spring-projects
diff --git a/‎.github/workflows/antora-generate.yml
Lines changed: 8 additions & 0 deletions b/‎.github/workflows/antora-generate.yml
Lines changed: 8 additions & 0 deletions
diff --git a/‎.github/workflows/continuous-integration-workflow.yml
Lines changed: 144 additions & 8 deletions b/‎.github/workflows/continuous-integration-workflow.yml
Lines changed: 144 additions & 8 deletions
diff --git a/‎.github/workflows/deploy-reference.yml
Lines changed: 10 additions & 7 deletions b/‎.github/workflows/deploy-reference.yml
Lines changed: 10 additions & 7 deletions
diff --git a/‎.github/workflows/pr-build-workflow.yml
Lines changed: 5 additions & 4 deletions b/‎.github/workflows/pr-build-workflow.yml
Lines changed: 5 additions & 4 deletions
diff --git a/‎.github/workflows/update-scheduled-release-version.yml
Lines changed: 83 additions & 0 deletions b/‎.github/workflows/update-scheduled-release-version.yml
Lines changed: 83 additions & 0 deletions
@@ -16,6 +16,14 @@ jobs:
     steps:
       - name: Checkout Source
         uses: actions/checkout@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: '11'
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Generate antora.yml
         run: ./gradlew :spring-security-docs:generateAntora
       - name: Extract Branch Name
 
@@ -24,11 +24,17 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       runjobs: ${{ steps.continue.outputs.runjobs }}
+      project_version: ${{ steps.continue.outputs.project_version }}
     steps:
+      - uses: actions/checkout@v2
       - id: continue
         name: Determine if should continue
         if: env.RUN_JOBS == 'true'
-        run: echo "::set-output name=runjobs::true"
+        run: |
+          echo "::set-output name=runjobs::true"
+          # Extract version from gradle.properties
+          version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
+          echo "::set-output name=project_version::$version"
   build_jdk_11:
     name: Build JDK 11
     needs: [prerequisites]
@@ -47,11 +53,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
-      - name: Cache Gradle packages
-        uses: actions/cache@v2
-        with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Build with Gradle
         env:
           GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
@@ -73,6 +78,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Snapshot Tests
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -94,6 +103,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Check samples project
         env:
           LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
@@ -119,6 +132,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Check for package tangles
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -139,6 +156,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Deploy artifacts
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -166,6 +187,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Deploy Docs
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -190,6 +215,10 @@ jobs:
         run: |
           mkdir -p ~/.gradle
           echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Deploy Schema
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -200,14 +229,121 @@ jobs:
           DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
           DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
           DOCS_HOST: ${{ secrets.DOCS_HOST }}
+  perform_release:
+    name: Perform release
+    needs: [prerequisites, deploy_artifacts, deploy_docs, deploy_schema]
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    if: ${{ !endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }}
+    env:
+      REPO: ${{ github.repository }}
+      BRANCH: ${{ github.ref_name }}
+      TOKEN: ${{ github.token }}
+      VERSION: ${{ needs.prerequisites.outputs.project_version }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: '11'
+      - name: Setup gradle user name
+        run: |
+          mkdir -p ~/.gradle
+          echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
+      - name: Wait for Artifactory Artifacts
+        if: ${{ contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }}
+        run: |
+          echo "Wait for artifacts of $REPO@$VERSION to appear on Artifactory."
+          until curl -f -s https://repo.spring.io/artifactory/milestone/org/springframework/security/spring-security-core/$VERSION/ > /dev/null
+          do
+            sleep 30
+            echo "."
+          done
+          echo "Artifacts for $REPO@$VERSION have been released to Artifactory."
+      - name: Wait for Maven Central Artifacts
+        if: ${{ !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }}
+        run: |
+          echo "Wait for artifacts of $REPO@$VERSION to appear on Maven Central."
+          until curl -f -s https://repo1.maven.org/maven2/org/springframework/security/spring-security-core/$VERSION/ > /dev/null
+          do
+            sleep 30
+            echo "."
+          done
+          echo "Artifacts for $REPO@$VERSION have been released to Maven Central."
+      - name: Create GitHub Release
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          echo "Tagging and publishing $REPO@$VERSION release on GitHub."
+          ./gradlew createGitHubRelease -PnextVersion=$VERSION -Pbranch=$BRANCH -PcreateRelease=true -PgitHubAccessToken=$TOKEN
+      - name: Announce Release on Slack
+        id: spring-security-announcing
+        uses: slackapi/[email protected]
+        with:
+          payload: |
+            {
+              "text": "spring-security-announcing `${{ env.VERSION }}` is available now",
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "spring-security-announcing `${{ env.VERSION }}` is available now"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }}
+          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
+      - name: Setup git config
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+      - name: Update to next Snapshot Version
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          echo "Updating $REPO@$VERSION to next snapshot version."
+          ./gradlew :updateToSnapshotVersion
+          ./gradlew :spring-security-docs:antoraUpdateVersion
+          git commit -am "Next development version"
+          git push
+  perform_post_release:
+    name: Perform post-release
+    needs: [prerequisites, deploy_artifacts, deploy_docs, deploy_schema]
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    if: ${{ endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }}
+    env:
+      TOKEN: ${{ github.token }}
+      VERSION: ${{ needs.prerequisites.outputs.project_version }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: spring-io/spring-gradle-build-action@v1
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+      - name: Schedule next release (if not already scheduled)
+        run: ./gradlew scheduleNextRelease -PnextVersion=$VERSION -PgitHubAccessToken=$TOKEN
   notify_result:
     name: Check for failures
-    needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles, deploy_artifacts, deploy_docs, deploy_schema]
+    needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles, deploy_artifacts, deploy_docs, deploy_schema, perform_release, perform_post_release]
     if: failure()
     runs-on: ubuntu-latest
     steps:
       - name: Send Slack message
-        uses: Gamesight/[email protected]
+        # Workaround while waiting for Gamesight/slack-workflow-status#38 to be fixed
+        # See https://github.com/Gamesight/slack-workflow-status/issues/38
+        uses: sjohnr/slack-workflow-status@v1-beta
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
 
@@ -18,16 +18,19 @@ jobs:
         with:
           java-version: '11'
           distribution: 'adopt'
-          cache: gradle
       - name: Validate Gradle wrapper
         uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
+        with:
+          # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
+          # Restoring these files from a GitHub Actions cache might cause problems for future builds.
+          gradle-home-cache-excludes: |
+            caches/modules-2/modules-2.lock
+            caches/modules-2/gc.properties
       - name: Build with Gradle
         run: ./gradlew :spring-security-docs:antora --stacktrace
-      - name: Cleanup Gradle Cache
-        # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
-        # Restoring these files from a GitHub Actions cache might cause problems for future builds.
-        run: |
-          rm -f ~/.gradle/caches/modules-2/modules-2.lock
-          rm -f ~/.gradle/caches/modules-2/gc.properties
       - name: Deploy
         run: ${GITHUB_WORKSPACE}/.github/actions/algolia-deploy.sh "${{ secrets.DOCS_USERNAME }}@${{ secrets.DOCS_HOST }}" "/opt/www/domains/spring.io/docs/htdocs/spring-security/reference/" "${{ secrets.DOCS_SSH_KEY }}" "${{ secrets.DOCS_SSH_HOST_KEY }}"
@@ -17,12 +17,13 @@ jobs:
         uses: actions/setup-java@v1
         with:
           java-version: '11'
-      - name: Cache Gradle packages
+      - name: Setup Gradle
         if: env.RUN_JOBS == 'true'
-        uses: actions/cache@v2
+        uses: gradle/gradle-build-action@v2
         with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          cache-read-only: true
+        env:
+          GRADLE_USER_HOME: ~/.gradle
       - name: Build with Gradle
         if: env.RUN_JOBS == 'true'
         run: ./gradlew clean build --continue --scan
@@ -0,0 +1,83 @@
+name: Update Scheduled Release Version
+
+on:
+  workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.yml on main.
+
+env:
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
+  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+
+jobs:
+  update_scheduled_release_version:
+    name: Initiate Release If Scheduled
+    if: ${{ github.repository == 'spring-projects/spring-security' }}
+    runs-on: ubuntu-latest
+    steps:
+      - id: checkout-source
+        name: Checkout Source Code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+      - id: setup-jdk
+        name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: '11'
+      - name: Setup gradle user name
+        run: |
+          mkdir -p ~/.gradle
+          echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        env:
+          GRADLE_USER_HOME: ~/.gradle
+      - id: check-release-due
+        name: Check Release Due
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          ./gradlew gitHubCheckNextVersionDueToday
+          echo "::set-output name=is_due_today::$(cat build/github/milestones/is-due-today)"
+      - id: check-open-issues
+        name: Check for open issues
+        if: steps.check-release-due.outputs.is_due_today == 'true'
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          ./gradlew gitHubCheckMilestoneHasNoOpenIssues
+          echo "::set-output name=is_open_issues::$(cat build/github/milestones/is-open-issues)"
+      - id: validate-release-state
+        name: Validate State of Release
+        if: steps.check-release-due.outputs.is_due_today == 'true' && steps.check-open-issues.outputs.is_open_issues == 'true'
+        run: |
+          echo "The release is due today but there are open issues"
+          exit 1
+      - id: update-version-and-push
+        name: Update version and push
+        if: steps.check-release-due.outputs.is_due_today == 'true' && steps.check-open-issues.outputs.is_open_issues == 'false'
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+          ./gradlew :updateProjectVersion
+          ./gradlew :spring-security-docs:antoraUpdateVersion
+          updatedVersion=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
+          git commit -am "Release $updatedVersion"
+          git tag $updatedVersion
+          git push
+          git push origin $updatedVersion
+      - id: send-slack-notification
+        name: Send Slack message
+        if: failure()
+        uses: Gamesight/[email protected]
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          channel: '#spring-security-ci'
+          name: 'CI Notifier'