name: CI

on:
  push:
    branches-ignore:
      - "dependabot/**"
  schedule:
    - cron: '0 10 * * *' # Once per day at 10am UTC
  workflow_dispatch: # Manual trigger

env:
  DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}

permissions:
  contents: read

jobs:
  build:
    name: Build
    uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@v1
    strategy:
      matrix:
        os: [ ubuntu-latest, windows-latest ]
        jdk: [ 17 ]
    with:
      runs-on: ${{ matrix.os }}
      java-version: ${{ matrix.jdk }}
      distribution: temurin
    secrets: inherit
  test:
    name: Test Against Snapshots
    uses: spring-io/spring-security-release-tools/.github/workflows/test.yml@v1
    strategy:
      matrix:
        include:
          - java-version: 21-ea
            toolchain: 21
          - java-version: 17
            toolchain: 17
    with:
      java-version: ${{ matrix.java-version }}
      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.2.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2024.0.+ --stacktrace
    secrets: inherit
  check-samples:
    name: Check Samples
    runs-on: ubuntu-latest
    if: ${{ github.repository_owner == 'spring-projects' }}
    steps:
      - uses: actions/checkout@v4
      - name: Set up gradle
        uses: spring-io/spring-gradle-build-action@v2
        with:
          java-version: 17
          distribution: temurin
      - name: Check samples project
        env:
          LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
          SAMPLES_DIR: ../spring-security-samples
        run: |
          # Extract version from gradle.properties
          version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
          # Extract samplesBranch from gradle.properties
          samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}')
          ./gradlew publishMavenJavaPublicationToLocalRepository
          ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR"
          ./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" check
  check-tangles:
    name: Check for Package Tangles
    runs-on: ubuntu-latest
    if: ${{ github.repository_owner == 'spring-projects' }}
    steps:
      - uses: actions/checkout@v4
      - name: Set up gradle
        uses: spring-io/spring-gradle-build-action@v2
        with:
          java-version: 17
          distribution: temurin
      - name: Check for package tangles
        env:
          STRUCTURE101_LICENSEID: ${{ secrets.STRUCTURE101_LICENSEID }}
        run: |
          ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace
  deploy-artifacts:
    name: Deploy Artifacts
    needs: [ build, test, check-samples, check-tangles ]
    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1
    with:
      should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }}
    secrets: inherit
  deploy-docs:
    name: Deploy Docs
    needs: [ build, test, check-samples, check-tangles ]
    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-docs.yml@v1
    with:
      should-deploy-docs: ${{ needs.build.outputs.should-deploy-artifacts }}
    secrets: inherit
  deploy-schema:
    name: Deploy Schema
    needs: [ build, test, check-samples, check-tangles ]
    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@v1
    with:
      should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }}
    secrets: inherit
  perform-release:
    name: Perform Release
    needs: [ deploy-artifacts, deploy-docs, deploy-schema ]
    uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@v1
    with:
      should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }}
      project-version: ${{ needs.deploy-artifacts.outputs.project-version }}
      milestone-repo-url: https://repo.spring.io/artifactory/milestone
      release-repo-url: https://repo1.maven.org/maven2
      artifact-path: org/springframework/security/spring-security-core
      slack-announcing-id: spring-security-announcing
    secrets: inherit
  notify_result:
    name: Check for failures
    needs: [ perform-release ]
    if: failure()
    runs-on: ubuntu-latest
    permissions:
      actions: read
    steps:
      - name: Send Slack message
        # Workaround while waiting for Gamesight/slack-workflow-status#38 to be fixed
        # See https://github.com/Gamesight/slack-workflow-status/issues/38
        uses: sjohnr/slack-workflow-status@v1-beta
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
          channel: '#spring-security-ci'
          name: 'CI Notifier'