mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
rm .github/workflows for unsupported branch
This commit is contained in:
parent
655c638c97
commit
8806e0176c
23
.github/workflows/clean_build_artifacts.yml
vendored
23
.github/workflows/clean_build_artifacts.yml
vendored
@ -1,23 +0,0 @@
|
|||||||
name: Clean build artifacts
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 10 * * *' # Once per day at 10am UTC
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
main:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'spring-projects/spring-security' }}
|
|
||||||
permissions:
|
|
||||||
contents: none
|
|
||||||
steps:
|
|
||||||
- name: Delete artifacts in cron job
|
|
||||||
env:
|
|
||||||
GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
|
||||||
run: |
|
|
||||||
echo "Running clean build artifacts logic"
|
|
||||||
output=$(curl -X GET -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts | grep '"id"' | cut -d : -f2 | sed 's/,*$//g')
|
|
||||||
echo Output is $output
|
|
||||||
for id in $output; do curl -X DELETE -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts/$id; done;
|
|
@ -1,256 +0,0 @@
|
|||||||
name: CI
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches-ignore:
|
|
||||||
- "dependabot/**"
|
|
||||||
schedule:
|
|
||||||
- cron: '0 10 * * *' # Once per day at 10am UTC
|
|
||||||
workflow_dispatch: # Manual trigger
|
|
||||||
|
|
||||||
env:
|
|
||||||
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
|
|
||||||
COMMIT_OWNER: ${{ github.event.pusher.name }}
|
|
||||||
COMMIT_SHA: ${{ github.sha }}
|
|
||||||
STRUCTURE101_LICENSEID: ${{ secrets.STRUCTURE101_LICENSEID }}
|
|
||||||
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
||||||
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
prerequisites:
|
|
||||||
name: Pre-requisites for building
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'spring-projects/spring-security' }}
|
|
||||||
outputs:
|
|
||||||
runjobs: ${{ steps.continue.outputs.runjobs }}
|
|
||||||
project_version: ${{ steps.continue.outputs.project_version }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- id: continue
|
|
||||||
name: Determine if should continue
|
|
||||||
run: |
|
|
||||||
# Run jobs if in upstream repository
|
|
||||||
echo "runjobs=true" >>$GITHUB_OUTPUT
|
|
||||||
# Extract version from gradle.properties
|
|
||||||
version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
|
|
||||||
echo "project_version=$version" >>$GITHUB_OUTPUT
|
|
||||||
build_jdk_11:
|
|
||||||
name: Build JDK 11
|
|
||||||
needs: [prerequisites]
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
os: [ubuntu-latest, windows-latest]
|
|
||||||
runs-on: ${{ matrix.os }}
|
|
||||||
if: needs.prerequisites.outputs.runjobs
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up JDK 11
|
|
||||||
uses: actions/setup-java@v4
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
cache: 'gradle'
|
|
||||||
- name: Set up Gradle
|
|
||||||
uses: gradle/gradle-build-action@v3
|
|
||||||
- name: Set up gradle user name
|
|
||||||
run: echo 'systemProp.user.name=spring-builds+github' >> gradle.properties
|
|
||||||
- name: Build with Gradle
|
|
||||||
run: ./gradlew clean build --continue -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD"
|
|
||||||
snapshot_tests:
|
|
||||||
name: Test against snapshots
|
|
||||||
needs: [prerequisites]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: needs.prerequisites.outputs.runjobs
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Snapshot Tests
|
|
||||||
run: ./gradlew test --refresh-dependencies -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PspringFrameworkVersion='5.+' -PreactorVersion='2020.0.+' -PspringDataVersion='2021.2.+' -PlocksDisabled --stacktrace
|
|
||||||
check_samples:
|
|
||||||
name: Check Samples project
|
|
||||||
needs: [prerequisites]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: needs.prerequisites.outputs.runjobs
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Check samples project
|
|
||||||
env:
|
|
||||||
LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
|
|
||||||
SAMPLES_DIR: ../spring-security-samples
|
|
||||||
VERSION: ${{ needs.prerequisites.outputs.project_version }}
|
|
||||||
run: |
|
|
||||||
./gradlew publishMavenJavaPublicationToLocalRepository
|
|
||||||
./gradlew cloneSamples -PcloneOutputDirectory="$SAMPLES_DIR"
|
|
||||||
./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$VERSION" :runAllTests
|
|
||||||
check_tangles:
|
|
||||||
name: Check for Package Tangles
|
|
||||||
needs: [ prerequisites ]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: needs.prerequisites.outputs.runjobs
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Check for package tangles
|
|
||||||
run: ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace
|
|
||||||
deploy_artifacts:
|
|
||||||
name: Deploy Artifacts
|
|
||||||
needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Deploy artifacts
|
|
||||||
run: ./gradlew publishArtifacts finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace
|
|
||||||
env:
|
|
||||||
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
|
|
||||||
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
|
|
||||||
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
|
|
||||||
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
|
|
||||||
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
|
|
||||||
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
|
|
||||||
deploy_docs:
|
|
||||||
name: Deploy Docs
|
|
||||||
needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Deploy Docs
|
|
||||||
run: ./gradlew deployDocs -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
|
|
||||||
env:
|
|
||||||
DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
|
|
||||||
DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
|
|
||||||
DOCS_HOST: ${{ secrets.DOCS_HOST }}
|
|
||||||
deploy_schema:
|
|
||||||
name: Deploy Schema
|
|
||||||
needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Deploy Schema
|
|
||||||
run: ./gradlew deploySchema -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace --info
|
|
||||||
env:
|
|
||||||
DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
|
|
||||||
DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
|
|
||||||
DOCS_HOST: ${{ secrets.DOCS_HOST }}
|
|
||||||
perform_release:
|
|
||||||
name: Perform release
|
|
||||||
needs: [prerequisites, deploy_artifacts, deploy_docs, deploy_schema]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
timeout-minutes: 90
|
|
||||||
if: ${{ !endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }}
|
|
||||||
env:
|
|
||||||
REPO: ${{ github.repository }}
|
|
||||||
BRANCH: ${{ github.ref_name }}
|
|
||||||
TOKEN: ${{ github.token }}
|
|
||||||
VERSION: ${{ needs.prerequisites.outputs.project_version }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Wait for Artifactory Artifacts
|
|
||||||
if: ${{ contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }}
|
|
||||||
run: |
|
|
||||||
echo "Wait for artifacts of $REPO@$VERSION to appear on Artifactory."
|
|
||||||
until curl -f -s https://repo.spring.io/artifactory/milestone/org/springframework/security/spring-security-core/$VERSION/ > /dev/null
|
|
||||||
do
|
|
||||||
sleep 30
|
|
||||||
echo "."
|
|
||||||
done
|
|
||||||
echo "Artifacts for $REPO@$VERSION have been released to Artifactory."
|
|
||||||
- name: Wait for Maven Central Artifacts
|
|
||||||
if: ${{ !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }}
|
|
||||||
run: |
|
|
||||||
echo "Wait for artifacts of $REPO@$VERSION to appear on Maven Central."
|
|
||||||
until curl -f -s https://repo1.maven.org/maven2/org/springframework/security/spring-security-core/$VERSION/ > /dev/null
|
|
||||||
do
|
|
||||||
sleep 30
|
|
||||||
echo "."
|
|
||||||
done
|
|
||||||
echo "Artifacts for $REPO@$VERSION have been released to Maven Central."
|
|
||||||
- name: Create GitHub Release
|
|
||||||
run: |
|
|
||||||
echo "Tagging and publishing $REPO@$VERSION release on GitHub."
|
|
||||||
./gradlew createGitHubRelease -PnextVersion=$VERSION -Pbranch=$BRANCH -PcreateRelease=true -PgitHubAccessToken=$TOKEN
|
|
||||||
- name: Announce Release on GChat
|
|
||||||
env:
|
|
||||||
WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_GCHAT_WEBHOOK_URL }}
|
|
||||||
run: |
|
|
||||||
curl -X POST '${{ env.WEBHOOK_URL }}' -H 'Content-Type: application/json' -d '{ "text": "spring-security-announcing `${{ env.VERSION }}` is available now" }' || true
|
|
||||||
- name: Setup git config
|
|
||||||
run: |
|
|
||||||
git config user.name 'github-actions[bot]'
|
|
||||||
git config user.email 'github-actions[bot]@users.noreply.github.com'
|
|
||||||
- name: Update to next Snapshot Version
|
|
||||||
run: |
|
|
||||||
echo "Updating $REPO@$VERSION to next snapshot version."
|
|
||||||
./gradlew :updateToSnapshotVersion
|
|
||||||
git commit -am "Next development version"
|
|
||||||
git push
|
|
||||||
perform_post_release:
|
|
||||||
name: Perform post-release
|
|
||||||
needs: [prerequisites, deploy_artifacts, deploy_docs, deploy_schema]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
issues: write
|
|
||||||
timeout-minutes: 90
|
|
||||||
if: ${{ endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }}
|
|
||||||
env:
|
|
||||||
TOKEN: ${{ github.token }}
|
|
||||||
VERSION: ${{ needs.prerequisites.outputs.project_version }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Schedule next release (if not already scheduled)
|
|
||||||
run: ./gradlew scheduleNextRelease -PnextVersion=$VERSION -PgitHubAccessToken=$TOKEN
|
|
||||||
send-notification:
|
|
||||||
name: Send Notification
|
|
||||||
needs: [ perform_release, perform_post_release ]
|
|
||||||
if: ${{ failure() || cancelled() }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Send Notification
|
|
||||||
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
|
|
||||||
with:
|
|
||||||
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
|
|
33
.github/workflows/deploy-docs.yml
vendored
33
.github/workflows/deploy-docs.yml
vendored
@ -1,33 +0,0 @@
|
|||||||
name: Deploy Docs
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches-ignore:
|
|
||||||
- "gh-pages"
|
|
||||||
- "dependabot/**"
|
|
||||||
tags: '**'
|
|
||||||
repository_dispatch:
|
|
||||||
types: request-build-reference # legacy
|
|
||||||
schedule:
|
|
||||||
- cron: '0 10 * * *' # Once per day at 10am UTC
|
|
||||||
workflow_dispatch:
|
|
||||||
permissions: read-all
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.repository_owner == 'spring-projects'
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
ref: docs-build
|
|
||||||
fetch-depth: 1
|
|
||||||
- name: Dispatch (partial build)
|
|
||||||
if: github.ref_type == 'branch'
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
|
||||||
run: gh workflow run deploy-docs.yml -r $(git rev-parse --abbrev-ref HEAD) -f build-refname=${{ github.ref_name }}
|
|
||||||
- name: Dispatch (full build)
|
|
||||||
if: github.ref_type == 'tag'
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
|
||||||
run: gh workflow run deploy-docs.yml -r $(git rev-parse --abbrev-ref HEAD)
|
|
@ -1,45 +0,0 @@
|
|||||||
name: Mark Duplicate Dependabot PRs
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [closed]
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check_duplicate_prs:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.event.pull_request.merged == true && github.event.pull_request.user.login == 'dependabot[bot]'
|
|
||||||
steps:
|
|
||||||
- name: Checkout Repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Extract Dependency Name from PR Title
|
|
||||||
id: extract
|
|
||||||
run: |
|
|
||||||
PR_TITLE="${{ github.event.pull_request.title }}"
|
|
||||||
DEPENDENCY_NAME=$(echo "$PR_TITLE" | awk -F ' from ' '{print $1}')
|
|
||||||
echo "dependency_name=$DEPENDENCY_NAME" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Find PRs
|
|
||||||
id: find_duplicates
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
run: |
|
|
||||||
PRS=$(gh pr list --search 'milestone:${{ github.event.pull_request.milestone.title }} is:merged in:title "${{ steps.extract.outputs.dependency_name }}"' --json number --jq 'map(.number) | join(",")')
|
|
||||||
echo "prs=$PRS" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Label Duplicate PRs
|
|
||||||
if: steps.find_duplicates.outputs.prs != ''
|
|
||||||
env:
|
|
||||||
PRS: ${{ steps.find_duplicates.outputs.prs }}
|
|
||||||
CURRENT_PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
||||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
for i in ${PRS//,/ }
|
|
||||||
do
|
|
||||||
if [ ! $i -eq "$CURRENT_PR_NUMBER" ]; then
|
|
||||||
echo "Marking PR $i as duplicate"
|
|
||||||
gh pr edit "$i" --add-label "status: duplicate"
|
|
||||||
gh pr comment "$i" --body "Duplicate of #$CURRENT_PR_NUMBER"
|
|
||||||
fi
|
|
||||||
done
|
|
@ -1,35 +0,0 @@
|
|||||||
name: Check Milestone
|
|
||||||
on:
|
|
||||||
milestone:
|
|
||||||
types: [created, opened, edited]
|
|
||||||
env:
|
|
||||||
DUE_ON: ${{ github.event.milestone.due_on }}
|
|
||||||
TITLE: ${{ github.event.milestone.title }}
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
jobs:
|
|
||||||
spring-releasetrain-checks:
|
|
||||||
name: Check DueOn is on a Release Date
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'spring-projects/spring-security' }}
|
|
||||||
permissions:
|
|
||||||
contents: none
|
|
||||||
steps:
|
|
||||||
- name: Print Milestone Being Checked
|
|
||||||
run: echo "Validating DueOn '$DUE_ON' for milestone '$TITLE'"
|
|
||||||
- name: Validate DueOn
|
|
||||||
if: env.DUE_ON != ''
|
|
||||||
run: |
|
|
||||||
export TOOL_VERSION=0.1.1
|
|
||||||
wget "https://repo.maven.apache.org/maven2/io/spring/releasetrain/spring-release-train-tools/$TOOL_VERSION/spring-release-train-tools-$TOOL_VERSION.jar"
|
|
||||||
java -cp "spring-release-train-tools-$TOOL_VERSION.jar" io.spring.releasetrain.CheckMilestoneDueOnMain --dueOn "$DUE_ON" --expectedDayOfWeek MONDAY --expectedMondayCount 3
|
|
||||||
send-notification:
|
|
||||||
name: Send Notification
|
|
||||||
needs: [ spring-releasetrain-checks ]
|
|
||||||
if: ${{ failure() || cancelled() }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Send Notification
|
|
||||||
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
|
|
||||||
with:
|
|
||||||
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
|
|
54
.github/workflows/pr-build-workflow.yml
vendored
54
.github/workflows/pr-build-workflow.yml
vendored
@ -1,54 +0,0 @@
|
|||||||
name: PR Build
|
|
||||||
|
|
||||||
on: pull_request
|
|
||||||
|
|
||||||
env:
|
|
||||||
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
name: Build
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'spring-projects/spring-security' }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Build with Gradle
|
|
||||||
run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue
|
|
||||||
generate-docs:
|
|
||||||
name: Generate Docs
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'spring-projects/spring-security' }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- name: Run Antora
|
|
||||||
run: ./gradlew -PbuildSrc.skipTests=true :spring-security-docs:antora
|
|
||||||
- name: Upload Docs
|
|
||||||
id: upload
|
|
||||||
uses: actions/upload-artifact@v4
|
|
||||||
with:
|
|
||||||
name: docs
|
|
||||||
path: docs/build/site
|
|
||||||
overwrite: true
|
|
||||||
send-notification:
|
|
||||||
name: Send Notification
|
|
||||||
needs: [ build, generate-docs ]
|
|
||||||
if: ${{ failure() && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Send Notification
|
|
||||||
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
|
|
||||||
with:
|
|
||||||
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
|
|
@ -1,22 +0,0 @@
|
|||||||
name: Trigger Dependabot Auto Merge Forward
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- '*.x'
|
|
||||||
|
|
||||||
permissions: read-all
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
trigger-worflow:
|
|
||||||
name: Trigger Workflow
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.event.commits[0].author.username == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
id: checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
- id: trigger
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
|
||||||
run: gh workflow run dependabot-auto-merge-forward.yml -r main
|
|
@ -1,69 +0,0 @@
|
|||||||
name: Update Scheduled Release Version
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.yml on main.
|
|
||||||
|
|
||||||
env:
|
|
||||||
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
update_scheduled_release_version:
|
|
||||||
name: Initiate Release If Scheduled
|
|
||||||
if: ${{ github.repository == 'spring-projects/spring-security' }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
actions: read
|
|
||||||
steps:
|
|
||||||
- id: checkout-source
|
|
||||||
name: Checkout Source Code
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
|
||||||
- name: Set up gradle
|
|
||||||
uses: spring-io/spring-gradle-build-action@v2
|
|
||||||
with:
|
|
||||||
java-version: '11'
|
|
||||||
distribution: 'adopt'
|
|
||||||
- id: check-release-due
|
|
||||||
name: Check Release Due
|
|
||||||
run: |
|
|
||||||
./gradlew gitHubCheckNextVersionDueToday
|
|
||||||
echo "is_due_today=$(cat build/github/milestones/is-due-today)" >>$GITHUB_OUTPUT
|
|
||||||
- id: check-open-issues
|
|
||||||
name: Check for open issues
|
|
||||||
if: steps.check-release-due.outputs.is_due_today == 'true'
|
|
||||||
run: |
|
|
||||||
./gradlew gitHubCheckMilestoneHasNoOpenIssues
|
|
||||||
echo "is_open_issues=$(cat build/github/milestones/is-open-issues)" >>$GITHUB_OUTPUT
|
|
||||||
- id: validate-release-state
|
|
||||||
name: Validate State of Release
|
|
||||||
if: steps.check-release-due.outputs.is_due_today == 'true' && steps.check-open-issues.outputs.is_open_issues == 'true'
|
|
||||||
run: |
|
|
||||||
echo "The release is due today but there are open issues"
|
|
||||||
exit 1
|
|
||||||
- id: update-version-and-push
|
|
||||||
name: Update version and push
|
|
||||||
if: steps.check-release-due.outputs.is_due_today == 'true' && steps.check-open-issues.outputs.is_open_issues == 'false'
|
|
||||||
run: |
|
|
||||||
git config user.name 'github-actions[bot]'
|
|
||||||
git config user.email 'github-actions[bot]@users.noreply.github.com'
|
|
||||||
./gradlew :updateProjectVersion
|
|
||||||
updatedVersion=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
|
|
||||||
git commit -am "Release $updatedVersion"
|
|
||||||
git tag $updatedVersion
|
|
||||||
git push
|
|
||||||
git push origin $updatedVersion
|
|
||||||
send-notification:
|
|
||||||
name: Send Notification
|
|
||||||
needs: [ update_scheduled_release_version ]
|
|
||||||
if: ${{ failure() || cancelled() }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Send Notification
|
|
||||||
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
|
|
||||||
with:
|
|
||||||
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
|
|
Loading…
x
Reference in New Issue
Block a user