apache · matrei · Jan 27, 2025 · Jan 22, 2025 · Jan 22, 2025 · Jan 22, 2025
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -1,4 +1,4 @@
-name: Java CI
+name: "Java CI"
 on:
   push:
     branches:
@@ -8,83 +8,97 @@ on:
       - '[7-9]+.[0-9]+.x'
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: read
+    strategy:
+      fail-fast: false
+      matrix:
+        java: [17, 21]
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK
+      - name: "📥 Checkout the repository"
+        uses: actions/checkout@v4
+      - name: "☕️ Setup JDK"
         uses: actions/setup-java@v4
         with:
+          java-version: ${{ matrix.java }}
           distribution: liberica
-          java-version: 17
-      - name: Setup Gradle
+      - name: "🐘 Setup Gradle"
         uses: gradle/actions/setup-gradle@v4
         with:
-          develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-      - name: Run Build
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: "🔨 Run Build"
         id: build
-        run: ./gradlew build
         env:
-          DEVELOCITY_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }}
-          DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
           GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew build --continue
   publish:
     if: github.event_name == 'push'
-    needs: ["build"]
-    runs-on: ubuntu-latest
+    needs: build
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: read
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK
+      - name: "📥 Checkout the repository"
+        uses: actions/checkout@v4
+      - name: "☕️ Setup JDK"
         uses: actions/setup-java@v4
         with:
-          distribution: liberica
           java-version: 17
-      - name: Setup Gradle
+          distribution: liberica
+      - name: "🐘 Setup Gradle"
         uses: gradle/actions/setup-gradle@v4
         with:
-          develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-      - name: Publish to Artifactory (repo.grails.org)
-        run: ./gradlew -Dorg.gradle.internal.publish.checksums.insecure=true publish
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: "📤 Publish Snapshot to repo.grails.org"
         env:
-          DEVELOCITY_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }}
-          DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
-          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
-          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+          GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          GRADLE_PUBLISH_RELEASE: 'false'
+          MAVEN_PUBLISH_USERNAME: ${{ secrets.MAVEN_PUBLISH_USERNAME }}
+          MAVEN_PUBLISH_PASSWORD: ${{ secrets.MAVEN_PUBLISH_PASSWORD }}
+          MAVEN_PUBLISH_URL: ${{ secrets.MAVEN_PUBLISH_SNAPSHOT_URL }}
+        run: ./gradlew --no-build-cache publish
   trigger-build-gorm-impls:
     if: github.event_name == 'push'
-    needs: ["build", "publish"]
-    runs-on: ubuntu-latest
+    needs: [build, publish]
+    runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
-      - name: Extract branch name
+      - name: "📝 Store the target branch"
         id: extract_branch
-        run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT
-      - name: Create Snapshot Message for the Workflow Dispatch
+        run: |
+          echo "🔍 Determine Target Branch"
+          TARGET_BRANCH=${GITHUB_REF#refs/heads/}
+          echo $TARGET_BRANCH
+          echo "value=${TARGET_BRANCH}" >> $GITHUB_OUTPUT
+      - name: "📝 Create Snapshot Message for the Workflow Dispatch"
         id: dispatch_message
-        run: echo "value={\"message\":\"New Core Snapshot $(date) - $GITHUB_SHA\"}" >> $GITHUB_OUTPUT
-      - name: Invoke the Java CI workflow in GORM Hibernate5
-        uses: benc-uk/[email protected]
+        run: echo "value={\"message\":\"New Data Mapping Snapshots $(date) - $GITHUB_SHA\"}" >> $GITHUB_OUTPUT
+      - name: "📡 Invoke the Java CI workflow in GORM Hibernate5"
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4 (Use commit sha as this is a 3rd party action)
         with:
           workflow: Java CI
           repo: grails/gorm-hibernate5
           ref: ${{ steps.extract_branch.outputs.value }}
           token: ${{ secrets.GH_TOKEN }}
-      - name: Invoke the Java CI workflow in GORM Hibernate6
-        uses: benc-uk/[email protected]
+      - name: "📡 Invoke the Java CI workflow in GORM Hibernate6"
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4 (Use commit sha as this is a 3rd party action)
         with:
           workflow: Java CI
           repo: grails/gorm-hibernate6
           ref: ${{ steps.extract_branch.outputs.value }}
           token: ${{ secrets.GH_TOKEN }}
-      - name: Invoke the Java CI workflow in GORM MongoDB
-        uses: benc-uk/[email protected]
+      - name: "📡 Invoke the Java CI workflow in GORM MongoDB"
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4 (Use commit sha as this is a 3rd party action)
         with:
           workflow: Java CI
           repo: grails/gorm-mongodb
           ref: ${{ steps.extract_branch.outputs.value }}
           token: ${{ secrets.GH_TOKEN }}
           inputs: ${{ steps.dispatch_message.outputs.value }}
-      - name: Invoke the Java CI workflow in GORM Neo4j
-        uses: benc-uk/[email protected]
+      - name: "📡 Invoke the Java CI workflow in GORM Neo4j"
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4 (Use commit sha as this is a 3rd party action)
         with:
           workflow: Java CI
           repo: grails/gorm-neo4j

diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml
@@ -9,17 +9,19 @@ on:
   workflow_dispatch:
 permissions:
   contents: read
+  packages: read
 jobs:
   build_groovy:
-    runs-on: ubuntu-latest
+    name: "Build Groovy"
+    runs-on: ubuntu-24.04
     outputs:
       groovyVersion: ${{ steps.groovy-version.outputs.value }}
     steps:
       - name: "☕️ Setup JDK"
         uses: actions/setup-java@v4
         with:
-          distribution: liberica
           java-version: 17
+          distribution: liberica
       - name: "🗄️ Cache local Maven repository"
         uses: actions/cache@v4
         with:
@@ -45,8 +47,8 @@ jobs:
       - name: "🐘 Setup Gradle"
         uses: gradle/actions/setup-gradle@v4
         with:
-          develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-      - name: "📝 Store Groovy version to use when building this project"
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: "📝 Store Groovy version to use when building the project"
         id: groovy-version
         run: |
           cd groovy
@@ -68,27 +70,20 @@ jobs:
         run: |
           echo "VALUE<<EOF" >> $GITHUB_OUTPUT
           echo "def isAuthenticated = System.getenv('DEVELOCITY_ACCESS_KEY') != null" >> $GITHUB_OUTPUT
-          echo "def isBuildCacheAuthenticated =" >> $GITHUB_OUTPUT
-          echo "        System.getenv('DEVELOCITY_BUILD_CACHE_NODE_USER') != null &&" >> $GITHUB_OUTPUT
-          echo "        System.getenv('DEVELOCITY_BUILD_CACHE_NODE_KEY') != null" >> $GITHUB_OUTPUT
-          echo "" >> $GITHUB_OUTPUT
           echo "develocity {" >> $GITHUB_OUTPUT
           echo "    server = 'https://ge.grails.org'" >> $GITHUB_OUTPUT
           echo "    buildScan {" >> $GITHUB_OUTPUT
+          echo "        tag('groovy')" >> $GITHUB_OUTPUT
+          echo "        tag('grails-datamapping')" >> $GITHUB_OUTPUT
           echo "        publishing.onlyIf { isAuthenticated }" >> $GITHUB_OUTPUT
           echo "        uploadInBackground = false" >> $GITHUB_OUTPUT
           echo "    }" >> $GITHUB_OUTPUT
           echo "}" >> $GITHUB_OUTPUT
-          echo "" >> $GITHUB_OUTPUT
           echo "buildCache {" >> $GITHUB_OUTPUT
           echo "    local { enabled = false }" >> $GITHUB_OUTPUT
           echo "    remote(develocity.buildCache) {" >> $GITHUB_OUTPUT
-          echo "        push = isBuildCacheAuthenticated" >> $GITHUB_OUTPUT
+          echo "        push = isAuthenticated" >> $GITHUB_OUTPUT
           echo "        enabled = true" >> $GITHUB_OUTPUT
-          echo "        usernameAndPassword(" >> $GITHUB_OUTPUT
-          echo "            System.getenv('DEVELOCITY_BUILD_CACHE_NODE_USER') ?: ''," >> $GITHUB_OUTPUT
-          echo "            System.getenv('DEVELOCITY_BUILD_CACHE_NODE_KEY') ?: ''" >> $GITHUB_OUTPUT
-          echo "        )" >> $GITHUB_OUTPUT
           echo "    }" >> $GITHUB_OUTPUT
           echo "}" >> $GITHUB_OUTPUT
           echo "" >> $GITHUB_OUTPUT
@@ -105,42 +100,37 @@ jobs:
           # Add Develocity setup related configuration after line no 22 in gradle/build-scans.gradle
           echo "${{ steps.develocity-conf-2.outputs.value }}" | sed -i -e "22r /dev/stdin" gradle/build-scans.gradle
       - name: "🔨 Publish Groovy to local maven repository (no docs)"
-        env:
-          DEVELOCITY_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }}
-          DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
-          GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
         run: |
           cd groovy
           ./gradlew pTML -x groovydoc -x javadoc -x javadocAll -x groovydocAll -x asciidoc -x docGDK
 
   build_project:
-    needs: [build_groovy]
+    name: "Build Project"
+    needs: build_groovy
     runs-on: ubuntu-latest
     steps:
       - name: "📥 Checkout project"
         uses: actions/checkout@v4
       - name: "☕️ Setup JDK"
         uses: actions/setup-java@v4
         with:
-          distribution: liberica
           java-version: 17
+          distribution: liberica
       - name: "🐘 Setup Gradle"
         uses: gradle/actions/setup-gradle@v4
         with:
-          develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       - name: "🗄️ Restore local Maven repository from cache"
         uses: actions/cache@v4
         with:
           path: ~/.m2/repository
           key: cache-local-maven-${{ github.sha }}
       - name: "🪶 Add mavenLocal repository to build"
         run: sed -i 's|// mavenLocal() // Keep|mavenLocal() // Keep|' build.gradle
-      - name: "🔨 Build and test project using the locally built Groovy snapshot"
+      - name: "🔨 Build and test the project using the locally built Groovy snapshot"
         env:
-          DEVELOCITY_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }}
-          DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
           GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
         run: >
-          ./gradlew build
+          ./gradlew build --continue
           -PgroovyVersion=${{needs.build_groovy.outputs.groovyVersion}}
-          -x groovydoc
+          -x groovydoc
diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
@@ -1,4 +1,4 @@
-name: Changelog
+name: "Release Drafter"
 on:
   issues:
     types: [closed,reopened]
@@ -8,42 +8,15 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
   pull_request_target:
-    types: [opened, reopened, synchronize]          
+    types: [opened, reopened, synchronize]
   workflow_dispatch:
 jobs:
-  release_notes:
+  update_release_draft:
+    permissions:
+      contents: read # limit to read access
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - name: Check if it has release drafter config file
-        id: check_release_drafter
-        run: |
-          has_release_drafter=$([ -f .github/release-drafter.yml ] && echo "true" || echo "false")
-          echo "has_release_drafter=${has_release_drafter}" >> $GITHUB_OUTPUT
-      - name: Extract branch name
-        id: extract_branch
-        run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT
-      # If it has release drafter:
-      - uses: release-drafter/release-drafter@v6
-        if: steps.check_release_drafter.outputs.has_release_drafter == 'true'
+      - name: "📝 Update Release Draft"
+        uses: release-drafter/release-drafter@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-      # Otherwise:
-      - name: Export Gradle Properties
-        if: steps.check_release_drafter.outputs.has_release_drafter == 'false'
-        uses: grails/github-actions/export-gradle-properties@main
-      - uses: grails/github-actions/release-notes@main
-        if: steps.check_release_drafter.outputs.has_release_drafter == 'false'
-        id: release_notes
-        with:
-          token: ${{ secrets.GH_TOKEN }}
-      - uses: ncipollo/release-action@v1
-        if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true'
-        with:
-          allowUpdates: true
-          commit: ${{ steps.release_notes.outputs.current_branch }}
-          draft: true
-          name: ${{ env.title }} ${{ steps.release_notes.outputs.next_version }}
-          tag: v${{ steps.release_notes.outputs.next_version }}
-          bodyFile: CHANGELOG.md
-          token: ${{ secrets.GH_TOKEN }}