From d6c623be4058fc5b388eba7ba190d9c95b5f15d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Nicoll?= <stephane.nicoll@broadcom.com>
Date: Tue, 9 Jul 2024 15:15:17 +0200
Subject: [PATCH] Release from GHA

This commit adds a workflow to release the Spring Framework from GitHub
Actions.

Closes gh-33179
---
 .../actions/create-github-release/action.yml  | 23 +++++
 .../changelog-generator.yml                   | 28 ++++++
 .../actions/sync-to-maven-central/action.yml  | 50 +++++++++++
 .../sync-to-maven-central/artifacts.spec      | 20 +++++
 .github/workflows/release.yml                 | 90 +++++++++++++++++++
 5 files changed, 211 insertions(+)
 create mode 100644 .github/actions/create-github-release/action.yml
 create mode 100644 .github/actions/create-github-release/changelog-generator.yml
 create mode 100644 .github/actions/sync-to-maven-central/action.yml
 create mode 100644 .github/actions/sync-to-maven-central/artifacts.spec
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/actions/create-github-release/action.yml b/.github/actions/create-github-release/action.yml
new file mode 100644
index 00000000000..0354737e5df
--- /dev/null
+++ b/.github/actions/create-github-release/action.yml
@@ -0,0 +1,23 @@
+name: Create GitHub Release
+description: Create the release on GitHub with a changelog
+inputs:
+  milestone:
+    description: 'Name of the GitHub milestone for which a release will be created'
+    required: true
+  token:
+    description: 'Token to use for authentication with GitHub'
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Generate Changelog
+      uses: spring-io/github-changelog-generator@185319ad7eaa75b0e8e72e4b6db19c8b2cb8c4c1 #v0.0.11
+      with:
+        milestone: ${{ inputs.milestone }}
+        token: ${{ inputs.token }}
+        config-file: .github/actions/create-github-release/changelog-generator.yml
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+      shell: bash
+      run: gh release create ${{ format('v{0}', inputs.milestone) }} --notes-file changelog.md
diff --git a/.github/actions/create-github-release/changelog-generator.yml b/.github/actions/create-github-release/changelog-generator.yml
new file mode 100644
index 00000000000..725c4096667
--- /dev/null
+++ b/.github/actions/create-github-release/changelog-generator.yml
@@ -0,0 +1,28 @@
+changelog:
+  repository: spring-projects/spring-framework
+  sections:
+    - title: ":star: New Features"
+      labels:
+        - "type: enhancement"
+    - title: ":lady_beetle: Bug Fixes"
+      labels:
+        - "type: bug"
+        - "type: regression"
+    - title: ":notebook_with_decorative_cover: Documentation"
+      labels:
+        - "type: documentation"
+    - title: ":hammer: Dependency Upgrades"
+      sort: "title"
+      labels:
+        - "type: dependency-upgrade"
+  contributors:
+    exclude:
+      names:
+        - "bclozel"
+        - "jhoeller"
+        - "poutsma"
+        - "rstoyanchev"
+        - "sbrannen"
+        - "sdeleuze"
+        - "simonbasle"
+        - "snicoll"
diff --git a/.github/actions/sync-to-maven-central/action.yml b/.github/actions/sync-to-maven-central/action.yml
new file mode 100644
index 00000000000..71d17baf73c
--- /dev/null
+++ b/.github/actions/sync-to-maven-central/action.yml
@@ -0,0 +1,50 @@
+name: Sync to Maven Central
+description: Syncs a release to Maven Central and waits for it to be available for use
+inputs:
+  jfrog-cli-config-token:
+    description: 'Config token for the JFrog CLI'
+    required: true
+  spring-framework-version:
+    description: 'The version of Spring Framework that is being synced to Central'
+    required: true
+  ossrh-s01-token-username:
+    description: 'Username for authentication with s01.oss.sonatype.org'
+    required: true
+  ossrh-s01-token-password:
+    description: 'Password for authentication with s01.oss.sonatype.org'
+    required: true
+  ossrh-s01-staging-profile:
+    description: 'Staging profile to use when syncing to Central'
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Set Up JFrog CLI
+      uses: jfrog/setup-jfrog-cli@7c95feb32008765e1b4e626b078dfd897c4340ad # v4.1.2
+      env:
+        JF_ENV_SPRING: ${{ inputs.jfrog-cli-config-token }}
+    - name: Download Release Artifacts
+      shell: bash
+      run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-framework-{0}', inputs.spring-framework-version) }};buildNumber=${{ github.run_number }}'
+    - name: Sync
+      uses: spring-io/nexus-sync-action@42477a2230a2f694f9eaa4643fa9e76b99b7ab84 # v0.0.1
+      with:
+        username: ${{ inputs.ossrh-s01-token-username }}
+        password: ${{ inputs.ossrh-s01-token-password }}
+        staging-profile-name: ${{ inputs.ossrh-s01-staging-profile }}
+        create: true
+        upload: true
+        close: true
+        release: true
+        generate-checksums: true
+    - name: Await
+      shell: bash
+      run: |
+        url=${{ format('https://repo.maven.apache.org/maven2/org/springframework/spring-context/{0}/spring-context-{0}.jar', inputs.spring-framework-version) }}
+        echo "Waiting for $url"
+        until curl --fail --head --silent $url > /dev/null
+        do
+          echo "."
+          sleep 60
+        done
+        echo "$url is available"
diff --git a/.github/actions/sync-to-maven-central/artifacts.spec b/.github/actions/sync-to-maven-central/artifacts.spec
new file mode 100644
index 00000000000..f5c16ed5137
--- /dev/null
+++ b/.github/actions/sync-to-maven-central/artifacts.spec
@@ -0,0 +1,20 @@
+{
+  "files": [
+    {
+      "aql": {
+        "items.find": {
+          "$and": [
+            {
+              "@build.name": "${buildName}",
+              "@build.number": "${buildNumber}",
+              "path": {
+                "$nmatch": "org/springframework/framework-api/*"
+              }
+            }
+          ]
+        }
+      },
+      "target": "nexus/"
+    }
+  ]
+}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000000..3b28754d95c
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,90 @@
+name: Release
+on:
+  push:
+    tags:
+      - v6.1.[0-9]+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+jobs:
+  build-and-stage-release:
+    if: ${{ github.repository == 'spring-projects/spring-framework' }}
+    name: Build and Stage Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check Out Code
+        uses: actions/checkout@v4
+      - name: Build and Publish
+        id: build-and-publish
+        uses: ./.github/actions/build
+        with:
+          develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+          publish: true
+      - name: Stage Release
+        uses: spring-io/artifactory-deploy-action@26bbe925a75f4f863e1e529e85be2d0093cac116 # v0.0.1
+        with:
+          build-name: ${{ format('spring-framework-{0}', steps.build-and-publish.outputs.version)}}
+          folder: 'deployment-repository'
+          password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+          repository: 'libs-staging-local'
+          signing-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          signing-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          uri: 'https://repo.spring.io'
+          username: ${{ secrets.ARTIFACTORY_USERNAME }}
+    outputs:
+      version: ${{ steps.build-and-publish.outputs.version }}
+  verify:
+    name: Verify
+    needs: build-and-stage-release
+    uses: ./.github/workflows/verify.yml
+    with:
+      staging: true
+      version: ${{ needs.build-and-stage-release.outputs.version }}
+    secrets:
+      google-chat-webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }}
+      repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+      repository-username: ${{ secrets.ARTIFACTORY_USERNAME }}
+      token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+  sync-to-maven-central:
+    name: Sync to Maven Central
+    needs:
+      - build-and-stage-release
+      - verify
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check Out Code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Sync to Maven Central
+        uses: ./.github/actions/sync-to-maven-central
+        with:
+          jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }}
+          ossrh-s01-staging-profile: ${{ secrets.OSSRH_S01_STAGING_PROFILE }}
+          ossrh-s01-token-password: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
+          ossrh-s01-token-username: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
+          spring-framework-version: ${{ needs.build-and-stage-release.outputs.version }}
+  promote-release:
+    name: Promote Release
+    needs:
+      - build-and-stage-release
+      - sync-to-maven-central
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up JFrog CLI
+        uses: jfrog/setup-jfrog-cli@7c95feb32008765e1b4e626b078dfd897c4340ad # v4.1.2
+        env:
+          JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
+      - name: Promote build
+        run: jfrog rt build-promote ${{ format('spring-framework-{0}', needs.build-and-stage-release.outputs.version)}} ${{ github.run_number }} libs-release-local
+  create-github-release:
+    name: Create GitHub Release
+    needs:
+      - build-and-stage-release
+      - promote-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check Out Code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Create GitHub Release
+        uses: ./.github/actions/create-github-release
+        with:
+          milestone: ${{ needs.build-and-stage-release.outputs.version }}
+          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}