diff --git a/.github/actions/create-github-release/action.yml b/.github/actions/create-github-release/action.yml new file mode 100644 index 000000000000..92e0ad641771 --- /dev/null +++ b/.github/actions/create-github-release/action.yml @@ -0,0 +1,21 @@ +name: Create GitHub Release +inputs: + milestone: + description: Name of the GitHub milestone for which a release will be created + required: true + token: + description: Token to use for authentication with GitHub + required: true +runs: + using: composite + steps: + - name: Generate Changelog + uses: spring-io/github-changelog-generator@052892c62af51f8af87a9da6de55e70864b7df12 + with: + milestone: ${{ inputs.milestone }} + token: ${{ inputs.token }} + config-file: ${{ github.action_path }}/changelog-generator.yml + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ inputs.token }} + run: gh release create ${{ github.ref_name }} --notes-file changelog.md \ No newline at end of file diff --git a/.github/actions/create-github-release/changelog-generator.yml b/.github/actions/create-github-release/changelog-generator.yml new file mode 100644 index 000000000000..67db9ca4f9d7 --- /dev/null +++ b/.github/actions/create-github-release/changelog-generator.yml @@ -0,0 +1,23 @@ +changelog: + repository: spring-projects/spring-boot + sections: + - title: ":star: New Features" + labels: + - "type: enhancement" + - title: ":lady_beetle: Bug Fixes" + labels: + - "type: bug" + - "type: regression" + - title: ":notebook_with_decorative_cover: Documentation" + labels: + - "type: documentation" + - title: ":hammer: Dependency Upgrades" + sort: "title" + labels: + - "type: dependency-upgrade" + issues: + ports: + - label: "status: forward-port" + bodyExpression: 'Forward port of issue #(\d+).*' + - label: "status: back-port" + bodyExpression: 'Back port of issue #(\d+).*' diff --git a/.github/actions/publish-gradle-plugin/action.yml b/.github/actions/publish-gradle-plugin/action.yml new file mode 100644 index 000000000000..599286656813 --- /dev/null +++ b/.github/actions/publish-gradle-plugin/action.yml @@ -0,0 +1,38 @@ +name: Publish Gradle Plugin +description: Publishes Spring Boot's Gradle plugin to the Plugin Portal +inputs: + jfrog-cli-config-token: + description: 'Config token for the JFrog CLI' + type: string + required: true + plugin-version: + description: 'Version of the plugin' + type: string + required: true + gradle-plugin-publish-key: + description: 'Gradle publishing key' + type: string + required: true + gradle-plugin-publish-secret: + description: 'Gradle publishing secret' + type: string + required: true +runs: + using: composite + steps: + - name: Set Up JFrog CLI + uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1 + env: + JF_ENV_SPRING: ${{ inputs.jfrog-cli-config-token }} + - name: Download Artifacts + shell: bash + run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-boot-{0}', inputs.plugin-version) }};buildNumber=${{ github.run_number }}' + - name: Publish + shell: bash + run: > + ./gradlew publishExisting + -p ${{ github.action_path }} + -Pgradle.publish.key=${{ inputs.gradle-plugin-publish-key }} + -Pgradle.publish.secret=${{ inputs.gradle-plugin-publish-secret }} + -PbootVersion=${{ inputs.plugin-version }} + -PrepositoryRoot=$(pwd)/repository diff --git a/.github/actions/publish-gradle-plugin/artifacts.spec b/.github/actions/publish-gradle-plugin/artifacts.spec new file mode 100644 index 000000000000..464fab51ee99 --- /dev/null +++ b/.github/actions/publish-gradle-plugin/artifacts.spec @@ -0,0 +1,20 @@ +{ + "files": [ + { + "aql": { + "items.find": { + "$and": [ + { + "@build.name": "${buildName}", + "@build.number": "${buildNumber}", + "path": { + "$match": "org/springframework/boot/spring-boot-gradle-plugin/*" + } + } + ] + } + }, + "target": "repository/" + } + ] +} \ No newline at end of file diff --git a/.github/actions/publish-gradle-plugin/build.gradle b/.github/actions/publish-gradle-plugin/build.gradle new file mode 100644 index 000000000000..bff025a7e443 --- /dev/null +++ b/.github/actions/publish-gradle-plugin/build.gradle @@ -0,0 +1,14 @@ +plugins { + id "com.gradle.plugin-publish" version "1.2.1" +} + +tasks.register("publishExisting", com.gradle.publish.PublishExistingTask) { + pluginId = "org.springframework.boot" + fileRepositoryRoot = new File("${repositoryRoot}") + pluginVersion = "${bootVersion}" + pluginCoordinates = "org.springframework.boot:spring-boot-gradle-plugin:${bootVersion}" + displayName = "Spring Boot Gradle Plugin" + pluginDescription = "Spring Boot Gradle Plugin" + website = "https://spring.io/projects/spring-boot" + vcsUrl = "https://github.com/spring-projects/spring-boot" +} diff --git a/.github/actions/publish-gradle-plugin/settings.gradle b/.github/actions/publish-gradle-plugin/settings.gradle new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/.github/actions/publish-to-sdkman/action.yml b/.github/actions/publish-to-sdkman/action.yml new file mode 100644 index 000000000000..189fcdb5725d --- /dev/null +++ b/.github/actions/publish-to-sdkman/action.yml @@ -0,0 +1,38 @@ +name: Publish to SDKMAN! +description: Publishes the release as a new candidate version on SDKMAN! +inputs: + sdkman-consumer-key: + description: 'Key for publishing to SDKMAN!' + required: true + sdkman-consumer-secret: + description: 'Secret for publishing to SDKMAN!' + required: true + spring-boot-version: + description: 'The version to publish' + required: true + make-default: + description: 'Whether the release should be made the default version' + required: false + default: false +runs: + using: composite + steps: + - shell: bash + run: > + curl -X POST \ + -H "Consumer-Key: ${{ inputs.sdkman-consumer-key }}" + -H "Consumer-Token: ${{ inputs.sdkman-consumer-token }}" + -H "Content-Type: application/json" + -H "Accept: application/json" + -d '{"candidate": "springboot", "version": "${{ inputs.spring-boot-version }}", "url": "${{ format('https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-cli/{0}/spring-boot-cli-{0}-bin.zip', inputs.spring-boot-version)"}' + https://vendors.sdkman.io/release + - shell: bash + if: ${{ inputs.make-default }} + run: > + curl -X POST \ + -H "Consumer-Key: ${{ inputs.sdkman-consumer-key }}" + -H "Consumer-Token: ${{ inputs.sdkman-consumer-token }}" + -H "Content-Type: application/json" + -H "Accept: application/json" + -d '{"candidate": "springboot", "version": "${{ inputs.spring-boot-version }}"}' + https://vendors.sdkman.io/default diff --git a/.github/actions/sync-to-maven-central/action.yml b/.github/actions/sync-to-maven-central/action.yml new file mode 100644 index 000000000000..cfe61fbc70df --- /dev/null +++ b/.github/actions/sync-to-maven-central/action.yml @@ -0,0 +1,54 @@ +name: Sync to Maven Central +description: Syncs a release to Maven Central and waits for it to be available for use +inputs: + jfrog-cli-config-token: + description: 'Config token for the JFrog CLI' + type: string + required: true + spring-boot-version: + description: 'The version of Spring Boot that is being synced to Central' + type: string + required: true + ossrh-s01-token-username: + description: 'Username for authentication with s01.oss.sonatype.org' + type: string + required: true + ossrh-s01-token-password: + description: 'Password for authentication with s01.oss.sonatype.org' + type: string + required: true + ossrh-s01-staging-profile: + description: 'Staging profile to use when syncing to Central' + type: string + required: true +runs: + using: composite + steps: + - name: Set Up JFrog CLI + uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1 + env: + JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} + - name: Download Release Artifacts + run: jf rt download --spec ${{ format('{0}/artifacts.spec', github.action_path) }} --spec-vars 'buildName=${{ format('spring-boot-{0}', inputs.spring-boot-version) }};buildNumber=${{ github.run_number }}' + - name: Sync + uses: spring-io/nexus-sync-action@42477a2230a2f694f9eaa4643fa9e76b99b7ab84 # v0.0.1 + with: + username: ${{ inputs.ossrh-s01-token-username }} + password: ${{ inputs.ossrh-s01-token-password }} + staging-profile-name: ${{ secrets.ossrh-s01-staging-profile }} + create: true + upload: true + close: true + release: true + generate-checksums: true + - name: Await + shell: bash + run: | + url=${{ format('https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot/{0}/spring-boot-{0}.jar', inputs.spring-boot-version) }} + echo "Waiting for $url" + until curl --fail --head --silent $url > /dev/null + do + echo "." + sleep 60 + done + echo "$url is available" diff --git a/.github/actions/sync-to-maven-central/artifacts.spec b/.github/actions/sync-to-maven-central/artifacts.spec new file mode 100644 index 000000000000..cec9fd913cdd --- /dev/null +++ b/.github/actions/sync-to-maven-central/artifacts.spec @@ -0,0 +1,20 @@ +{ + "files": [ + { + "aql": { + "items.find": { + "$and": [ + { + "@build.name": "${buildName}", + "@build.number": "${buildNumber}", + "path": { + "$nmatch": "org/springframework/boot/spring-boot-docs/*" + } + } + ] + } + }, + "target": "nexus/" + } + ] +} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000000..51844cd3bdaa --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,121 @@ +name: Release +on: + push: + tags: + - v3.1.[0-9]+ +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + build-and-stage-release: + if: ${{ github.repository == 'spring-projects/spring-boot' }} + name: Build and Stage Release + needs: get-version + runs-on: ubuntu22-8-32 + steps: + - name: Check Out Code + uses: actions/checkout@v4 + - name: Build and Publish + uses: ./.github/actions/build + with: + gradle-enterprise-access-key: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + gradle-enterprise-cache-password: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + gradle-enterprise-cache-user: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + publish: true + - name: Stage Release + uses: spring-io/artifactory-deploy-action@26bbe925a75f4f863e1e529e85be2d0093cac116 # v0.0.1 + with: + build-name: ${{ format('spring-boot-{0}', github.ref_name)}} + folder: 'deployment-repository' + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + repository: 'libs-staging-local' + signing-key: ${{ secrets.GPG_PRIVATE_KEY }} + signing-passphrase: ${{ secrets.GPG_PASSPHRASE }} + uri: 'https://repo.spring.io' + username: ${{ secrets.ARTIFACTORY_USERNAME }} + outputs: + version: ${{ steps.build.outputs.version }} + verify: + name: Verify + needs: build-and-stage-release + uses: ./.github/workflows/verify.yml + with: + repository-username: ${{ secrets.ARTIFACTORY_USERNAME }} + repository-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + staging: true + version: ${{ needs.build-and-stage-release.outputs.version }} + sync-to-maven-central: + name: Sync to Maven Central + needs: + - get-version + - verify + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Sync to Maven Central + uses: ./.github/actions/sync-to-maven-central + with: + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + ossrh-s01-staging-profile: ${{ secrets.OSSRH_S01_STAGING_PROFILE }} + ossrh-s01-token-password: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} + ossrh-s01-token-username: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} + spring-boot-version: ${{ needs.get-version.outputs.version }} + promote-release: + name: Promote Release + needs: + - get-version + - sync-to-maven-central + runs-on: ubuntu-latest + steps: + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1 + env: + JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }} + - name: Promote build + run: jfrog rt build-promote ${{ format('spring-boot-{0}', needs.get-version.outputs.version)}} ${{ github.run_number }} libs-release-local + publish-gradle-plugin: + name: Publish Gradle Plugin + needs: + - get-version + - sync-to-maven-central + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Publish + uses: ./.github/actions/publish-gradle-plugin + with: + gradle-plugin-publish-key: ${{ secrets.GRADLE_PLUGIN_PUBLISH_KEY }} + gradle-plugin-publish-secret: ${{ secrets.GRADLE_PLUGIN_PUBLISH_SECRET }} + jfrog-cli-config-token: ${{ secrets.JF_ARTIFACTORY_SPRING }} + plugin-version: ${{ needs.get-version.outputs.version }} + publish-to-sdkman: + name: Publish to SDKMAN! + needs: + - get-version + - sync-to-maven-central + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Publish to SDKMAN! + uses: ./.github/actions/publish-to-sdkman + with: + sdkman-consumer-key: ${{ secrets.SDKMAN_CONSUMER_KEY }} + sdkman-consumer-token: ${{ secrets.SDKMAN_CONSUMER_TOKEN }} + version: ${{ needs.get-version.outputs.version }} + create-github-release: + name: Create GitHub Release + needs: + - get-version + - promote-release + - publish-gradle-plugin + - publish-to-sdkman + runs-on: ubuntu-latest + steps: + - name: Check Out Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Create GitHub Release + uses: ./.github/actions/create-github-release + with: + milestone: ${{ needs.get-version.outputs.version }} + token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 507241271f8e..5ec242002df3 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -5,6 +5,11 @@ on: version: required: true type: string + inputs: + staging: + required: false + type: boolean + default: false jobs: verify: name: Verify @@ -41,6 +46,9 @@ jobs: env: RVT_VERSION: ${{ inputs.version }} RVT_RELEASE_TYPE: oss + RVT_STAGING: ${{ inputs.staging }} + RVT_OSS_REPOSITORY_USERNAME: ${{ inputs.repository-username }} + RVT_OSS_REPOSITORY_PASSWORD: ${{ inputs.repository-password }} run: ./gradlew spring-boot-release-verification-tests:test - name: Upload Build Reports on Failure uses: actions/upload-artifact@v4