Label superseded dependabot updates as duplicates #6223
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches-ignore: | |
- "dependabot/**" | |
schedule: | |
- cron: '0 10 * * *' # Once per day at 10am UTC | |
workflow_dispatch: # Manual trigger | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} | |
COMMIT_OWNER: ${{ github.event.pusher.name }} | |
COMMIT_SHA: ${{ github.sha }} | |
STRUCTURE101_LICENSEID: ${{ secrets.STRUCTURE101_LICENSEID }} | |
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
permissions: | |
contents: read | |
jobs: | |
prerequisites: | |
name: Pre-requisites for building | |
runs-on: ubuntu-latest | |
if: ${{ github.repository == 'spring-projects/spring-security' }} | |
outputs: | |
runjobs: ${{ steps.continue.outputs.runjobs }} | |
project_version: ${{ steps.continue.outputs.project_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: continue | |
name: Determine if should continue | |
run: | | |
# Run jobs if in upstream repository | |
echo "runjobs=true" >>$GITHUB_OUTPUT | |
# Extract version from gradle.properties | |
version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}') | |
echo "project_version=$version" >>$GITHUB_OUTPUT | |
build_jdk_11: | |
name: Build JDK 11 | |
needs: [prerequisites] | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
cache: 'gradle' | |
- name: Set up Gradle | |
uses: gradle/gradle-build-action@v3 | |
- name: Set up gradle user name | |
run: echo 'systemProp.user.name=spring-builds+github' >> gradle.properties | |
- name: Build with Gradle | |
run: ./gradlew clean build --continue -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" | |
snapshot_tests: | |
name: Test against snapshots | |
needs: [prerequisites] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Snapshot Tests | |
run: ./gradlew test --refresh-dependencies -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PspringFrameworkVersion='5.+' -PreactorVersion='2020.0.+' -PspringDataVersion='2021.2.+' -PlocksDisabled --stacktrace | |
check_samples: | |
name: Check Samples project | |
needs: [prerequisites] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Check samples project | |
env: | |
LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos | |
SAMPLES_DIR: ../spring-security-samples | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
run: | | |
./gradlew publishMavenJavaPublicationToLocalRepository | |
./gradlew cloneSamples -PcloneOutputDirectory="$SAMPLES_DIR" | |
./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$VERSION" :runAllTests | |
check_tangles: | |
name: Check for Package Tangles | |
needs: [ prerequisites ] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Check for package tangles | |
run: ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace | |
deploy_artifacts: | |
name: Deploy Artifacts | |
needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Deploy artifacts | |
run: ./gradlew publishArtifacts finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} | |
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} | |
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} | |
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
deploy_docs: | |
name: Deploy Docs | |
needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Deploy Docs | |
run: ./gradlew deployDocs -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace | |
env: | |
DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }} | |
DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }} | |
DOCS_HOST: ${{ secrets.DOCS_HOST }} | |
deploy_schema: | |
name: Deploy Schema | |
needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Deploy Schema | |
run: ./gradlew deploySchema -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace --info | |
env: | |
DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }} | |
DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }} | |
DOCS_HOST: ${{ secrets.DOCS_HOST }} | |
perform_release: | |
name: Perform release | |
needs: [prerequisites, deploy_artifacts, deploy_docs, deploy_schema] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
timeout-minutes: 90 | |
if: ${{ !endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }} | |
env: | |
REPO: ${{ github.repository }} | |
BRANCH: ${{ github.ref_name }} | |
TOKEN: ${{ github.token }} | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Wait for Artifactory Artifacts | |
if: ${{ contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Wait for artifacts of $REPO@$VERSION to appear on Artifactory." | |
until curl -f -s https://repo.spring.io/artifactory/milestone/org/springframework/security/spring-security-core/$VERSION/ > /dev/null | |
do | |
sleep 30 | |
echo "." | |
done | |
echo "Artifacts for $REPO@$VERSION have been released to Artifactory." | |
- name: Wait for Maven Central Artifacts | |
if: ${{ !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Wait for artifacts of $REPO@$VERSION to appear on Maven Central." | |
until curl -f -s https://repo1.maven.org/maven2/org/springframework/security/spring-security-core/$VERSION/ > /dev/null | |
do | |
sleep 30 | |
echo "." | |
done | |
echo "Artifacts for $REPO@$VERSION have been released to Maven Central." | |
- name: Create GitHub Release | |
run: | | |
echo "Tagging and publishing $REPO@$VERSION release on GitHub." | |
./gradlew createGitHubRelease -PnextVersion=$VERSION -Pbranch=$BRANCH -PcreateRelease=true -PgitHubAccessToken=$TOKEN | |
- name: Announce Release on Slack | |
id: spring-security-announcing | |
uses: slackapi/[email protected] | |
with: | |
payload: | | |
{ | |
"text": "spring-security-announcing `${{ env.VERSION }}` is available now", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "spring-security-announcing `${{ env.VERSION }}` is available now" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Setup git config | |
run: | | |
git config user.name 'github-actions[bot]' | |
git config user.email 'github-actions[bot]@users.noreply.github.com' | |
- name: Update to next Snapshot Version | |
run: | | |
echo "Updating $REPO@$VERSION to next snapshot version." | |
./gradlew :updateToSnapshotVersion | |
git commit -am "Next development version" | |
git push | |
perform_post_release: | |
name: Perform post-release | |
needs: [prerequisites, deploy_artifacts, deploy_docs, deploy_schema] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
issues: write | |
timeout-minutes: 90 | |
if: ${{ endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }} | |
env: | |
TOKEN: ${{ github.token }} | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up gradle | |
uses: spring-io/spring-gradle-build-action@v2 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Schedule next release (if not already scheduled) | |
run: ./gradlew scheduleNextRelease -PnextVersion=$VERSION -PgitHubAccessToken=$TOKEN | |
notify_result: | |
name: Check for failures | |
needs: [perform_release, perform_post_release] | |
if: failure() | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
steps: | |
- name: Send Slack message | |
# Workaround while waiting for Gamesight/slack-workflow-status#38 to be fixed | |
# See https://github.com/Gamesight/slack-workflow-status/issues/38 | |
uses: sjohnr/slack-workflow-status@v1-beta | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
channel: '#spring-security-ci' | |
name: 'CI Notifier' |