From 832572803543d1ec4436e1b9d780ad2a4b008362 Mon Sep 17 00:00:00 2001 From: Rob Winch <362503+rwinch@users.noreply.github.com> Date: Fri, 25 Apr 2025 13:16:44 -0500 Subject: [PATCH 1/2] rm merge-dependabot-pr.yml from Unsupported Branch --- .github/workflows/merge-dependabot-pr.yml | 63 ----------------------- 1 file changed, 63 deletions(-) delete mode 100644 .github/workflows/merge-dependabot-pr.yml diff --git a/.github/workflows/merge-dependabot-pr.yml b/.github/workflows/merge-dependabot-pr.yml deleted file mode 100644 index 4f2168eb3b..0000000000 --- a/.github/workflows/merge-dependabot-pr.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Merge Dependabot PR - -on: pull_request_target - -run-name: Merge Dependabot PR ${{ github.ref_name }} - -permissions: write-all - -jobs: - merge-dependabot-pr: - name: Merge Dependabot PR - runs-on: ubuntu-latest - if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }} - steps: - - - uses: actions/checkout@v4 - with: - show-progress: false - ref: ${{ github.event.pull_request.head.sha }} - - - uses: actions/setup-java@v4 - with: - distribution: temurin - java-version: 17 - - - name: Set Milestone to Dependabot Pull Request - id: set-milestone - run: | - if test -f pom.xml - then - CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout) - else - CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }') - fi - export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT} - MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title') - - if [ -z $MILESTONE ] - then - gh run cancel ${{ github.run_id }} - echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version" - else - gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE - echo mergeEnabled=true >> $GITHUB_OUTPUT - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Merge Dependabot pull request - if: steps.set-milestone.outputs.mergeEnabled - run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase - env: - GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - send-notification: - name: Send Notification - needs: [ merge-dependabot-pr ] - if: ${{ failure() || cancelled() }} - runs-on: ubuntu-latest - steps: - - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1 - with: - webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} From 1a6915d3c0386d51d988ef6a457c471e43443b57 Mon Sep 17 00:00:00 2001 From: Rob Winch <362503+rwinch@users.noreply.github.com> Date: Fri, 2 May 2025 12:35:31 -0500 Subject: [PATCH 2/2] rm .github/workflows for unsupported branch --- .github/workflows/clean_build_artifacts.yml | 23 ---- .../continuous-integration-workflow.yml | 125 ------------------ .github/workflows/deploy-docs.yml | 33 ----- .../gradle-wrapper-upgrade-execution.yml | 32 ----- .../mark-duplicate-dependabot-prs.yml | 45 ------- .../milestone-spring-releasetrain.yml | 35 ----- .github/workflows/pr-build-workflow.yml | 54 -------- .github/workflows/release-scheduler.yml | 24 ---- .../trigger-dependabot-auto-merge-forward.yml | 22 --- .../update-scheduled-release-version.yml | 23 ---- 10 files changed, 416 deletions(-) delete mode 100644 .github/workflows/clean_build_artifacts.yml delete mode 100644 .github/workflows/continuous-integration-workflow.yml delete mode 100644 .github/workflows/deploy-docs.yml delete mode 100644 .github/workflows/gradle-wrapper-upgrade-execution.yml delete mode 100644 .github/workflows/mark-duplicate-dependabot-prs.yml delete mode 100644 .github/workflows/milestone-spring-releasetrain.yml delete mode 100644 .github/workflows/pr-build-workflow.yml delete mode 100644 .github/workflows/release-scheduler.yml delete mode 100644 .github/workflows/trigger-dependabot-auto-merge-forward.yml delete mode 100644 .github/workflows/update-scheduled-release-version.yml diff --git a/.github/workflows/clean_build_artifacts.yml b/.github/workflows/clean_build_artifacts.yml deleted file mode 100644 index c116fac71d..0000000000 --- a/.github/workflows/clean_build_artifacts.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Clean build artifacts -on: - schedule: - - cron: '0 10 * * *' # Once per day at 10am UTC - -permissions: - contents: read - -jobs: - main: - runs-on: ubuntu-latest - if: ${{ github.repository == 'spring-projects/spring-security' }} - permissions: - contents: none - steps: - - name: Delete artifacts in cron job - env: - GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - run: | - echo "Running clean build artifacts logic" - output=$(curl -X GET -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts | grep '"id"' | cut -d : -f2 | sed 's/,*$//g') - echo Output is $output - for id in $output; do curl -X DELETE -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts/$id; done; diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml deleted file mode 100644 index cff9af47f3..0000000000 --- a/.github/workflows/continuous-integration-workflow.yml +++ /dev/null @@ -1,125 +0,0 @@ -name: CI - -on: - push: - branches-ignore: - - "dependabot/**" - schedule: - - cron: '0 10 * * *' # Once per day at 10am UTC - workflow_dispatch: # Manual trigger - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} - -permissions: - contents: read - -jobs: - build: - name: Build - uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@v1 - strategy: - matrix: - os: [ ubuntu-latest, windows-latest ] - jdk: [ 17 ] - with: - runs-on: ${{ matrix.os }} - java-version: ${{ matrix.jdk }} - distribution: temurin - secrets: inherit - test: - name: Test Against Snapshots - uses: spring-io/spring-security-release-tools/.github/workflows/test.yml@v1 - strategy: - matrix: - include: - - java-version: 21-ea - toolchain: 21 - - java-version: 17 - toolchain: 17 - with: - java-version: ${{ matrix.java-version }} - test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.1.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2023.1.+ --stacktrace - secrets: inherit - check-samples: - name: Check Samples - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'spring-projects' }} - steps: - - uses: actions/checkout@v4 - - name: Set up gradle - uses: spring-io/spring-gradle-build-action@v2 - with: - java-version: 17 - distribution: temurin - - name: Check samples project - env: - LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos - SAMPLES_DIR: ../spring-security-samples - run: | - # Extract version from gradle.properties - version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}') - # Extract samplesBranch from gradle.properties - samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}') - ./gradlew publishMavenJavaPublicationToLocalRepository - ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR" - ./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" :runAllTests - check-tangles: - name: Check for Package Tangles - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'spring-projects' }} - steps: - - uses: actions/checkout@v4 - - name: Set up gradle - uses: spring-io/spring-gradle-build-action@v2 - with: - java-version: 17 - distribution: temurin - - name: Check for package tangles - env: - STRUCTURE101_LICENSEID: ${{ secrets.STRUCTURE101_LICENSEID }} - run: | - ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace - deploy-artifacts: - name: Deploy Artifacts - needs: [ build, test, check-samples, check-tangles ] - uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1 - with: - should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }} - secrets: inherit - deploy-docs: - name: Deploy Docs - needs: [ build, test, check-samples, check-tangles ] - uses: spring-io/spring-security-release-tools/.github/workflows/deploy-docs.yml@v1 - with: - should-deploy-docs: ${{ needs.build.outputs.should-deploy-artifacts }} - secrets: inherit - deploy-schema: - name: Deploy Schema - needs: [ build, test, check-samples, check-tangles ] - uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@v1 - with: - should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }} - secrets: inherit - perform-release: - name: Perform Release - needs: [ deploy-artifacts, deploy-docs, deploy-schema ] - uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@v1 - with: - should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }} - project-version: ${{ needs.deploy-artifacts.outputs.project-version }} - milestone-repo-url: https://repo.spring.io/artifactory/milestone - release-repo-url: https://repo1.maven.org/maven2 - artifact-path: org/springframework/security/spring-security-core - slack-announcing-id: spring-security-announcing - secrets: inherit - send-notification: - name: Send Notification - needs: [ perform-release ] - if: ${{ failure() || cancelled() }} - runs-on: ubuntu-latest - steps: - - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1 - with: - webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml deleted file mode 100644 index 25381d0f82..0000000000 --- a/.github/workflows/deploy-docs.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Deploy Docs -on: - push: - branches-ignore: - - "gh-pages" - - "dependabot/**" - tags: '**' - repository_dispatch: - types: request-build-reference # legacy - #schedule: - #- cron: '0 10 * * *' # Once per day at 10am UTC - workflow_dispatch: -permissions: read-all -jobs: - build: - runs-on: ubuntu-latest - if: github.repository_owner == 'spring-projects' - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: docs-build - fetch-depth: 1 - - name: Dispatch (partial build) - if: github.ref_type == 'branch' - env: - GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - run: gh workflow run deploy-docs.yml -r $(git rev-parse --abbrev-ref HEAD) -f build-refname=${{ github.ref_name }} - - name: Dispatch (full build) - if: github.ref_type == 'tag' - env: - GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - run: gh workflow run deploy-docs.yml -r $(git rev-parse --abbrev-ref HEAD) diff --git a/.github/workflows/gradle-wrapper-upgrade-execution.yml b/.github/workflows/gradle-wrapper-upgrade-execution.yml deleted file mode 100644 index 2cbc750d89..0000000000 --- a/.github/workflows/gradle-wrapper-upgrade-execution.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Execute Gradle Wrapper Upgrade - -on: - schedule: - - cron: '0 2 * * *' # 2am UTC - workflow_dispatch: - -jobs: - upgrade_wrapper: - name: Execution - runs-on: ubuntu-latest - steps: - - name: Set up Git configuration - env: - TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config --global url."https://unused-username:${TOKEN}@github.com/".insteadOf "https://github.com/" - git config --global user.name 'github-actions[bot]' - git config --global user.email 'github-actions[bot]@users.noreply.github.com' - - name: Checkout - uses: actions/checkout@v4 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - - name: Set up Gradle - uses: gradle/gradle-build-action@v2 - - name: Upgrade Wrappers - run: ./gradlew clean upgradeGradleWrapperAll --continue -Porg.gradle.java.installations.auto-download=false - env: - WRAPPER_UPGRADE_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/mark-duplicate-dependabot-prs.yml b/.github/workflows/mark-duplicate-dependabot-prs.yml deleted file mode 100644 index 478e2ad814..0000000000 --- a/.github/workflows/mark-duplicate-dependabot-prs.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Mark Duplicate Dependabot PRs - -on: - pull_request: - types: [closed] - -jobs: - check_duplicate_prs: - runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && github.event.pull_request.user.login == 'dependabot[bot]' - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Extract Dependency Name from PR Title - id: extract - run: | - PR_TITLE="${{ github.event.pull_request.title }}" - DEPENDENCY_NAME=$(echo "$PR_TITLE" | awk -F ' from ' '{print $1}') - echo "dependency_name=$DEPENDENCY_NAME" >> $GITHUB_OUTPUT - - - name: Find PRs - id: find_duplicates - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - PRS=$(gh pr list --search 'milestone:${{ github.event.pull_request.milestone.title }} is:merged in:title "${{ steps.extract.outputs.dependency_name }}"' --json number --jq 'map(.number) | join(",")') - echo "prs=$PRS" >> $GITHUB_OUTPUT - - - name: Label Duplicate PRs - if: steps.find_duplicates.outputs.prs != '' - env: - PRS: ${{ steps.find_duplicates.outputs.prs }} - CURRENT_PR_NUMBER: ${{ github.event.pull_request.number }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - for i in ${PRS//,/ } - do - if [ ! $i -eq "$CURRENT_PR_NUMBER" ]; then - echo "Marking PR $i as duplicate" - gh pr edit "$i" --add-label "status: duplicate" - gh pr comment "$i" --body "Duplicate of #$CURRENT_PR_NUMBER" - fi - done diff --git a/.github/workflows/milestone-spring-releasetrain.yml b/.github/workflows/milestone-spring-releasetrain.yml deleted file mode 100644 index 0602ae8e73..0000000000 --- a/.github/workflows/milestone-spring-releasetrain.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Check Milestone -on: - milestone: - types: [created, opened, edited] -env: - DUE_ON: ${{ github.event.milestone.due_on }} - TITLE: ${{ github.event.milestone.title }} -permissions: - contents: read -jobs: - spring-releasetrain-checks: - name: Check DueOn is on a Release Date - runs-on: ubuntu-latest - if: ${{ github.repository == 'spring-projects/spring-security' }} - permissions: - contents: none - steps: - - name: Print Milestone Being Checked - run: echo "Validating DueOn '$DUE_ON' for milestone '$TITLE'" - - name: Validate DueOn - if: env.DUE_ON != '' - run: | - export TOOL_VERSION=0.1.1 - wget "https://repo.maven.apache.org/maven2/io/spring/releasetrain/spring-release-train-tools/$TOOL_VERSION/spring-release-train-tools-$TOOL_VERSION.jar" - java -cp "spring-release-train-tools-$TOOL_VERSION.jar" io.spring.releasetrain.CheckMilestoneDueOnMain --dueOn "$DUE_ON" --expectedDayOfWeek MONDAY --expectedMondayCount 3 - send-notification: - name: Send Notification - needs: [ spring-releasetrain-checks ] - if: ${{ failure() || cancelled() }} - runs-on: ubuntu-latest - steps: - - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1 - with: - webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} diff --git a/.github/workflows/pr-build-workflow.yml b/.github/workflows/pr-build-workflow.yml deleted file mode 100644 index 6d56bc9d91..0000000000 --- a/.github/workflows/pr-build-workflow.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: PR Build - -on: pull_request - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} - -permissions: - contents: read - -jobs: - build: - name: Build - runs-on: ubuntu-latest - if: ${{ github.repository == 'spring-projects/spring-security' }} - steps: - - uses: actions/checkout@v4 - - name: Set up gradle - uses: spring-io/spring-gradle-build-action@v2 - with: - java-version: '17' - distribution: 'temurin' - - name: Build with Gradle - run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue - generate-docs: - name: Generate Docs - runs-on: ubuntu-latest - if: ${{ github.repository == 'spring-projects/spring-security' }} - steps: - - uses: actions/checkout@v4 - - name: Set up gradle - uses: spring-io/spring-gradle-build-action@v2 - with: - java-version: '17' - distribution: 'temurin' - - name: Run Antora - run: ./gradlew -PbuildSrc.skipTests=true :spring-security-docs:antora - - name: Upload Docs - id: upload - uses: actions/upload-artifact@v4 - with: - name: docs - path: docs/build/site - overwrite: true - send-notification: - name: Send Notification - needs: [ build, generate-docs ] - if: ${{ failure() && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }} - runs-on: ubuntu-latest - steps: - - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1 - with: - webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} diff --git a/.github/workflows/release-scheduler.yml b/.github/workflows/release-scheduler.yml deleted file mode 100644 index c58ee33e9c..0000000000 --- a/.github/workflows/release-scheduler.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Release Scheduler -on: - schedule: - - cron: '15 15 * * MON' # Every Monday at 3:15pm UTC - workflow_dispatch: -permissions: read-all -jobs: - dispatch_scheduled_releases: - name: Dispatch scheduled releases - if: github.repository_owner == 'spring-projects' - strategy: - matrix: - # List of active maintenance branches. - branch: [ main, 6.1.x, 5.8.x ] - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - name: Dispatch - env: - GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - run: gh workflow run update-scheduled-release-version.yml -r ${{ matrix.branch }} diff --git a/.github/workflows/trigger-dependabot-auto-merge-forward.yml b/.github/workflows/trigger-dependabot-auto-merge-forward.yml deleted file mode 100644 index 9bbb2ccbd5..0000000000 --- a/.github/workflows/trigger-dependabot-auto-merge-forward.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Trigger Dependabot Auto Merge Forward - -on: - push: - branches: - - '*.x' - -permissions: read-all - -jobs: - trigger-worflow: - name: Trigger Workflow - runs-on: ubuntu-latest - if: ${{ github.event.commits[0].author.username == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }} - steps: - - name: Checkout - id: checkout - uses: actions/checkout@v4 - - id: trigger - env: - GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - run: gh workflow run dependabot-auto-merge-forward.yml -r main diff --git a/.github/workflows/update-scheduled-release-version.yml b/.github/workflows/update-scheduled-release-version.yml deleted file mode 100644 index 665b1b50b6..0000000000 --- a/.github/workflows/update-scheduled-release-version.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Update Scheduled Release Version - -on: - workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.yml on main. - -permissions: - contents: read - -jobs: - update-scheduled-release-version: - name: Update Scheduled Release Version - uses: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml@v1 - secrets: inherit - send-notification: - name: Send Notification - needs: [ update-scheduled-release-version ] - if: ${{ failure() || cancelled() }} - runs-on: ubuntu-latest - steps: - - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1 - with: - webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} \ No newline at end of file