scan-url }} + version: + description: 'The version that was built' + value: ${{ steps.read-version.outputs.version }} +runs: + using: composite + steps: + - name: Prepare Gradle Build + uses: ./.github/actions/prepare-gradle-build + with: + develocity-access-key: ${{ inputs.develocity-access-key }} + java-version: ${{ inputs.java-version }} + java-distribution: ${{ inputs.java-distribution }} + java-toolchain: ${{ inputs.java-toolchain }} + - name: Build + id: build + if: ${{ inputs.publish == 'false' }} + shell: bash + run: ./gradlew check + - name: Publish + id: publish + if: ${{ inputs.publish == 'true' }} + shell: bash + run: ./gradlew -PdeploymentRepository=$(pwd)/deployment-repository build publishAllPublicationsToDeploymentRepository + - name: Read Version From gradle.properties + id: read-version + shell: bash + run: | + version=$(sed -n 's/version=\(.*\)/\1/p' gradle.properties) + echo "Version is $version" + echo "version=$version" >> $GITHUB_OUTPUT diff --git a/.github/actions/create-github-release/action.yml b/.github/actions/create-github-release/action.yml new file mode 100644 index 00000000000..0354737e5df --- /dev/null +++ b/.github/actions/create-github-release/action.yml @@ -0,0 +1,23 @@ +name: Create GitHub Release +description: Create the release on GitHub with a changelog +inputs: + milestone: + description: 'Name of the GitHub milestone for which a release will be created' + required: true + token: + description: 'Token to use for authentication with GitHub' + required: true +runs: + using: composite + steps: + - name: Generate Changelog + uses: spring-io/github-changelog-generator@185319ad7eaa75b0e8e72e4b6db19c8b2cb8c4c1 #v0.0.11 + with: + milestone: ${{ inputs.milestone }} + token: ${{ inputs.token }} + config-file: .github/actions/create-github-release/changelog-generator.yml + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ inputs.token }} + shell: bash + run: gh release create ${{ format('v{0}', inputs.milestone) }} --notes-file changelog.md diff --git a/.github/actions/create-github-release/changelog-generator.yml b/.github/actions/create-github-release/changelog-generator.yml new file mode 100644 index 00000000000..725c4096667 --- /dev/null +++ b/.github/actions/create-github-release/changelog-generator.yml @@ -0,0 +1,28 @@ +changelog: + repository: spring-projects/spring-framework + sections: + - title: ":star: New Features" + labels: + - "type: enhancement" + - title: ":lady_beetle: Bug Fixes" + labels: + - "type: bug" + - "type: regression" + - title: ":notebook_with_decorative_cover: Documentation" + labels: + - "type: documentation" + - title: ":hammer: Dependency Upgrades" + sort: "title" + labels: + - "type: dependency-upgrade" + contributors: + exclude: + names: + - "bclozel" + - "jhoeller" + - "poutsma" + - "rstoyanchev" + - "sbrannen" + - "sdeleuze" + - "simonbasle" + - "snicoll" diff --git a/.github/actions/prepare-gradle-build/action.yml b/.github/actions/prepare-gradle-build/action.yml new file mode 100644 index 00000000000..0f30c8c0c5b --- /dev/null +++ b/.github/actions/prepare-gradle-build/action.yml @@ -0,0 +1,49 @@ +name: 'Prepare Gradle Build' +description: 'Prepares a Gradle build. Sets up Java and Gradle and configures Gradle properties' +inputs: + java-version: + required: false + default: '8' + description: 'The Java version to use for the build' + java-distribution: + required: false + default: 'liberica' + description: 'The Java distribution to use for the build' + java-toolchain: + required: false + default: 'false' + description: 'Whether a Java toolchain should be used' + develocity-access-key: + required: false + description: 'The access key for authentication with ge.spring.io' +runs: + using: composite + steps: + - name: Set Up Java + uses: actions/setup-java@v4 + with: + distribution: ${{ inputs.java-distribution }} + java-version: | + ${{ inputs.java-version }} + ${{ inputs.java-toolchain == 'true' && '8' || '' }} + - name: Set Up Gradle + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 + with: + cache-read-only: false + develocity-access-key: ${{ inputs.develocity-access-key }} + - name: Configure Gradle Properties + shell: bash + run: | + mkdir -p $HOME/.gradle + echo 'systemProp.user.name=spring-builds+github' >> $HOME/.gradle/gradle.properties + echo 'systemProp.org.gradle.internal.launcher.welcomeMessageEnabled=false' >> $HOME/.gradle/gradle.properties + echo 'org.gradle.daemon=false' >> $HOME/.gradle/gradle.properties + echo 'org.gradle.daemon=4' >> $HOME/.gradle/gradle.properties + - name: Configure Toolchain Properties + if: ${{ inputs.java-toolchain == 'true' }} + shell: bash + run: | + echo toolchainVersion=${{ inputs.java-version }} >> $HOME/.gradle/gradle.properties + echo systemProp.org.gradle.java.installations.auto-detect=false >> $HOME/.gradle/gradle.properties + echo systemProp.org.gradle.java.installations.auto-download=false >> $HOME/.gradle/gradle.properties + echo systemProp.org.gradle.java.installations.paths=${{ format('$JAVA_HOME_{0}_X64', inputs.java-version) }} >> $HOME/.gradle/gradle.properties diff --git a/.github/actions/send-notification/action.yml b/.github/actions/send-notification/action.yml index 9582d44ed15..d1389776397 100644 --- a/.github/actions/send-notification/action.yml +++ b/.github/actions/send-notification/action.yml @@ -1,4 +1,4 @@ -name: Send notification +name: Send Notification description: Sends a Google Chat message as a notification of the job's outcome inputs: webhook-url: diff --git a/.github/actions/sync-to-maven-central/action.yml b/.github/actions/sync-to-maven-central/action.yml new file mode 100644 index 00000000000..71d17baf73c --- /dev/null +++ b/.github/actions/sync-to-maven-central/action.yml @@ -0,0 +1,50 @@ +name: Sync to Maven Central +description: Syncs a release to Maven Central and waits for it to be available for use +inputs: + jfrog-cli-config-token: + description: 'Config token for the JFrog CLI' + required: true + spring-framework-version: + description: 'The version of Spring Framework that is being synced to Central' + required: true + ossrh-s01-token-username: + description: 'Username for authentication with s01.oss.sonatype.org' + required: true + ossrh-s01-token-password: + description: 'Password for authentication with s01.oss.sonatype.org' + required: true + ossrh-s01-staging-profile: + description: 'Staging profile to use when syncing to Central' + required: true +runs: + using: composite + steps: + - name: Set Up JFrog CLI + uses: jfrog/setup-jfrog-cli@7c95feb32008765e1b4e626b078dfd897c4340ad # v4.1.2 + env: + JF_ENV_SPRING: ${{ inputs.jfrog-cli-config-token }} + - name: Download Release Artifacts + shell: bash + run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-framework-{0}', inputs.spring-framework-version) }};buildNumber=${{ github.run_number }}' + - name: Sync + uses: spring-io/nexus-sync-action@42477a2230a2f694f9eaa4643fa9e76b99b7ab84 # v0.0.1 + with: + username: ${{ inputs.ossrh-s01-token-username }} + password: ${{ inputs.ossrh-s01-token-password }} + staging-profile-name: ${{ inputs.ossrh-s01-staging-profile }} + create: true + upload: true + close: true + release: true + generate-checksums: true + - name: Await + shell: bash + run: | + url=${{ format('https://repo.maven.apache.org/maven2/org/springframework/spring-context/{0}/spring-context-{0}.jar', inputs.spring-framework-version) }} + echo "Waiting for $url" + until curl --fail --head --silent $url > /dev/null + do + echo "." + sleep 60 + done + echo "$url is available" diff --git a/.github/actions/sync-to-maven-central/artifacts.spec b/.github/actions/sync-to-maven-central/artifacts.spec new file mode 100644 index 00000000000..b9b7b53d20d --- /dev/null +++ b/.github/actions/sync-to-maven-central/artifacts.spec @@ -0,0 +1,20 @@ +{ + "files": [ + { + "aql": { + "items.find": { + "$and": [ + { + "@build.name": "${buildName}", + "@build.number": "${buildNumber}", + "path": { + "$nmatch": "org/springframework/spring-*.zip" + } + } + ] + } + }, + "target": "nexus/" + } + ] +} diff --git a/.github/workflows/build-and-deploy-snapshot.yml b/.github/workflows/build-and-deploy-snapshot.yml index 30d08792b45..5e449ad9ab9 100644 --- a/.github/workflows/build-and-deploy-snapshot.yml +++ b/.github/workflows/build-and-deploy-snapshot.yml @@ -1,49 +1,33 @@ -name: Build and deploy snapshot +name: Build and Deploy Snapshot on: push: branches: - 5.3.x +permissions: + actions: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} jobs: build-and-deploy-snapshot: - if: ${{ github.repository == 'spring-projects/spring-framework' }} - name: Build and deploy snapshot + name: Build and Deploy Snapshot runs-on: ubuntu-latest + if: ${{ github.repository == 'spring-projects/spring-framework' }} steps: - - name: Set up Java - uses: actions/setup-java@v4 - with: - distribution: 'liberica' - java-version: 8 - - name: Check out code + - name: Check Out Code uses: actions/checkout@v4 - - name: Set up Gradle - uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 + - name: Build and Publish + id: build-and-publish + uses: ./.github/actions/build with: - cache-read-only: false - - name: Configure Gradle properties - shell: bash - run: | - mkdir -p $HOME/.gradle - echo 'systemProp.user.name=spring-builds+github' >> $HOME/.gradle/gradle.properties - echo 'systemProp.org.gradle.internal.launcher.welcomeMessageEnabled=false' >> $HOME/.gradle/gradle.properties - echo 'org.gradle.daemon=false' >> $HOME/.gradle/gradle.properties - echo 'org.gradle.daemon=4' >> $HOME/.gradle/gradle.properties - - name: Build and publish - id: build - env: - CI: 'true' - GRADLE_ENTERPRISE_URL: 'https://ge.spring.io' - DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} - run: ./gradlew -PdeploymentRepository=$(pwd)/deployment-repository build publishAllPublicationsToDeploymentRepository + develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + publish: true - name: Deploy - uses: spring-io/artifactory-deploy-action@v0.0.1 + uses: spring-io/artifactory-deploy-action@26bbe925a75f4f863e1e529e85be2d0093cac116 # v0.0.1 with: uri: 'https://repo.spring.io' username: ${{ secrets.ARTIFACTORY_USERNAME }} password: ${{ secrets.ARTIFACTORY_PASSWORD }} - build-name: ${{ format('spring-framework-{0}', github.ref_name)}} + build-name: 'spring-framework-5.3.x' repository: 'libs-snapshot-local' folder: 'deployment-repository' signing-key: ${{ secrets.GPG_PRIVATE_KEY }} @@ -53,11 +37,24 @@ jobs: /**/spring-*-docs.zip::zip.type=docs /**/spring-*-dist.zip::zip.type=dist /**/spring-*-schema.zip::zip.type=schema - - name: Send notification + - name: Send Notification uses: ./.github/actions/send-notification if: always() with: webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }} status: ${{ job.status }} - build-scan-url: ${{ steps.build.outputs.build-scan-url }} - run-name: ${{ format('{0} | Linux | Java 8', github.ref_name) }} \ No newline at end of file + build-scan-url: ${{ steps.build-and-publish.outputs.build-scan-url }} + run-name: ${{ format('{0} | Linux | Java 8', github.ref_name) }} + outputs: + version: ${{ steps.build-and-publish.outputs.version }} + verify: + name: Verify + needs: build-and-deploy-snapshot + uses: ./.github/workflows/verify.yml + secrets: + google-chat-webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }} + repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} + token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} + with: + version: ${{ needs.build-and-deploy-snapshot.outputs.version }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a12a61468a5..7a69a67cec6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,6 +7,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} jobs: ci: + name: '${{ matrix.os.name}} | Java ${{ matrix.java.version}}' + runs-on: ${{ matrix.os.id }} if: ${{ github.repository == 'spring-projects/spring-framework' }} strategy: matrix: @@ -25,52 +27,24 @@ jobs: name: Linux java: version: 8 - name: '${{ matrix.os.name}} | Java ${{ matrix.java.version}}' - runs-on: ${{ matrix.os.id }} steps: - - name: Set up Java - uses: actions/setup-java@v4 - with: - distribution: 'liberica' - java-version: | - ${{ matrix.java.version }} - ${{ matrix.java.toolchain && '8' || '' }} - name: Prepare Windows runner if: ${{ runner.os == 'Windows' }} run: | git config --global core.autocrlf true git config --global core.longPaths true Stop-Service -name Docker - - name: Check out code + - name: Check Out Code uses: actions/checkout@v4 - - name: Set up Gradle - uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 - with: - cache-read-only: false - - name: Configure Gradle properties - shell: bash - run: | - mkdir -p $HOME/.gradle - echo 'systemProp.user.name=spring-builds+github' >> $HOME/.gradle/gradle.properties - echo 'systemProp.org.gradle.internal.launcher.welcomeMessageEnabled=false' >> $HOME/.gradle/gradle.properties - echo 'org.gradle.daemon=false' >> $HOME/.gradle/gradle.properties - echo 'org.gradle.daemon=4' >> $HOME/.gradle/gradle.properties - - name: Configure toolchain properties - if: ${{ matrix.java.toolchain }} - shell: bash - run: | - echo toolchainVersion=${{ matrix.java.version }} >> $HOME/.gradle/gradle.properties - echo systemProp.org.gradle.java.installations.auto-detect=false >> $HOME/.gradle/gradle.properties - echo systemProp.org.gradle.java.installations.auto-download=false >> $HOME/.gradle/gradle.properties - echo systemProp.org.gradle.java.installations.paths=${{ format('$JAVA_HOME_{0}_X64', matrix.java.version) }} >> $HOME/.gradle/gradle.properties - name: Build id: build - env: - CI: 'true' - GRADLE_ENTERPRISE_URL: 'https://ge.spring.io' - DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} - run: ./gradlew check - - name: Send notification + uses: ./.github/actions/build + with: + java-version: ${{ matrix.java.version }} + java-distribution: ${{ matrix.java.distribution || 'liberica' }} + java-toolchain: ${{ matrix.java.toolchain }} + develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + - name: Send Notification uses: ./.github/actions/send-notification if: always() with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..880ed00e960 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,90 @@ +name: Release +on: + push: + tags: + - v5.3.[0-9]+ +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + build-and-stage-release: + if: ${{ github.repository == 'spring-projects/spring-framework' }} + name: Build and Stage Release + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@v4 + - name: Build and Publish + id: build-and-publish + uses: ./.github/actions/build + with: + develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + publish: true + - name: Stage Release + uses: spring-io/artifactory-deploy-action@26bbe925a75f4f863e1e529e85be2d0093cac116 # v0.0.1 + with: + build-name: ${{ format('spring-framework-{0}', steps.build-and-publish.outputs.version)}} + folder: 'deployment-repository' + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + repository: 'libs-staging-local' + signing-key: ${{ secrets.GPG_PRIVATE_KEY }} + signing-passphrase: ${{ secrets.GPG_PASSPHRASE }} + uri: 'https://repo.spring.io' + username: ${{ secrets.ARTIFACTORY_USERNAME }} + outputs: + version: ${{ steps.build-and-publish.outputs.version }} + verify: + name: Verify + needs: build-and-stage-release + uses: ./.github/workflows/verify.yml + with: + staging: true + version: ${{ needs.build-and-stage-release.outputs.version }} + secrets: + google-chat-webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }} + repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} + token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} + sync-to-maven-central: + name: Sync to Maven Central + needs: + - build-and-stage-release + - verify + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Sync to Maven Central + uses: ./.github/actions/sync-to-maven-central + with: + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + ossrh-s01-staging-profile: ${{ secrets.OSSRH_S01_STAGING_PROFILE }} + ossrh-s01-token-password: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} + ossrh-s01-token-username: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} + spring-framework-version: ${{ needs.build-and-stage-release.outputs.version }} + promote-release: + name: Promote Release + needs: + - build-and-stage-release + - sync-to-maven-central + runs-on: ubuntu-latest + steps: + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@7c95feb32008765e1b4e626b078dfd897c4340ad # v4.1.2 + env: + JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} + - name: Promote build + run: jfrog rt build-promote ${{ format('spring-framework-{0}', needs.build-and-stage-release.outputs.version)}} ${{ github.run_number }} libs-release-local + create-github-release: + name: Create GitHub Release + needs: + - build-and-stage-release + - promote-release + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Create GitHub Release + uses: ./.github/actions/create-github-release + with: + milestone: ${{ needs.build-and-stage-release.outputs.version }} + token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/validate-gradle-wrapper.yml similarity index 57% rename from .github/workflows/gradle-wrapper-validation.yml rename to .github/workflows/validate-gradle-wrapper.yml index cf2c086a063..e1629a5f5fe 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/validate-gradle-wrapper.yml @@ -1,13 +1,11 @@ name: "Validate Gradle Wrapper" on: [push, pull_request] - permissions: contents: read - jobs: validation: - name: "Validation" + name: "Validate Gradle Wrapper" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: gradle/wrapper-validation-action@v2 + - uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml new file mode 100644 index 00000000000..86aaec7819c --- /dev/null +++ b/.github/workflows/verify.yml @@ -0,0 +1,71 @@ +name: Verify +on: + workflow_call: + inputs: + version: + required: true + type: string + staging: + required: false + default: false + type: boolean + secrets: + repository-username: + required: false + repository-password: + required: false + google-chat-webhook-url: + required: true + token: + required: true +jobs: + verify: + name: Verify + runs-on: ubuntu-latest + steps: + - name: Check Out Release Verification Tests + uses: actions/checkout@v4 + with: + repository: spring-projects/spring-framework-release-verification + ref: 'v0.0.2' + token: ${{ secrets.token }} + - name: Check Out Send Notification Action + uses: actions/checkout@v4 + with: + path: spring-framework + sparse-checkout: .github/actions/send-notification + - name: Set Up Java + uses: actions/setup-java@v4 + with: + distribution: 'liberica' + java-version: 8 + - name: Set Up Gradle + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 + with: + cache-read-only: false + - name: Configure Gradle Properties + shell: bash + run: | + mkdir -p $HOME/.gradle + echo 'org.gradle.daemon=false' >> $HOME/.gradle/gradle.properties + - name: Run Release Verification Tests + env: + RVT_VERSION: ${{ inputs.version }} + RVT_RELEASE_TYPE: oss + RVT_STAGING: ${{ inputs.staging }} + RVT_OSS_REPOSITORY_USERNAME: ${{ secrets.repository-username }} + RVT_OSS_REPOSITORY_PASSWORD: ${{ secrets.repository-password }} + run: ./gradlew spring-framework-release-verification-tests:test + - name: Upload Build Reports on Failure + uses: actions/upload-artifact@v4 + if: failure() + with: + name: build-reports + path: '**/build/reports/' + - name: Send Notification + uses: ./spring-framework/.github/actions/send-notification + if: failure() + with: + webhook-url: ${{ secrets.google-chat-webhook-url }} + status: ${{ job.status }} + run-name: ${{ format('{0} | Verification | {1}', github.ref_name, inputs.version) }}