name: CI

on:
  push:
  schedule:
    - cron: '0 10 * * *' # Once per day at 10am UTC
  workflow_dispatch: # Manual trigger

env:
  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
  COMMIT_OWNER: ${{ github.event.pusher.name }}
  COMMIT_SHA: ${{ github.sha }}
  ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
  ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
  RUN_JOBS: ${{ github.repository == 'spring-projects/spring-security' }}

jobs:
  prerequisites:
    name: Pre-requisites for building
    runs-on: ubuntu-latest
    outputs:
      runjobs: ${{ steps.continue.outputs.runjobs }}
    steps:
      - uses: actions/checkout@v2
      - name: Initiate error tracking
        uses: spring-projects/track-build-errors-action@v1
        with:
          job-name: "prerequisites"
      - name: Export errors file
        uses: actions/upload-artifact@v2
        with:
          name: errors
          path: job-prerequisites.txt
      - id: continue
        name: Determine if should continue
        if: env.RUN_JOBS == 'true'
        run: echo "::set-output name=runjobs::true"
  build_jdk_11:
    name: Build JDK 11
    needs: [prerequisites]
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest]
    runs-on: ${{ matrix.os }}
    if: needs.prerequisites.outputs.runjobs
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: '11'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
      - name: Cache Gradle packages
        uses: actions/cache@v2
        with:
          path: ~/.gradle/caches
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
      - name: Build with Gradle
        env:
          GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
        run: ./gradlew clean build --continue -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD"
      - name: Track error step
        uses: spring-projects/track-build-errors-action@v1
        if: ${{ failure() }}
        with:
          job-name: ${{ github.job }}
      - name: Export errors file
        uses: actions/upload-artifact@v2
        if: ${{ failure() }}
        with:
          name: errors
          path: job-${{ github.job }}.txt
  snapshot_tests:
    name: Test against snapshots
    needs: [prerequisites]
    runs-on: ubuntu-latest
    if: needs.prerequisites.outputs.runjobs
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: '11'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
      - name: Snapshot Tests
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew test --refresh-dependencies -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PforceMavenRepositories=snapshot -PspringVersion='5.+' -PreactorVersion='20+' -PspringDataVersion='Neumann-BUILD-SNAPSHOT' -PrsocketVersion=1.1.0-SNAPSHOT -PspringBootVersion=2.4.0-SNAPSHOT -PlocksDisabled --stacktrace
      - name: Track error step
        uses: spring-projects/track-build-errors-action@v1
        if: ${{ failure() }}
        with:
          job-name: ${{ github.job }}
      - name: Export errors file
        uses: actions/upload-artifact@v2
        if: ${{ failure() }}
        with:
          name: errors
          path: job-${{ github.job }}.txt
  sonar_analysis:
    name: Static Code Analysis
    needs: [prerequisites]
    runs-on: ubuntu-latest
    if: needs.prerequisites.outputs.runjobs
    env:
      SONAR_URL: ${{ secrets.SONAR_URL }}
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: '11'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
      - name: Run Sonar on given (non-main) branch
        if: ${{ github.ref != 'refs/heads/main' }}
        run: |
          export BRANCH=${GITHUB_REF#refs/heads/}
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew sonarqube -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PexcludeProjects='**/samples/**' -Dsonar.projectKey="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.projectName="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
      - name: Run Sonar on main
        if: ${{ github.ref == 'refs/heads/main' }}
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew sonarqube -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PexcludeProjects='**/samples/**' -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
      - name: Track error step
        uses: spring-projects/track-build-errors-action@v1
        if: ${{ failure() }}
        with:
          job-name: ${{ github.job }}
      - name: Export errors file
        uses: actions/upload-artifact@v2
        if: ${{ failure() }}
        with:
          name: errors
          path: job-${{ github.job }}.txt
  deploy_artifacts:
    name: Deploy Artifacts
    needs: [build_jdk_11, snapshot_tests, sonar_analysis]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: '11'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
      - name: Deploy artifacts
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew publishArtifacts finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace
        env:
          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
          OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
          OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
      - name: Track error step
        uses: spring-projects/track-build-errors-action@v1
        if: ${{ failure() }}
        with:
          job-name: ${{ github.job }}
      - name: Export errors file
        uses: actions/upload-artifact@v2
        if: ${{ failure() }}
        with:
          name: errors
          path: job-${{ github.job }}.txt
  deploy_docs:
    name: Deploy Docs
    needs: [build_jdk_11, snapshot_tests, sonar_analysis]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: '11'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
      - name: Deploy Docs
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew deployDocs -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
        env:
          DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
          DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
          DOCS_HOST: ${{ secrets.DOCS_HOST }}
      - name: Track error step
        uses: spring-projects/track-build-errors-action@v1
        if: ${{ failure() }}
        with:
          job-name: ${{ github.job }}
      - name: Export errors file
        uses: actions/upload-artifact@v2
        if: ${{ failure() }}
        with:
          name: errors
          path: job-${{ github.job }}.txt
  deploy_schema:
    name: Deploy Schema
    needs: [build_jdk_11, snapshot_tests, sonar_analysis]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: '11'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
      - name: Deploy Schema
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew deploySchema -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace --info
        env:
          DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
          DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
          DOCS_HOST: ${{ secrets.DOCS_HOST }}
      - name: Track error step
        uses: spring-projects/track-build-errors-action@v1
        if: ${{ failure() }}
        with:
          job-name: ${{ github.job }}
      - name: Export errors file
        uses: actions/upload-artifact@v2
        if: ${{ failure() }}
        with:
          name: errors
          path: job-${{ github.job }}.txt
  notify_result:
    name: Check for failures
    needs: [build_jdk_11, snapshot_tests, sonar_analysis, deploy_artifacts, deploy_docs, deploy_schema]
    if: always()
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Download errors folder
        uses: actions/download-artifact@v2
        with:
          name: errors
      - name: Send Slack message
        uses: spring-projects/notify-slack-errors-action@v1
        with:
          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
          branch-name: ${{ github.ref }}
          commit-sha: ${{ github.sha }}
          commit-owner: ${{ github.actor }}
          repo-name: ${{ github.repository }}
          run-id: ${{ github.run_id }}