diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index b45040d0348..f1ac0393b98 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -35,7 +35,7 @@ inputs: java-version: description: 'Java version to compile and test with' required: false - default: '17' + default: '25' publish: description: 'Whether to publish artifacts ready for deployment to Artifactory' required: false diff --git a/.github/actions/create-github-release/action.yml b/.github/actions/create-github-release/action.yml index f1baaec79b4..d4b7d778148 100644 --- a/.github/actions/create-github-release/action.yml +++ b/.github/actions/create-github-release/action.yml @@ -1,6 +1,9 @@ name: Create GitHub Release description: 'Create the release on GitHub with a changelog' inputs: + commercial: + description: 'Whether to generate the changelog for the commercial release' + required: true milestone: description: 'Name of the GitHub milestone for which a release will be created' required: true @@ -11,14 +14,11 @@ inputs: token: description: 'Token to use for authentication with GitHub' required: true - commercial: - description: 'Whether to generate the changelog for the commercial release' - required: true runs: using: composite steps: - name: Generate Changelog - uses: spring-io/github-changelog-generator@86958813a62af8fb223b3fd3b5152035504bcb83 #v0.0.12 + uses: spring-io/github-changelog-generator@f7d7a87a3e7c627ecb8c26cf086c38ac5a939721 #v0.0.14 with: config-file: ${{ inputs.commercial && '.github/actions/create-github-release/changelog-generator-commercial.yml' || '.github/actions/create-github-release/changelog-generator-oss.yml' }} milestone: ${{ inputs.milestone }} diff --git a/.github/actions/create-github-release/changelog-generator-commercial.yml b/.github/actions/create-github-release/changelog-generator-commercial.yml index 2bc74db2a75..e7ff74533e7 100644 --- a/.github/actions/create-github-release/changelog-generator-commercial.yml +++ b/.github/actions/create-github-release/changelog-generator-commercial.yml @@ -1,5 +1,12 @@ changelog: sections: + - title: ":warning: Attention Required" + labels: + - "for: upgrade-attention" + summary: + mode: "member-comment" + config: + prefix: "Attention required:" - title: ":star: New Features" labels: - "type: enhancement" diff --git a/.github/actions/create-github-release/changelog-generator-oss.yml b/.github/actions/create-github-release/changelog-generator-oss.yml index dea85e8267a..56f6608cd7a 100644 --- a/.github/actions/create-github-release/changelog-generator-oss.yml +++ b/.github/actions/create-github-release/changelog-generator-oss.yml @@ -1,5 +1,12 @@ changelog: sections: + - title: ":warning: Attention Required" + labels: + - "for: upgrade-attention" + summary: + mode: "member-comment" + config: + prefix: "Attention required:" - title: ":star: New Features" labels: - "type: enhancement" @@ -14,6 +21,10 @@ changelog: sort: "title" labels: - "type: dependency-upgrade" + summary: + mode: "body-regex" + config: + expression: '(Upgrade to \[.*\]\(.*\)).*' issues: generate_links: true ports: diff --git a/.github/actions/prepare-gradle-build/action.yml b/.github/actions/prepare-gradle-build/action.yml index f063d347180..c90abcf82fc 100644 --- a/.github/actions/prepare-gradle-build/action.yml +++ b/.github/actions/prepare-gradle-build/action.yml @@ -23,7 +23,7 @@ inputs: java-version: description: 'Java version to use for the build' required: false - default: '17' + default: '25' runs: using: composite steps: @@ -34,20 +34,20 @@ runs: tool-cache: true docker-images: false - name: Set Up Java - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: ${{ inputs.java-early-access == 'true' && 'temurin' || (inputs.java-distribution || 'liberica') }} java-version: | ${{ inputs.java-early-access == 'true' && format('{0}-ea', inputs.java-version) || inputs.java-version }} - ${{ inputs.java-toolchain == 'true' && '17' || '' }} + ${{ inputs.java-toolchain == 'true' && '25' || '' }} - name: Set Up Gradle With Read/Write Cache if: ${{ inputs.cache-read-only == 'false' }} - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: cache-read-only: false develocity-access-key: ${{ inputs.develocity-access-key }} - name: Set Up Gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: develocity-access-key: ${{ inputs.develocity-access-key }} develocity-token-expiry: 4 diff --git a/.github/actions/publish-gradle-plugin/action.yml b/.github/actions/publish-gradle-plugin/action.yml index daa4e7d57ce..8c136ba732c 100644 --- a/.github/actions/publish-gradle-plugin/action.yml +++ b/.github/actions/publish-gradle-plugin/action.yml @@ -21,14 +21,14 @@ runs: using: composite steps: - name: Set Up JFrog CLI - uses: jfrog/setup-jfrog-cli@ff5cb544114ffc152db9cea1cd3d5978d5074946 # v4.5.11 + uses: jfrog/setup-jfrog-cli@1641575d87647fb969c0545f0b6a76873e328b7c # v5.0.0 env: JF_ENV_SPRING: ${{ inputs.jfrog-cli-config-token }} - name: Download Artifacts shell: bash run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-boot-{0}', inputs.plugin-version) }};buildNumber=${{ inputs.build-number }}' - name: Set Up Java - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'liberica' java-version: '17' diff --git a/.github/actions/publish-gradle-plugin/build.gradle b/.github/actions/publish-gradle-plugin/build.gradle index bff025a7e44..496c208642f 100644 --- a/.github/actions/publish-gradle-plugin/build.gradle +++ b/.github/actions/publish-gradle-plugin/build.gradle @@ -1,3 +1,19 @@ +/* + * Copyright 2012-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + plugins { id "com.gradle.plugin-publish" version "1.2.1" } diff --git a/.github/actions/publish-gradle-plugin/settings.gradle b/.github/actions/publish-gradle-plugin/settings.gradle index e69de29bb2d..a0fd2a7ba97 100644 --- a/.github/actions/publish-gradle-plugin/settings.gradle +++ b/.github/actions/publish-gradle-plugin/settings.gradle @@ -0,0 +1,16 @@ +/* + * Copyright 2012-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + diff --git a/.github/actions/sync-to-maven-central/action.yml b/.github/actions/sync-to-maven-central/action.yml index e30e4d1aff1..863c70b21db 100644 --- a/.github/actions/sync-to-maven-central/action.yml +++ b/.github/actions/sync-to-maven-central/action.yml @@ -1,17 +1,14 @@ name: Sync to Maven Central description: 'Syncs a release to Maven Central and waits for it to be available for use' inputs: - jfrog-cli-config-token: - description: 'Config token for the JFrog CLI' - required: true - ossrh-s01-staging-profile: - description: 'Staging profile to use when syncing to Central' + central-token-password: + description: 'Password for authentication with central.sonatype.com' required: true - ossrh-s01-token-password: - description: 'Password for authentication with s01.oss.sonatype.org' + central-token-username: + description: 'Username for authentication with central.sonatype.com' required: true - ossrh-s01-token-username: - description: 'Username for authentication with s01.oss.sonatype.org' + jfrog-cli-config-token: + description: 'Config token for the JFrog CLI' required: true spring-boot-version: description: 'Version of Spring Boot that is being synced to Central' @@ -20,23 +17,19 @@ runs: using: composite steps: - name: Set Up JFrog CLI - uses: jfrog/setup-jfrog-cli@ff5cb544114ffc152db9cea1cd3d5978d5074946 # v4.5.11 + uses: jfrog/setup-jfrog-cli@1641575d87647fb969c0545f0b6a76873e328b7c # v5.0.0 env: JF_ENV_SPRING: ${{ inputs.jfrog-cli-config-token }} - name: Download Release Artifacts shell: bash run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-boot-{0}', inputs.spring-boot-version) }};buildNumber=${{ github.run_number }}' - name: Sync - uses: spring-io/nexus-sync-action@42477a2230a2f694f9eaa4643fa9e76b99b7ab84 # v0.0.1 + uses: spring-io/central-publish-action@0c03960e9b16fdfe70e2443e1d5393cbc3a35622 # v0.3.0 with: - close: true - create: true - generate-checksums: true - password: ${{ inputs.ossrh-s01-token-password }} - release: true - staging-profile-name: ${{ inputs.ossrh-s01-staging-profile }} - upload: true - username: ${{ inputs.ossrh-s01-token-username }} + token: ${{ inputs.central-token-password }} + token-name: ${{ inputs.central-token-username }} + ignore-already-exists-error: true + timeout: "90m" - name: Await uses: ./.github/actions/await-http-resource with: diff --git a/.github/actions/update-homebrew-tap/action.yml b/.github/actions/update-homebrew-tap/action.yml index 43a1e8b77d9..d8c4b588656 100644 --- a/.github/actions/update-homebrew-tap/action.yml +++ b/.github/actions/update-homebrew-tap/action.yml @@ -11,7 +11,7 @@ runs: using: composite steps: - name: Check Out Homebrew Tap Repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 with: path: updated-homebrew-tap-repo repository: spring-io/homebrew-tap diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 187fe1cd726..9eab3b40a60 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,3 +6,11 @@ updates: interval: "weekly" labels: - "type: task" + - "status: waiting-for-triage" + - package-ecosystem: "npm" + directory: "/antora" + schedule: + interval: "weekly" + labels: + - "type: task" + - "status: waiting-for-triage" diff --git a/.github/workflows/build-and-deploy-snapshot.yml b/.github/workflows/build-and-deploy-snapshot.yml index 9288e202538..6b6dacdf6d4 100644 --- a/.github/workflows/build-and-deploy-snapshot.yml +++ b/.github/workflows/build-and-deploy-snapshot.yml @@ -3,7 +3,9 @@ on: workflow_dispatch: push: branches: - - main + - '4.0.x' +permissions: + contents: read concurrency: group: ${{ github.workflow }}-${{ github.ref }} jobs: @@ -13,28 +15,29 @@ jobs: runs-on: ${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build and Publish id: build-and-publish uses: ./.github/actions/build with: commercial-release-repository-url: ${{ vars.COMMERCIAL_RELEASE_REPO_URL }} - commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_PASSWORD }} - commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_USERNAME }} + commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_PASSWORD }} + commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_USERNAME }} commercial-snapshot-repository-url: ${{ vars.COMMERCIAL_SNAPSHOT_REPO_URL }} develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} gradle-cache-read-only: false publish: true - name: Deploy - uses: spring-io/artifactory-deploy-action@dc1913008c0599f0c4b1fdafb6ff3c502b3565ea # v0.0.2 + uses: spring-io/artifactory-deploy-action@926d7f7cc810569395346bf3a4d91b380b3e355b # v0.0.4 with: - build-name: ${{ vars.COMMERCIAL && format('spring-boot-commercial-{0}', '3.5.x') || format('spring-boot-{0}', '3.5.x') }} + build-name: ${{ vars.COMMERCIAL && format('spring-boot-commercial-{0}', '4.0.x') || format('spring-boot-{0}', '4.0.x') }} folder: 'deployment-repository' password: ${{ vars.COMMERCIAL && secrets.COMMERCIAL_ARTIFACTORY_PASSWORD || secrets.ARTIFACTORY_PASSWORD }} project: ${{ vars.COMMERCIAL && 'spring' }} repository: ${{ vars.COMMERCIAL && 'spring-enterprise-maven-dev-local' || 'libs-snapshot-local' }} signing-key: ${{ secrets.GPG_PRIVATE_KEY }} signing-passphrase: ${{ secrets.GPG_PASSPHRASE }} + threads: 8 uri: ${{ vars.COMMERCIAL_DEPLOY_REPO_URL || 'https://repo.spring.io' }} username: ${{ vars.COMMERCIAL && secrets.COMMERCIAL_ARTIFACTORY_USERNAME || secrets.ARTIFACTORY_USERNAME }} - name: Send Notification @@ -42,7 +45,7 @@ jobs: uses: ./.github/actions/send-notification with: build-scan-url: ${{ steps.build-and-publish.outputs.build-scan-url }} - run-name: ${{ format('{0} | Linux | Java 17', github.ref_name) }} + run-name: ${{ format('{0} | Linux | Java 25', github.ref_name) }} status: ${{ job.status }} webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }} outputs: @@ -57,14 +60,14 @@ jobs: - name: Run Deploy Docs Workflow env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh workflow run deploy-docs.yml --repo spring-projects/spring-boot -r docs-build -f build-refname=${{ github.ref_name }} -f build-version=${{ needs.build-and-deploy-snapshot.outputs.version }} + run: gh workflow run deploy-docs.yml --repo ${{ github.repository }} -r docs-build -f build-sha=${{ github.sha }} -f build-refname=${{ github.ref_name }} -f build-version=${{ needs.build-and-deploy-snapshot.outputs.version }} verify: name: Verify needs: build-and-deploy-snapshot uses: ./.github/workflows/verify.yml secrets: - commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_PASSWORD }} - commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_USERNAME }} + commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_PASSWORD }} + commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_USERNAME }} google-chat-webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }} opensource-repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} opensource-repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml index 7a28e943cf5..8420a1a829b 100644 --- a/.github/workflows/build-pull-request.yml +++ b/.github/workflows/build-pull-request.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build id: build uses: ./.github/actions/build @@ -18,7 +18,7 @@ jobs: uses: ./.github/actions/print-jvm-thread-dumps - name: Upload Build Reports if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: build-reports path: '**/build/reports/' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 230189a14b0..7a4b176fc91 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,7 +2,9 @@ name: CI on: push: branches: - - main + - '4.0.x' +permissions: + contents: read jobs: ci: name: '${{ matrix.os.name}} | Java ${{ matrix.java.version}}' @@ -18,16 +20,18 @@ jobs: name: Windows java: - version: 17 - toolchain: false + toolchain: true - version: 21 + toolchain: true + - version: 25 toolchain: false - - version: 24 + - version: 26 toolchain: true exclude: - os: name: Linux java: - version: 17 + version: 25 - os: name: ${{ github.repository == 'spring-projects/spring-boot-commercial' && 'Windows' }} steps: @@ -38,14 +42,14 @@ jobs: git config --global core.longPaths true Stop-Service -name Docker - name: Check Out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build id: build uses: ./.github/actions/build with: commercial-release-repository-url: ${{ vars.COMMERCIAL_RELEASE_REPO_URL }} - commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_PASSWORD }} - commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_USERNAME }} + commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_PASSWORD }} + commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_USERNAME }} commercial-snapshot-repository-url: ${{ vars.COMMERCIAL_SNAPSHOT_REPO_URL }} develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} gradle-cache-read-only: false diff --git a/.github/workflows/distribute.yml b/.github/workflows/distribute.yml index eebe17b4159..e8462178fe5 100644 --- a/.github/workflows/distribute.yml +++ b/.github/workflows/distribute.yml @@ -15,6 +15,8 @@ on: description: 'Version to bundle and distribute' required: true type: string +permissions: + contents: read jobs: distribute-spring-enterprise-release-bundle: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} diff --git a/.github/workflows/release-milestone.yml b/.github/workflows/release-milestone.yml index c06f79df594..61c8d2957aa 100644 --- a/.github/workflows/release-milestone.yml +++ b/.github/workflows/release-milestone.yml @@ -2,8 +2,10 @@ name: Release Milestone on: push: tags: - - v3.5.0-M[0-9] - - v3.5.0-RC[0-9] + - v4.0.0-M[0-9] + - v4.0.0-RC[0-9] +permissions: + contents: read concurrency: group: ${{ github.workflow }}-${{ github.ref }} jobs: @@ -13,16 +15,16 @@ jobs: runs-on: ${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build and Publish id: build-and-publish uses: ./.github/actions/build with: - develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} gradle-cache-read-only: false publish: true - name: Stage Release - uses: spring-io/artifactory-deploy-action@dc1913008c0599f0c4b1fdafb6ff3c502b3565ea # v0.0.2 + uses: spring-io/artifactory-deploy-action@926d7f7cc810569395346bf3a4d91b380b3e355b # v0.0.4 with: build-name: ${{ format('spring-boot-{0}', steps.build-and-publish.outputs.version)}} folder: 'deployment-repository' @@ -30,6 +32,7 @@ jobs: repository: 'libs-staging-local' signing-key: ${{ secrets.GPG_PRIVATE_KEY }} signing-passphrase: ${{ secrets.GPG_PASSPHRASE }} + threads: 8 uri: 'https://repo.spring.io' username: ${{ secrets.ARTIFACTORY_USERNAME }} outputs: @@ -48,24 +51,58 @@ jobs: with: staging: true version: ${{ needs.build-and-stage-release.outputs.version }} + sync-to-maven-central: + name: Sync to Maven Central + if: ${{ !vars.COMMERCIAL }} + needs: + - build-and-stage-release + - verify + runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} + steps: + - name: Check Out Code + uses: actions/checkout@v6 + - name: Sync to Maven Central + uses: ./.github/actions/sync-to-maven-central + with: + central-token-password: ${{ secrets.CENTRAL_TOKEN_PASSWORD }} + central-token-username: ${{ secrets.CENTRAL_TOKEN_USERNAME }} + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + spring-boot-version: ${{ needs.build-and-stage-release.outputs.version }} promote-release: name: Promote Release needs: - build-and-stage-release - - verify + - sync-to-maven-central runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Set up JFrog CLI - uses: jfrog/setup-jfrog-cli@ff5cb544114ffc152db9cea1cd3d5978d5074946 # v4.5.11 + uses: jfrog/setup-jfrog-cli@1641575d87647fb969c0545f0b6a76873e328b7c # v5.0.0 env: JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} - name: Promote build run: jfrog rt build-promote ${{ format('spring-boot-{0}', needs.build-and-stage-release.outputs.version)}} ${{ github.run_number }} libs-milestone-local + publish-gradle-plugin: + name: Publish Gradle Plugin + if: ${{ !vars.COMMERCIAL }} + needs: + - build-and-stage-release + - sync-to-maven-central + runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} + steps: + - name: Check Out Code + uses: actions/checkout@v6 + - name: Publish + uses: ./.github/actions/publish-gradle-plugin + with: + gradle-plugin-publish-key: ${{ secrets.GRADLE_PLUGIN_PUBLISH_KEY }} + gradle-plugin-publish-secret: ${{ secrets.GRADLE_PLUGIN_PUBLISH_SECRET }} + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + plugin-version: ${{ needs.build-and-stage-release.outputs.version }} trigger-docs-build: name: Trigger Docs Build needs: - build-and-stage-release - - verify + - promote-release permissions: actions: write runs-on: ubuntu-latest @@ -73,20 +110,22 @@ jobs: - name: Run Deploy Docs Workflow env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh workflow run deploy-docs.yml --repo spring-projects/spring-boot -r docs-build -f build-refname=${{ github.ref_name }} -f build-version=${{ needs.build-and-stage-release.outputs.version }} + run: gh workflow run deploy-docs.yml --repo ${{ github.repository }} -r docs-build -f build-refname=${{ github.ref_name }} -f build-version=${{ needs.build-and-stage-release.outputs.version }} create-github-release: name: Create GitHub Release needs: - build-and-stage-release - promote-release + - publish-gradle-plugin - trigger-docs-build runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 - name: Create GitHub Release uses: ./.github/actions/create-github-release with: + commercial: ${{ vars.COMMERCIAL }} milestone: ${{ needs.build-and-stage-release.outputs.version }} pre-release: true token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0f5fe1f98da..8668f01e4d5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,7 +2,9 @@ name: Release on: push: tags: - - v3.5.[0-9]+ + - v4.0.[0-9]+ +permissions: + contents: read concurrency: group: ${{ github.workflow }}-${{ github.ref }} jobs: @@ -12,20 +14,20 @@ jobs: runs-on: ${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build and Publish id: build-and-publish uses: ./.github/actions/build with: commercial-release-repository-url: ${{ vars.COMMERCIAL_RELEASE_REPO_URL }} - commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_PASSWORD }} - commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_USERNAME }} + commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_PASSWORD }} + commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_USERNAME }} commercial-snapshot-repository-url: ${{ vars.COMMERCIAL_SNAPSHOT_REPO_URL }} develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} gradle-cache-read-only: false publish: true - name: Stage Release - uses: spring-io/artifactory-deploy-action@dc1913008c0599f0c4b1fdafb6ff3c502b3565ea # v0.0.2 + uses: spring-io/artifactory-deploy-action@926d7f7cc810569395346bf3a4d91b380b3e355b # v0.0.4 with: build-name: ${{ vars.COMMERCIAL && format('spring-boot-commercial-{0}', steps.build-and-publish.outputs.version) || format('spring-boot-{0}', steps.build-and-publish.outputs.version) }} folder: 'deployment-repository' @@ -34,6 +36,7 @@ jobs: repository: ${{ vars.COMMERCIAL && 'spring-enterprise-maven-stage-local' || 'libs-staging-local' }} signing-key: ${{ secrets.GPG_PRIVATE_KEY }} signing-passphrase: ${{ secrets.GPG_PASSPHRASE }} + threads: 8 uri: ${{ vars.COMMERCIAL_DEPLOY_REPO_URL || 'https://repo.spring.io' }} username: ${{ vars.COMMERCIAL && secrets.COMMERCIAL_ARTIFACTORY_USERNAME || secrets.ARTIFACTORY_USERNAME }} - name: Send Notification @@ -50,8 +53,8 @@ jobs: needs: build-and-stage-release uses: ./.github/workflows/verify.yml secrets: - commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_PASSWORD }} - commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_RO_USERNAME }} + commercial-repository-password: ${{ secrets.COMMERCIAL_ARTIFACTORY_PASSWORD }} + commercial-repository-username: ${{ secrets.COMMERCIAL_ARTIFACTORY_USERNAME }} google-chat-webhook-url: ${{ secrets.GOOGLE_CHAT_WEBHOOK_URL }} opensource-repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} opensource-repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} @@ -68,14 +71,13 @@ jobs: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 - name: Sync to Maven Central uses: ./.github/actions/sync-to-maven-central with: + central-token-password: ${{ secrets.CENTRAL_TOKEN_PASSWORD }} + central-token-username: ${{ secrets.CENTRAL_TOKEN_USERNAME }} jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} - ossrh-s01-staging-profile: ${{ secrets.OSSRH_S01_STAGING_PROFILE }} - ossrh-s01-token-password: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} - ossrh-s01-token-username: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} spring-boot-version: ${{ needs.build-and-stage-release.outputs.version }} promote-release: name: Promote Release @@ -85,7 +87,7 @@ jobs: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Set up JFrog CLI - uses: jfrog/setup-jfrog-cli@ff5cb544114ffc152db9cea1cd3d5978d5074946 # v4.5.11 + uses: jfrog/setup-jfrog-cli@1641575d87647fb969c0545f0b6a76873e328b7c # v5.0.0 env: JF_ENV_SPRING: ${{ vars.COMMERCIAL && secrets.COMMERCIAL_JF_ARTIFACTORY_SPRING || secrets.JF_ARTIFACTORY_SPRING }} - name: Promote open source build @@ -103,7 +105,7 @@ jobs: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 - name: Publish uses: ./.github/actions/publish-gradle-plugin with: @@ -120,7 +122,7 @@ jobs: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 - name: Publish to SDKMAN! uses: ./.github/actions/publish-to-sdkman with: @@ -136,7 +138,7 @@ jobs: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 - name: Update Homebrew Tap uses: ./.github/actions/update-homebrew-tap with: @@ -146,7 +148,7 @@ jobs: name: Trigger Docs Build needs: - build-and-stage-release - - sync-to-maven-central + - promote-release permissions: actions: write runs-on: ubuntu-latest @@ -154,7 +156,7 @@ jobs: - name: Run Deploy Docs Workflow env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh workflow run deploy-docs.yml --repo spring-projects/spring-boot -r docs-build -f build-refname=${{ github.ref_name }} -f build-version=${{ needs.build-and-stage-release.outputs.version }} + run: gh workflow run deploy-docs.yml --repo ${{ github.repository }} -r docs-build -f build-refname=${{ github.ref_name }} -f build-version=${{ needs.build-and-stage-release.outputs.version }} create-github-release: name: Create GitHub Release needs: @@ -167,10 +169,10 @@ jobs: runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v6 - name: Create GitHub Release uses: ./.github/actions/create-github-release with: + commercial: ${{ vars.COMMERCIAL }} milestone: ${{ needs.build-and-stage-release.outputs.version }} token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} - commercial: ${{ vars.COMMERCIAL }} diff --git a/.github/workflows/run-codeql-analysis.yml b/.github/workflows/run-codeql-analysis.yml new file mode 100644 index 00000000000..0f823bafff2 --- /dev/null +++ b/.github/workflows/run-codeql-analysis.yml @@ -0,0 +1,13 @@ +name: "Run CodeQL Analysis" +on: + push: + pull_request: + workflow_dispatch: +permissions: read-all +jobs: + run-analysis: + permissions: + actions: read + contents: read + security-events: write + uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@7dc305df87410aa851b873d2f1fd33ccbb7d0aa8 diff --git a/.github/workflows/run-system-tests.yml b/.github/workflows/run-system-tests.yml index 26d8c2ddafd..fc34b3caccc 100644 --- a/.github/workflows/run-system-tests.yml +++ b/.github/workflows/run-system-tests.yml @@ -2,7 +2,9 @@ name: Run System Tests on: push: branches: - - main + - '4.0.x' +permissions: + contents: read jobs: run-system-tests: name: 'Java ${{ matrix.java.version}}' @@ -12,12 +14,17 @@ jobs: matrix: java: - version: 17 - toolchain: false + toolchain: true - version: 21 toolchain: true steps: + - name: Switch Docker to Overlay2 + shell: bash + run: | + echo '{"storage-driver":"overlay2"}' | sudo tee /etc/docker/daemon.json + sudo systemctl restart docker - name: Check Out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Prepare Gradle Build uses: ./.github/actions/prepare-gradle-build with: @@ -28,6 +35,14 @@ jobs: id: run-system-tests shell: bash run: ./gradlew systemTest + - name: Show docker info + if: always() + shell: bash + run: docker version ; docker info + - name: List docker images + if: always() + shell: bash + run: docker image ls --digests - name: Send Notification if: always() uses: ./.github/actions/send-notification diff --git a/.github/workflows/trigger-docs-build.yml b/.github/workflows/trigger-docs-build.yml index e583dd88589..c663195a5dd 100644 --- a/.github/workflows/trigger-docs-build.yml +++ b/.github/workflows/trigger-docs-build.yml @@ -1,29 +1,35 @@ name: Trigger Docs Build on: push: - branches: main + branches: '4.0.x' paths: [ 'antora/*' ] workflow_dispatch: inputs: + build-version: + description: 'Version being build (e.g. 1.0.3-SNAPSHOT)' + required: false + build-sha: + description: Enter the SHA to build (e.g. 82c97891569821a7f91a77ca074232e0b54ca7a5) + required: false build-refname: description: 'Git refname to build (e.g., 1.0.x)' required: false - build-version: - description: 'Version being build (e.g. 1.0.3-SNAPSHOT)' - required: false + permissions: - actions: write + contents: read jobs: trigger-docs-build: name: Trigger Docs Build if: github.repository_owner == 'spring-projects' runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} + permissions: + actions: write steps: - name: Check Out - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: docs-build - name: Trigger Workflow env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh workflow run deploy-docs.yml -r docs-build -f build-refname=${{ github.event.inputs.build-refname }} -f build-version=${{ github.event.inputs.build-version }} + run: gh workflow run deploy-docs.yml -r docs-build -f build-refname=${{ github.event.inputs.build-refname }} -f build-sha=${{ github.event.inputs.build-sha }} -f build-version=${{ github.event.inputs.build-version }} diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 8a752b78dfc..644c8b64268 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -30,32 +30,36 @@ on: token: description: 'Token to use for authentication with GitHub' required: true +permissions: + contents: read jobs: verify: name: Verify runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }} steps: - name: Check Out Release Verification Tests - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: - ref: 'v0.0.10' + ref: 'v0.0.15' repository: spring-projects/spring-boot-release-verification token: ${{ secrets.token }} - name: Check Out Send Notification Action - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: send-notification sparse-checkout: .github/actions/send-notification - name: Set Up Java - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'liberica' java-version: 17 - name: Set Up Homebrew if: ${{ !vars.COMMERCIAL }} uses: Homebrew/actions/setup-homebrew@7657c9512f50e1c35b640971116425935bab3eea + with: + stable: true - name: Set Up Gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: cache-read-only: false - name: Configure Gradle Properties @@ -75,7 +79,7 @@ jobs: run: ./gradlew spring-boot-release-verification-tests:test - name: Upload Build Reports on Failure if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: build-reports path: '**/build/reports/' diff --git a/.gitignore b/.gitignore index 1198c2da875..d5e93a54c62 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ secrets.yml .sts4-cache .git-hooks/ node_modules +/.kotlin/ diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml index cdd2a9295b1..594f1191849 100644 --- a/.idea/codeStyles/Project.xml +++ b/.idea/codeStyles/Project.xml @@ -8,19 +8,6 @@