Merge remote-tracking branch 'refs/remotes/apache/2.x' into fix/2.x/throwable-proxy-clean-up

Author: ppkarwasz

.asf.yaml

@@ -16,7 +16,7 @@
 #
 
 # `.asf.yaml` is a branch-specific YAML configuration file for Git repositories to control features such as notifications, GitHub settings, etc.
-# See its documentation for details: https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features
+# See its documentation for details: https://github.com/apache/infrastructure-asfyaml
 
 # Bare minimum `notifications` to
 #
@@ -31,12 +31,15 @@ notifications:
   pullrequests: [email protected]
   pullrequests_bot_dependabot: [email protected]
   jira_options: link label worklog
+  discussions: [email protected]
 
 github:
   description: "Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java."
   homepage: https://logging.apache.org/log4j/2.x
   features:
     issues: true
+    discussions: true
+    projects: true
   del_branch_on_merge: true
   autolink_jira:
     - LOG4J2
@@ -60,8 +63,39 @@ github:
     merge:   false
     rebase:  false
 
+  # Enforce Review-then-Commit
   protected_branches:
-    main:
-      required_signatures: true
     2.x:
+      # All commits must be signed
+      required_signatures: true
+      # All reviews must be addressed before merging
+      required_conversation_resolution: true
+      # Require checks to pass before merging
+      required_status_checks:
+        checks:
+          # The GitHub Actions app: 15368
+          - app_id: 15368
+            context: "build / build (ubuntu-latest)"
+          # The GitHub Advanced Security app: 57789
+          - app_id: 57789
+            context: "CodeQL"
+      # At least one positive review must be present
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+    main:
+      # All commits must be signed
       required_signatures: true
+      # All reviews must be addressed before merging
+      required_conversation_resolution: true
+      # Require checks to pass before merging
+      required_status_checks:
+        checks:
+          # The GitHub Actions app: 15368
+          - app_id: 15368
+            context: "build / build (ubuntu-latest)"
+          # The GitHub Advanced Security app: 57789
+          - app_id: 57789
+            context: "CodeQL"
+      # At least one positive review must be present
+      required_pull_request_reviews:
+        required_approving_review_count: 1

.cherry_picker.toml

@@ -0,0 +1,24 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+team = "apache"
+repo = "logging-log4j2"
+check_sha= "3da98f7c9de9bf4abb17e10dad678e05ab658a3a"
+fix_commit_msg = false
+default_branch = "2.x"
+require_version_in_branch_name=false
+draft_pr = true

.github/FUNDING.yml

@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+##
+# This file controls the "Sponsor" button in this repo.
+# For details see:
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
+#
+# This list includes in the same order, committers of Log4j listed on:
+# https://logging.apache.org/support.html#sponsors
+github:
+  - carterkozak
+  - garydgregory
+  - jvz
+  - ppkarwasz
+  - rgoers
+  - vy

.github/dependabot.yaml

@@ -45,7 +45,6 @@ updates:
 
   - package-ecosystem: maven
     directories:
-      - "/"
       - "/log4j-1.2-api"
       - "/log4j-api-test"
       - "/log4j-api"
@@ -59,6 +58,7 @@ updates:
       - "/log4j-docker"
       - "/log4j-fuzz-test"
       - "/log4j-iostreams"
+      - "/log4j-jakarta-jms"
       - "/log4j-jakarta-smtp"
       - "/log4j-jakarta-web"
       - "/log4j-jcl"
@@ -163,7 +163,6 @@ updates:
   - package-ecosystem: maven
     directories:
       - "/log4j-mongodb4"
-      - "/log4j-slf4j-impl"
     open-pull-requests-limit: 10
     schedule:
       interval: "daily"
@@ -174,9 +173,6 @@ updates:
       # MongoDB 4.x should only upgrade to 4.x
       - dependency-name: "org.mongodb:*"
         versions: [ "[5,)" ]
-      # SLF4J 1.7.x should only upgrade to 1.7.x and
-      - dependency-name: "org.slf4j:slf4j-api"
-        versions: [ "[1,)" ]
 
   - package-ecosystem: github-actions
     directory: "/"

.github/generate-email.sh

@@ -28,12 +28,12 @@ stderr() {
 
 fail_for_invalid_args() {
     stderr "Invalid arguments!"
-    stderr "Expected arguments: <vote|announce> <version> <commitId>"
+    stderr "Expected arguments: <vote|announce> <version> <commitId> <nexusUrl>"
     exit 1
 }
 
 # Check arguments
-[ $# -ne 3 ] && fail_for_invalid_args
+[ $# -ne 4 ] && fail_for_invalid_args
 
 # Constants
 PROJECT_NAME="Apache Log4j"
@@ -43,6 +43,7 @@ PROJECT_SITE="https://logging.apache.org/$PROJECT_ID"
 PROJECT_STAGING_SITE="${PROJECT_SITE/apache.org/staged.apache.org}"
 PROJECT_REPO="https://github.com/apache/logging-log4j2"
 COMMIT_ID="$3"
+NEXUS_URL="$4"
 PROJECT_DIST_URL="https://dist.apache.org/repos/dist/dev/logging/$PROJECT_ID/$PROJECT_VERSION"
 
 # Check release notes file
@@ -71,7 +72,7 @@ Website: $PROJECT_STAGING_SITE/$PROJECT_VERSION/index.html
 GitHub: $PROJECT_REPO
 Commit: $COMMIT_ID
 Distribution: $PROJECT_DIST_URL
-Nexus: https://repository.apache.org/content/repositories/orgapachelogging-<FIXME>
+Nexus: $NEXUS_URL
 Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
 Review kit: https://logging.apache.org/logging-parent/release-review-instructions.html
 

.github/workflows/build.yaml

@@ -30,21 +30,21 @@ jobs:
 
   build:
     if: github.actor != 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0
     secrets:
-      DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.GE_ACCESS_TOKEN }}
+      DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.DEVELOCITY_ACCESS_KEY }}
     with:
       java-version: |
         8
         17
       site-enabled: true
-      reproducibility-check-enabled: ${{ startsWith(github.ref_name, 'release/') }}
+      reproducibility-check-enabled: false
       develocity-enabled: ${{ ! startsWith(github.ref_name, 'release/') }}
 
   deploy-snapshot:
     needs: build
     if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x'
-    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/12.1.0
     # Secrets for deployments
     secrets:
       NEXUS_USERNAME: ${{ secrets.NEXUS_USER }}
@@ -57,7 +57,7 @@ jobs:
   deploy-release:
     needs: build
     if: github.repository == 'apache/logging-log4j2' && startsWith(github.ref_name, 'release/')
-    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/12.1.0
     # Secrets for deployments
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -73,3 +73,25 @@ jobs:
         8
         17
       project-id: log4j
+
+  verify-reproducibility:
+    needs: [ deploy-snapshot, deploy-release ]
+    if: ${{ always() && (needs.deploy-snapshot.result == 'success' || needs.deploy-release.result == 'success') }}
+    name: "verify-reproducibility (${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.project-version || needs.deploy-snapshot.outputs.project-version }})"
+    uses: apache/logging-parent/.github/workflows/verify-reproducibility-reusable.yaml@rel/12.1.0
+    with:
+      nexus-url: ${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.nexus-url || 'https://repository.apache.org/content/groups/snapshots' }}
+      # Encode the `runs-on` input as JSON array
+      runs-on: '["ubuntu-latest", "macos-latest", "windows-latest"]'
+
+  # Run integration-tests automatically after a snapshot or RC is published
+  integration-test:
+    needs: [ deploy-snapshot, deploy-release ]
+    if: ${{ always() && (needs.deploy-snapshot.result == 'success' || needs.deploy-release.result == 'success') }}
+    name: "integration-test (${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.project-version || needs.deploy-snapshot.outputs.project-version }})"
+    uses: apache/logging-log4j-samples/.github/workflows/integration-test.yaml@main
+    with:
+      log4j-version: ${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.project-version || needs.deploy-snapshot.outputs.project-version }}
+      log4j-repository-url: ${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.nexus-url || needs.deploy-snapshot.outputs.nexus-url }}
+      # Use the `main` branch of `logging-log4j-samples`
+      samples-ref: 'refs/heads/main'

.github/workflows/codeql-analysis.yaml

@@ -30,7 +30,7 @@ permissions: read-all
 jobs:
 
   analyze:
-    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/12.1.0
     with:
       java-version: |
         8

.github/workflows/deploy-site.yaml

@@ -33,7 +33,7 @@ jobs:
 
   deploy-site-stg:
     if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x'
-    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.1.0
     # Secrets for committing the generated site
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -51,7 +51,7 @@ jobs:
 
   deploy-site-pro:
     if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x-site-pro'
-    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.1.0
     # Secrets for committing the generated site
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -81,7 +81,7 @@ jobs:
 
   deploy-site-rel:
     needs: export-version
-    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.1.0
     # Secrets for committing the generated site
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}

.github/workflows/develocity-publish-build-scans.yaml

@@ -31,10 +31,12 @@ jobs:
     steps:
 
       - name: Setup Build Scan link capture
-        uses: gradle/develocity-actions/maven-setup@9f1bf05334de7eb619731d5466c35a153742311d   # 1.2
+        uses: gradle/develocity-actions/setup-maven@b8d3a572314ffff3b940a2c1b7b384d4983d422d   # 1.3
+        with:
+          capture-build-scan-links: true
 
       - name: Publish Build Scans
-        uses: gradle/develocity-actions/maven-publish-build-scan@9f1bf05334de7eb619731d5466c35a153742311d   # 1.2
+        uses: gradle/develocity-actions/maven-publish-build-scan@b8d3a572314ffff3b940a2c1b7b384d4983d422d   # 1.3
         with:
-          develocity-url: 'https://ge.apache.org'
-          develocity-access-key: ${{ secrets.GE_ACCESS_TOKEN }}
+          develocity-url: 'https://develocity.apache.org'
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

.github/workflows/merge-dependabot.yaml

@@ -30,9 +30,9 @@ jobs:
 
   build:
     if: github.repository == 'apache/logging-log4j2' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0
     secrets:
-      DV_ACCESS_TOKEN: ${{ secrets.GE_ACCESS_TOKEN }}
+      DV_ACCESS_TOKEN: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     with:
       java-version: |
         8
@@ -42,7 +42,7 @@ jobs:
 
   merge-dependabot:
     needs: build
-    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/11.3.0
+    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/12.1.0
     with:
       java-version: 17
     permissions: