diff --git a/.editorconfig b/.editorconfig index e937be5..6ef5d69 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,4 +1,4 @@ -oot = true +root = true [*] trim_trailing_whitespace = true @@ -23,4 +23,4 @@ max_line_length = 100 # See documentation https://youtrack.jetbrains.com/issue/IDEA-170643#focus=streamItem-27-3708697.0-0 [*.xml] -indent_size = 4 \ No newline at end of file +indent_size = 4 diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index d436367..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "gradle" - directory: "/" - schedule: - interval: "weekly" - labels: - - "type: dependency-upgrade" - - "relates-to: build" - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - labels: - - "type: dependency-upgrade" - - "relates-to: build" \ No newline at end of file diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..a890b25 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,33 @@ +changelog: + exclude: + authors: + - micronaut-build + categories: + - title: Breaking Changes 🛠 + labels: + - 'type: breaking' + - title: New Features 🎉 + labels: + - 'type: enhancement' + - title: Bug Fixes 🐞 + labels: + - 'type: bug' + - title: Improvements ⭐ + labels: + - 'type: improvement' + - title: Docs 📖 + labels: + - 'type: docs' + - title: Dependency updates 🚀 + labels: + - 'type: dependency-upgrade' + - 'dependency-upgrade' + - title: Regressions 🧐 + labels: + - 'type: regression' + - title: GraalVM 🏆 + labels: + - 'relates-to: graal' + - title: Other Changes 💡 + labels: + - "*" diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..99eeec1 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,34 @@ +{ + "extends": [ + "config:recommended" + ], + "addLabels": [ + "type: dependency-upgrade" + ], + "schedule": [ + "after 10pm" + ], + "prHourlyLimit": 1, + "prConcurrentLimit": 20, + "timezone": "Europe/Prague", + "packageRules": [ + { + "dependencyDashboardApproval": true, + "matchUpdateTypes": [ + "patch" + ], + "matchCurrentVersion": "!/^0/", + "automerge": true, + "matchPackageNames": [ + "/actions.*/" + ] + }, + { + "matchUpdateTypes": [ + "patch" + ], + "matchCurrentVersion": "!/^0/", + "automerge": true + } + ] +} diff --git a/.github/workflows/central-sync.yml b/.github/workflows/central-sync.yml index 713f878..23b80ba 100644 --- a/.github/workflows/central-sync.yml +++ b/.github/workflows/central-sync.yml @@ -18,9 +18,9 @@ jobs: uses: actions/checkout@v4 with: ref: v${{ github.event.inputs.release_version }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/wrapper-validation-action@v3 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '17' diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml deleted file mode 100644 index 6ebfa6f..0000000 --- a/.github/workflows/dependency-update.yml +++ /dev/null @@ -1,44 +0,0 @@ -# WARNING: Do not edit this file directly. Instead, go to: -# -# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows -# -# and edit them there. Note that it will be sync'ed to all the Micronaut repos -name: Update Dependencies -on: - schedule: - - cron: '0 4 * * SUN' -jobs: - dependency-updates: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/cache@v3.2.6 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle- - - name: Set up JDK - uses: actions/setup-java@v2 - with: - distribution: 'adopt' - java-version: '8' - - name: Export Gradle Properties - uses: micronaut-projects/github-actions/export-gradle-properties@master - - name: Check Dependencies - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - run: ./gradlew useLatestVersions - - name: Create Pull Request - uses: peter-evans/create-pull-request@v4.2.3 - with: - token: ${{ secrets.GH_TOKEN }} - committer: micronaut-build <${{ secrets.MICRONAUT_BUILD_EMAIL }}> - author: micronaut-build <${{ secrets.MICRONAUT_BUILD_EMAIL }}> - commit-message: Update dependencies - title: 'Dependency upgrades' - body: Upgrades dependencies to their latest versions - labels: "type: dependency-upgrade" - branch: dependency-updates diff --git a/.github/workflows/graalvm-dev.yml b/.github/workflows/graalvm-dev.yml new file mode 100644 index 0000000..eb0203b --- /dev/null +++ b/.github/workflows/graalvm-dev.yml @@ -0,0 +1,65 @@ +# WARNING: Do not edit this file directly. Instead, go to: +# +# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows +# +# and edit them there. Note that it will be sync'ed to all the Micronaut repos +name: GraalVM Dev CI +on: + schedule: + - cron: "0 1 * * 1-5" # Mon-Fri at 1am UTC +jobs: + build_matrix: + if: github.repository != 'micronaut-projects/micronaut-project-template' + runs-on: ubuntu-latest + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + outputs: + matrix: ${{ steps.build-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v4 + - name: Build Matrix + uses: micronaut-projects/github-actions/graalvm/build-matrix@master + id: build-matrix + build: + needs: build_matrix + if: github.repository != 'micronaut-projects/micronaut-project-template' + runs-on: ubuntu-latest + strategy: + max-parallel: 6 + matrix: + java: ['dev', 'latest-ea'] + distribution: ['graalvm-community', 'graalvm'] + native_test_task: ${{ fromJson(needs.build_matrix.outputs.matrix).native_test_task }} + exclude: + - java: 'dev' + distribution: 'graalvm' + - java: 'latest-ea' + distribution: 'graalvm-community' + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + steps: + - uses: actions/checkout@v4 + - name: Pre-Build Steps + uses: micronaut-projects/github-actions/graalvm/pre-build@master + id: pre-build + with: + java: ${{ matrix.java }} + distribution: ${{ matrix.distribution }} + - name: Build Steps + uses: micronaut-projects/github-actions/graalvm/build@master + id: build + env: + GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }} + GH_USERNAME: ${{ secrets.GH_USERNAME }} + GRAALVM_QUICK_BUILD: true + with: + nativeTestTask: ${{ matrix.native_test_task }} + - name: Post-Build Steps + uses: micronaut-projects/github-actions/graalvm/post-build@master + id: post-build + with: + java: ${{ matrix.java }} diff --git a/.github/workflows/graalvm-latest.yml b/.github/workflows/graalvm-latest.yml new file mode 100644 index 0000000..d150aa6 --- /dev/null +++ b/.github/workflows/graalvm-latest.yml @@ -0,0 +1,65 @@ +# WARNING: Do not edit this file directly. Instead, go to: +# +# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows +# +# and edit them there. Note that it will be sync'ed to all the Micronaut repos +name: GraalVM Latest CI +on: + push: + branches: + - master + - '[1-9]+.[0-9]+.x' + pull_request: + branches: + - master + - '[1-9]+.[0-9]+.x' +jobs: + build_matrix: + if: github.repository != 'micronaut-projects/micronaut-project-template' + runs-on: ubuntu-latest + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + outputs: + matrix: ${{ steps.build-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v4 + - name: Build Matrix + uses: micronaut-projects/github-actions/graalvm/build-matrix@master + id: build-matrix + build: + needs: build_matrix + if: github.repository != 'micronaut-projects/micronaut-project-template' + runs-on: ubuntu-latest + strategy: + max-parallel: 6 + matrix: + java: ['17', '21'] + native_test_task: ${{ fromJson(needs.build_matrix.outputs.matrix).native_test_task }} + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + steps: + - uses: actions/checkout@v4 + - name: Pre-Build Steps + uses: micronaut-projects/github-actions/graalvm/pre-build@master + id: pre-build + with: + distribution: 'graalvm' + java: ${{ matrix.java }} + - name: Build Steps + uses: micronaut-projects/github-actions/graalvm/build@master + id: build + env: + GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }} + GH_USERNAME: ${{ secrets.GH_USERNAME }} + GRAALVM_QUICK_BUILD: true + with: + nativeTestTask: ${{ matrix.native_test_task }} + - name: Post-Build Steps + uses: micronaut-projects/github-actions/graalvm/post-build@master + id: post-build + with: + java: ${{ matrix.java }} diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 439aa62..22e563a 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -19,68 +19,87 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - java: ['8', '11', '17'] + java: ['17', '21'] + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }} + GH_USERNAME: ${{ secrets.GH_USERNAME }} + TESTCONTAINERS_RYUK_DISABLED: true + PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}" + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: # https://github.com/actions/virtual-environments/issues/709 - - name: Free disk space + - name: "🗑 Free disk space" run: | sudo rm -rf "/usr/local/share/boost" sudo rm -rf "$AGENT_TOOLSDIRECTORY" sudo apt-get clean df -h - - uses: actions/checkout@v2 - - uses: actions/cache@v3.2.6 + + - name: "📥 Checkout repository" + uses: actions/checkout@v4 with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle- - - name: Set up JDK - uses: actions/setup-java@v2 + fetch-depth: 0 + + - name: "🔧 Setup GraalVM CE" + uses: graalvm/setup-graalvm@v1.2.6 with: - distribution: 'adopt' + distribution: 'graalvm' java-version: ${{ matrix.java }} - - name: Optional setup step - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: "🔧 Setup Gradle" + uses: gradle/gradle-build-action@v3.5.0 + + - name: "❓ Optional setup step" run: | - [ -f ./setup.sh ] && ./setup.sh || true - - name: Build with Gradle + [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ] + + - name: "🛠 Build with Gradle" + id: gradle run: | - # Awful hack for kapt and JDK 16. See https://youtrack.jetbrains.com/issue/KT-45545 - if [ ${{ matrix.java }} == 16 ]; then export GRADLE_OPTS="-Dorg.gradle.jvmargs=--illegal-access=permit"; fi - ./gradlew dependencyUpdates check --no-daemon --parallel --continue - env: - TESTCONTAINERS_RYUK_DISABLED: true - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - - name: Publish Test Report + ./gradlew check --no-daemon --continue + + - name: "🔎 Run static analysis" + if: env.SONAR_TOKEN != '' && matrix.java == '17' + run: | + ./gradlew sonar + + - name: "📊 Publish Test Report" if: always() - uses: mikepenz/action-junit-report@v3.7.5 + uses: mikepenz/action-junit-report@v5 with: check_name: Java CI / Test Report (${{ matrix.java }}) report_paths: '**/build/test-results/test/TEST-*.xml' - - name: Publish to Sonatype Snapshots - if: success() && github.event_name == 'push' && matrix.java == '8' + check_retries: 'true' + + - name: "📜 Upload binary compatibility check results" + if: matrix.java == '17' + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: binary-compatibility-reports + path: "**/build/reports/binary-compatibility-*.html" + + - name: "📦 Publish to Sonatype Snapshots" + if: success() && github.event_name == 'push' && matrix.java == '17' env: SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} run: ./gradlew publishToSonatype docs --no-daemon - - name: Determine docs target repository + + - name: "❓ Determine docs target repository" uses: haya14busa/action-cond@v1 id: docs_target with: cond: ${{ github.repository == 'micronaut-projects/micronaut-core' }} if_true: "micronaut-projects/micronaut-docs" if_false: ${{ github.repository }} - - name: Publish to Github Pages - if: success() && github.event_name == 'push' && matrix.java == '8' + + - name: "📑 Publish to Github Pages" + if: success() && github.event_name == 'push' && matrix.java == '17' uses: micronaut-projects/github-pages-deploy-action@master env: TARGET_REPOSITORY: ${{ steps.docs_target.outputs.value }} diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml index 4ee0110..0875db9 100644 --- a/.github/workflows/publish-snapshot.yml +++ b/.github/workflows/publish-snapshot.yml @@ -10,18 +10,18 @@ jobs: if: github.repository != 'micronaut-projects/micronaut-project-template' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/cache@v3.2.6 + - uses: actions/checkout@v4 + - uses: actions/cache@v4 with: path: ~/.gradle/caches key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} restore-keys: | ${{ runner.os }}-gradle- - name: Set up JDK - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: - distribution: 'adopt' - java-version: '8' + distribution: 'temurin' + java-version: '17' - name: Publish to Sonatype Snapshots if: success() env: diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml deleted file mode 100644 index c06b4f3..0000000 --- a/.github/workflows/release-notes.yml +++ /dev/null @@ -1,50 +0,0 @@ -# WARNING: Do not edit this file directly. Instead, go to: -# -# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows -# -# and edit them there. Note that it will be sync'ed to all the Micronaut repos -name: Changelog -on: - issues: - types: [closed,reopened] - push: - branches: - - master - - '[1-9]+.[0-9]+.x' -jobs: - release_notes: - if: github.repository != 'micronaut-projects/micronaut-project-template' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Check if it has release drafter config file - id: check_release_drafter - run: | - has_release_drafter=$([ -f .github/release-drafter.yml ] && echo "true" || echo "false") - echo ::set-output name=has_release_drafter::${has_release_drafter} - - # If it has release drafter: - - uses: release-drafter/release-drafter@v5 - if: steps.check_release_drafter.outputs.has_release_drafter == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - - # Otherwise: - - name: Export Gradle Properties - if: steps.check_release_drafter.outputs.has_release_drafter == 'false' - uses: micronaut-projects/github-actions/export-gradle-properties@master - - uses: micronaut-projects/github-actions/release-notes@master - if: steps.check_release_drafter.outputs.has_release_drafter == 'false' - id: release_notes - with: - token: ${{ secrets.GH_TOKEN }} - - uses: ncipollo/release-action@v1 - if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true' - with: - allowUpdates: true - commit: ${{ steps.release_notes.outputs.current_branch }} - draft: true - name: ${{ env.title }} ${{ steps.release_notes.outputs.next_version }} - tag: v${{ steps.release_notes.outputs.next_version }} - bodyFile: CHANGELOG.md - token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dd3c22b..f0b8ad7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,21 +9,23 @@ on: types: [published] jobs: release: + outputs: + artifacts-sha256: ${{ steps.hash.outputs.artifacts-sha256 }} # Computed hashes for build artifacts. runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: token: ${{ secrets.GH_TOKEN }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/wrapper-validation-action@v3 - name: Set up JDK - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: - distribution: 'adopt' - java-version: '8' + distribution: 'temurin' + java-version: '17' - name: Set the current release version id: release_version - run: echo ::set-output name=release_version::${GITHUB_REF:11} + run: echo "release_version=${GITHUB_REF:11}" >> $GITHUB_OUTPUT - name: Run pre-release uses: micronaut-projects/github-actions/pre-release@master env: @@ -31,6 +33,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} - name: Publish to Sonatype OSSRH + id: publish env: SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} @@ -42,42 +45,61 @@ jobs: GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} run: | echo $GPG_FILE | base64 -d > secring.gpg - ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository + # Publish both locally and to Sonatype. + # The artifacts stored locally will be used to generate the SLSA provenance. + ./gradlew publishAllPublicationsToBuildRepository publishToSonatype closeAndReleaseSonatypeStagingRepository + # Read the current version from gradle.properties. + VERSION=$(./gradlew properties | grep 'version:' | awk '{print $2}') + # Read the project group from gradle.properties. + GROUP_PATH=$(./gradlew properties| grep "projectGroup" | awk '{print $2}' | sed 's/\./\//g') + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "group=$GROUP_PATH" >> "$GITHUB_OUTPUT" + - name: Generate subject + id: hash + run: | + # Find the artifact JAR and POM files in the local repository. + ARTIFACTS=$(find build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/* \ + -type f \( \( -iname "*.jar" -not -iname "*-javadoc.jar" -not -iname "*-sources.jar" \) -or -iname "*.pom" \)) + # Compute the hashes for the artifacts. + # Set the hash as job output for debugging. + echo "artifacts-sha256=$(sha256sum $ARTIFACTS | base64 -w0)" >> "$GITHUB_OUTPUT" + # Store the hash in a file, which is uploaded as a workflow artifact. + sha256sum $ARTIFACTS | base64 -w0 > artifacts-sha256 + - name: Upload build artifacts + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: gradle-build-outputs + path: build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/* + retention-days: 5 + - name: Upload artifacts-sha256 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: artifacts-sha256 + path: artifacts-sha256 + retention-days: 5 - name: Generate docs + run: ./gradlew docs env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - run: ./gradlew docs + GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }} + GH_USERNAME: ${{ secrets.GH_USERNAME }} - name: Export Gradle Properties uses: micronaut-projects/github-actions/export-gradle-properties@master - name: Publish to Github Pages if: success() uses: micronaut-projects/github-pages-deploy-action@master env: - BETA: ${{ contains(steps.release_version.outputs.release_version, 'M') || contains(steps.release_version.outputs.release_version, 'RC') }} + BETA: ${{ !(github.event.release.target_commitish == github.event.repository.default_branch) || contains(steps.release_version.outputs.release_version, 'M') || contains(steps.release_version.outputs.release_version, 'RC') }} GH_TOKEN: ${{ secrets.GH_TOKEN }} BRANCH: gh-pages FOLDER: build/docs VERSION: ${{ steps.release_version.outputs.release_version }} + TARGET_REPOSITORY: ${{ github.repository == 'micronaut-projects/micronaut-core' && env.docsRepository || github.repository }} GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - - name: Checkout micronaut-core - uses: actions/checkout@v2 - with: - token: ${{ secrets.GH_TOKEN }} - repository: micronaut-projects/micronaut-core - ref: ${{ env.githubCoreBranch }} - path: micronaut-core # Must be micronaut-core - continue-on-error: true - - name: Update BOM - uses: micronaut-projects/github-actions/update-bom@master - env: - MICRONAUT_BUILD_EMAIL: ${{ secrets.MICRONAUT_BUILD_EMAIL }} - with: - token: ${{ secrets.GH_TOKEN }} - continue-on-error: true - name: Run post-release if: success() uses: micronaut-projects/github-actions/post-release@master @@ -85,3 +107,59 @@ jobs: MICRONAUT_BUILD_EMAIL: ${{ secrets.MICRONAUT_BUILD_EMAIL }} with: token: ${{ secrets.GITHUB_TOKEN }} + + provenance-subject: + needs: [release] + runs-on: ubuntu-latest + outputs: + artifacts-sha256: ${{ steps.set-hash.outputs.artifacts-sha256 }} + steps: + - name: Download artifacts-sha256 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: artifacts-sha256 + # The SLSA provenance generator expects the hash digest of artifacts to be passed as a job + # output. So we need to download the artifacts-sha256 and set it as job output. The hash of + # the artifacts should be set as output directly in the release job. But due to a known bug + # in GitHub Actions we have to use a workaround. + # See https://github.com/community/community/discussions/37942. + - name: Set artifacts-sha256 as output + id: set-hash + shell: bash + run: echo "artifacts-sha256=$(cat artifacts-sha256)" >> "$GITHUB_OUTPUT" + + provenance: + needs: [release, provenance-subject] + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + with: + base64-subjects: "${{ needs.provenance-subject.outputs.artifacts-sha256 }}" + upload-assets: true # Upload to a new release. + compile-generator: true # Build the generator from source. + + github_release: + needs: [release, provenance] + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/') + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Download artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: gradle-build-outputs + path: build/repo + - name: Create artifacts archive + shell: bash + run: | + find build/repo -type f \( \( -iname "*.jar" -not -iname "*-javadoc.jar" -not \ + -iname "*-sources.jar" \) -or -iname "*.pom" \) | xargs zip artifacts.zip + - name: Upload assets + # Upload the artifacts to the existing release. Note that the SLSA provenance will + # attest to each artifact file and not the aggregated ZIP file. + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + with: + files: artifacts.zip diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml deleted file mode 100644 index 9cc05d7..0000000 --- a/.github/workflows/sonarqube.yml +++ /dev/null @@ -1,56 +0,0 @@ -# WARNING: Do not edit this file directly. Instead, go to: -# -# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows -# -# and edit them there. Note that it will be sync'ed to all the Micronaut repos -name: Static Analysis -on: - push: - branches: - - master - - '[1-9]+.[0-9]+.x' - pull_request: - branches: - - master - - '[1-9]+.[0-9]+.x' -jobs: - build: - if: github.repository != 'micronaut-projects/micronaut-project-template' - runs-on: ubuntu-latest - steps: - # https://github.com/actions/virtual-environments/issues/709 - - name: Free disk space - run: | - sudo rm -rf "/usr/local/share/boost" - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - sudo apt-get clean - df -h - - uses: actions/checkout@v2 - - uses: actions/cache@v3.2.6 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle- - - name: Set up JDK - uses: actions/setup-java@v2 - with: - distribution: 'adopt' - java-version: 11 - - name: Optional setup step - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - run: | - [ -f ./setup.sh ] && ./setup.sh || true - - name: Analyse with Gradle - run: | - ./gradlew check sonarqube --no-daemon --parallel --continue - env: - TESTCONTAINERS_RYUK_DISABLED: true - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/MAINTAINING.md b/MAINTAINING.md index 4cbc7b9..104efba 100644 --- a/MAINTAINING.md +++ b/MAINTAINING.md @@ -120,12 +120,12 @@ source of truth for certain files. It is used as a template to create new repos, template repo will get propagated automatically. The files propagated are: * Workflow files (`.github/workflows/*`). They are copied using rsync" - * `central-sync.yml`. - * `dependency-update.yml`. - * `graalvm.yml`. - * `gradle.yml`. - * `release.yml`. - * `release-notes.yml`. + * `central-sync.yml`. + * `dependency-update.yml`. + * `graalvm.yml`. + * `gradle.yml`. + * `release.yml`. + * `release-notes.yml`. * Renovate configuration (`.github/renovate.json`). * Gradle wrapper. * `.gitignore`. @@ -177,8 +177,8 @@ will kick off, performing the following steps: * Generates documentation guide and publishes it to the `gh-pages` branch. * Sends a pull request to Core to update the BOM. * Post-release: - * Determines the next patch version, and sets it as a `SNAPSHOT` version. - * Closes the milestone that matches the release version, and creates a new one for the next patch. + * Determines the next patch version, and sets it as a `SNAPSHOT` version. + * Closes the milestone that matches the release version, and creates a new one for the next patch. If everything goes well, you now need to manually trigger the Maven Central publishing workflow via the GitHub UI. @@ -197,14 +197,14 @@ Micronaut `2.2.0` BOM. If the next version you want to publish is: * A new patch release (`1.0.1`): simply publish the existing draft release. * A new minor release (`1.1.0`): - * Before the release, push a `1.0.x` branch off `master`. - * Bump the version in master to `1.1.0-SNAPSHOT`. - * Set the `githubCoreBranch` property to `2.3.x` (or `3.0.x` if it will be the next one). - * Edit the draft release setting the version to `1.1.0` in the release title, body, tag, etc. - * Publish the release. + * Before the release, push a `1.0.x` branch off `master`. + * Bump the version in master to `1.1.0-SNAPSHOT`. + * Set the `githubCoreBranch` property to `2.3.x` (or `3.0.x` if it will be the next one). + * Edit the draft release setting the version to `1.1.0` in the release title, body, tag, etc. + * Publish the release. * A new major release (`2.0.0`): - * Before the release, push a `1.0.x` branch off `master`. - * Bump the version in master to `2.0.0-SNAPSHOT`. - * Set the `githubCoreBranch` property to `3.0.x` (or `2.3.x` if this new major version doesn't introduce breaking changes). - * Edit the draft release setting the version to `2.0.0` in the release title, body, tag, etc. - * Publish the release. + * Before the release, push a `1.0.x` branch off `master`. + * Bump the version in master to `2.0.0-SNAPSHOT`. + * Set the `githubCoreBranch` property to `3.0.x` (or `2.3.x` if this new major version doesn't introduce breaking changes). + * Edit the draft release setting the version to `2.0.0` in the release title, body, tag, etc. + * Publish the release. diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 7f93135..a4b76b9 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 3fa8f86..94113f2 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/gradlew b/gradlew index 1aa94a4..f5feea6 100755 --- a/gradlew +++ b/gradlew @@ -15,6 +15,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# ############################################################################## # @@ -55,7 +57,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. @@ -84,7 +86,8 @@ done # shellcheck disable=SC2034 APP_BASE_NAME=${0##*/} # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) -APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit +APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s +' "$PWD" ) || exit # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD=maximum diff --git a/gradlew.bat b/gradlew.bat index 93e3f59..9d21a21 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -13,6 +13,8 @@ @rem See the License for the specific language governing permissions and @rem limitations under the License. @rem +@rem SPDX-License-Identifier: Apache-2.0 +@rem @if "%DEBUG%"=="" @echo off @rem ########################################################################## @@ -43,11 +45,11 @@ set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 if %ERRORLEVEL% equ 0 goto execute -echo. -echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail @@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe if exist "%JAVA_EXE%" goto execute -echo. -echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail