name: CI on: push: branches-ignore: - "dependabot/**" schedule: - cron: '0 10 * * *' # Once per day at 10am UTC workflow_dispatch: # Manual trigger env: GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} permissions: contents: read jobs: build: name: Build uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@v1 strategy: matrix: os: [ ubuntu-latest, windows-latest ] jdk: [ 17 ] with: runs-on: ${{ matrix.os }} java-version: ${{ matrix.jdk }} distribution: temurin secrets: inherit test: name: Test Against Snapshots uses: spring-io/spring-security-release-tools/.github/workflows/test.yml@v1 strategy: matrix: include: - java-version: 21-ea toolchain: 21 - java-version: 17 toolchain: 17 with: java-version: ${{ matrix.java-version }} test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.1.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2023.1.+ --stacktrace secrets: inherit check-samples: name: Check Samples runs-on: ubuntu-latest if: ${{ github.repository_owner == 'spring-projects' }} steps: - uses: actions/checkout@v4 - name: Set up gradle uses: spring-io/spring-gradle-build-action@v2 with: java-version: 17 distribution: temurin - name: Check samples project env: LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos SAMPLES_DIR: ../spring-security-samples run: | # Extract version from gradle.properties version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}') # Extract samplesBranch from gradle.properties samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}') ./gradlew publishMavenJavaPublicationToLocalRepository ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR" ./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" :runAllTests check-tangles: name: Check for Package Tangles runs-on: ubuntu-latest if: ${{ github.repository_owner == 'spring-projects' }} steps: - uses: actions/checkout@v4 - name: Set up gradle uses: spring-io/spring-gradle-build-action@v2 with: java-version: 17 distribution: temurin - name: Check for package tangles env: STRUCTURE101_LICENSEID: ${{ secrets.STRUCTURE101_LICENSEID }} run: | ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace deploy-artifacts: name: Deploy Artifacts needs: [ build, test, check-samples, check-tangles ] uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1 with: should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }} secrets: inherit deploy-docs: name: Deploy Docs needs: [ build, test, check-samples, check-tangles ] uses: spring-io/spring-security-release-tools/.github/workflows/deploy-docs.yml@v1 with: should-deploy-docs: ${{ needs.build.outputs.should-deploy-artifacts }} secrets: inherit deploy-schema: name: Deploy Schema needs: [ build, test, check-samples, check-tangles ] uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@v1 with: should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }} secrets: inherit perform-release: name: Perform Release needs: [ deploy-artifacts, deploy-docs, deploy-schema ] uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@v1 with: should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }} project-version: ${{ needs.deploy-artifacts.outputs.project-version }} milestone-repo-url: https://repo.spring.io/artifactory/milestone release-repo-url: https://repo1.maven.org/maven2 artifact-path: org/springframework/security/spring-security-core slack-announcing-id: spring-security-announcing secrets: inherit notify_result: name: Check for failures needs: [ perform-release ] if: failure() runs-on: ubuntu-latest permissions: actions: read steps: - name: Send Slack message # Workaround while waiting for Gamesight/slack-workflow-status#38 to be fixed # See https://github.com/Gamesight/slack-workflow-status/issues/38 uses: sjohnr/slack-workflow-status@v1-beta with: repo_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} channel: '#spring-security-ci' name: 'CI Notifier'