spring-projects
diff --git a/‎.github/dependabot.template.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/dependabot.template.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/dependabot.yml‎
Lines changed: 22 additions & 41 deletions b/‎.github/dependabot.yml‎
Lines changed: 22 additions & 41 deletions
diff --git a/‎.github/workflows/continuous-integration-workflow.yml‎
Lines changed: 9 additions & 16 deletions b/‎.github/workflows/continuous-integration-workflow.yml‎
Lines changed: 9 additions & 16 deletions
diff --git a/‎.github/workflows/mark-duplicate-dependabot-prs.yml‎
Lines changed: 45 additions & 0 deletions b/‎.github/workflows/mark-duplicate-dependabot-prs.yml‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎.github/workflows/merge-dependabot-pr.yml‎
Lines changed: 12 additions & 1 deletion b/‎.github/workflows/merge-dependabot-pr.yml‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎.github/workflows/milestone-spring-releasetrain.yml‎
Lines changed: 7 additions & 12 deletions b/‎.github/workflows/milestone-spring-releasetrain.yml‎
Lines changed: 7 additions & 12 deletions
diff --git a/‎.github/workflows/pr-build-workflow.yml‎
Lines changed: 11 additions & 4 deletions b/‎.github/workflows/pr-build-workflow.yml‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎.github/workflows/release-scheduler.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-scheduler.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/update-antora-ui-spring.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/update-antora-ui-spring.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/update-scheduled-release-version.yml‎
Lines changed: 10 additions & 0 deletions b/‎.github/workflows/update-scheduled-release-version.yml‎
Lines changed: 10 additions & 0 deletions
@@ -36,6 +36,5 @@ updates:
     schedule:
       interval: weekly
     ignore:
-      - dependency-name: "sjohnr/*"
       - dependency-name: "spring-io/*"
       - dependency-name: "spring-security-release-tools/*"
@@ -5,7 +5,7 @@ registries:
     url: https://repo.spring.io/milestone
 updates:
   - package-ecosystem: gradle
-    target-branch: 5.8.x
+    target-branch: 6.4.x
     directory: /
     schedule:
       interval: daily
@@ -30,32 +30,7 @@ updates:
           - version-update:semver-major
           - version-update:semver-minor
   - package-ecosystem: gradle
-    target-branch: 6.1.x
-    directory: /
-    schedule:
-      interval: daily
-      time: '03:00'
-      timezone: Etc/UTC
-    labels:
-      - 'type: dependency-upgrade'
-    registries:
-      - spring-milestones
-    ignore:
-      - dependency-name: com.nimbusds:nimbus-jose-jwt
-      - dependency-name: org.python:jython
-      - dependency-name: org.apache.directory.server:*
-      - dependency-name: org.junit:junit-bom
-        update-types:
-          - version-update:semver-major
-      - dependency-name: org.mockito:mockito-bom
-        update-types:
-          - version-update:semver-major
-      - dependency-name: '*'
-        update-types:
-          - version-update:semver-major
-          - version-update:semver-minor
-  - package-ecosystem: gradle
-    target-branch: 6.2.x
+    target-branch: 6.3.x
     directory: /
     schedule:
       interval: daily
@@ -107,9 +82,9 @@ updates:
       - dependency-name: '*'
         update-types:
           - version-update:semver-major
-          - version-update:semver-minor
+
   - package-ecosystem: github-actions
-    target-branch: 5.8.x
+    target-branch: 6.4.x
     directory: /
     schedule:
       interval: weekly
@@ -119,7 +94,7 @@ updates:
     ignore:
       - dependency-name: sjohnr/*
   - package-ecosystem: github-actions
-    target-branch: 6.1.x
+    target-branch: 6.3.x
     directory: /
     schedule:
       interval: weekly
@@ -129,38 +104,44 @@ updates:
     ignore:
       - dependency-name: sjohnr/*
   - package-ecosystem: github-actions
-    target-branch: 6.2.x
+    target-branch: main
     directory: /
     schedule:
       interval: weekly
     labels:
       - 'type: task'
       - 'in: build'
-    ignore:
-      - dependency-name: sjohnr/*
   - package-ecosystem: github-actions
-    target-branch: main
+    target-branch: docs-build
     directory: /
     schedule:
       interval: weekly
     labels:
       - 'type: task'
       - 'in: build'
-    ignore:
-      - dependency-name: sjohnr/*
-  - package-ecosystem: github-actions
+
+  - package-ecosystem: npm
     target-branch: docs-build
     directory: /
     schedule:
       interval: weekly
     labels:
       - 'type: task'
       - 'in: build'
-    ignore:
-      - dependency-name: sjohnr/*
 
   - package-ecosystem: npm
-    target-branch: docs-build
-    directory: /
+    target-branch: main
+    directory: /docs
+    schedule:
+      interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'
+  - package-ecosystem: npm
+    target-branch: 6.3.x
+    directory: /docs
     schedule:
       interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'
@@ -9,7 +9,7 @@ on:
   workflow_dispatch: # Manual trigger
 
 env:
-  DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
 permissions:
   contents: read
@@ -39,7 +39,7 @@ jobs:
             toolchain: 17
     with:
       java-version: ${{ matrix.java-version }}
-      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.1.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2023.1.+ --stacktrace
+      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.2.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2024.0.+ --stacktrace
     secrets: inherit
   check-samples:
     name: Check Samples
@@ -63,7 +63,7 @@ jobs:
           samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}')
           ./gradlew publishMavenJavaPublicationToLocalRepository
           ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR"
-          ./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" :runAllTests
+          ./gradlew --refresh-dependencies --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" test integrationTest
   check-tangles:
     name: Check for Package Tangles
     runs-on: ubuntu-latest
@@ -113,20 +113,13 @@ jobs:
       artifact-path: org/springframework/security/spring-security-core
       slack-announcing-id: spring-security-announcing
     secrets: inherit
-  notify_result:
-    name: Check for failures
+  send-notification:
+    name: Send Notification
     needs: [ perform-release ]
-    if: failure()
+    if: ${{ failure() || cancelled() }}
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
     steps:
-      - name: Send Slack message
-        # Workaround while waiting for Gamesight/slack-workflow-status#38 to be fixed
-        # See https://github.com/Gamesight/slack-workflow-status/issues/38
-        uses: sjohnr/slack-workflow-status@v1-beta
+      - name: Send Notification
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
         with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
-          channel: '#spring-security-ci'
-          name: 'CI Notifier'
+          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
@@ -0,0 +1,45 @@
+name: Mark Duplicate Dependabot PRs
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  check_duplicate_prs:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.merged == true && github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Extract Dependency Name from PR Title
+        id: extract
+        run: |
+          PR_TITLE="${{ github.event.pull_request.title }}"
+          DEPENDENCY_NAME=$(echo "$PR_TITLE" | awk -F ' from ' '{print $1}')
+          echo "dependency_name=$DEPENDENCY_NAME" >> $GITHUB_OUTPUT
+
+      - name: Find PRs
+        id: find_duplicates
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PRS=$(gh pr list --search 'milestone:${{ github.event.pull_request.milestone.title }} is:merged in:title "${{ steps.extract.outputs.dependency_name }}"' --json number --jq 'map(.number) | join(",")')
+          echo "prs=$PRS" >> $GITHUB_OUTPUT
+
+      - name: Label Duplicate PRs
+        if: steps.find_duplicates.outputs.prs != ''
+        env:
+          PRS: ${{ steps.find_duplicates.outputs.prs }}
+          CURRENT_PR_NUMBER: ${{ github.event.pull_request.number }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
+        run: |
+          for i in ${PRS//,/ }
+          do
+            if [ ! $i -eq "$CURRENT_PR_NUMBER" ]; then
+              echo "Marking PR $i as duplicate"
+              gh pr edit "$i" --add-label "status: duplicate"
+              gh pr comment "$i" --body "Duplicate of #$CURRENT_PR_NUMBER"
+            fi
+          done
@@ -8,8 +8,9 @@ permissions: write-all
 
 jobs:
   merge-dependabot-pr:
+    name: Merge Dependabot PR
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
     steps:
 
       - uses: actions/checkout@v4
@@ -50,3 +51,13 @@ jobs:
         run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase
         env:
           GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+  send-notification:
+    name: Send Notification
+    needs: [ merge-dependabot-pr ]
+    if: ${{ failure() || cancelled() }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Notification
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        with:
+          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
@@ -23,18 +23,13 @@ jobs:
         export TOOL_VERSION=0.1.1
         wget "https://repo.maven.apache.org/maven2/io/spring/releasetrain/spring-release-train-tools/$TOOL_VERSION/spring-release-train-tools-$TOOL_VERSION.jar"
         java -cp "spring-release-train-tools-$TOOL_VERSION.jar" io.spring.releasetrain.CheckMilestoneDueOnMain --dueOn "$DUE_ON" --expectedDayOfWeek MONDAY --expectedMondayCount 3
-  notify_result:
-    name: Check for failures
-    needs: [spring-releasetrain-checks]
-    if: failure()
+  send-notification:
+    name: Send Notification
+    needs: [ spring-releasetrain-checks ]
+    if: ${{ failure() || cancelled() }}
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
     steps:
-      - name: Send Slack message
-        uses: Gamesight/slack-workflow-status@v1.3.0
+      - name: Send Notification
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
         with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
-          channel: '#spring-security-ci'
-          name: 'CI Notifier'
+          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
@@ -2,9 +2,6 @@ name: PR Build
 
 on: pull_request
 
-env:
-  DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
-
 permissions:
   contents: read
 
@@ -21,7 +18,7 @@ jobs:
           java-version: '17'
           distribution: 'temurin'
       - name: Build with Gradle
-        run: ./gradlew clean build --continue
+        run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue --scan
   generate-docs:
     name: Generate Docs
     runs-on: ubuntu-latest
@@ -42,3 +39,13 @@ jobs:
           name: docs
           path: docs/build/site
           overwrite: true
+  send-notification:
+    name: Send Notification
+    needs: [ build, generate-docs ]
+    if: ${{ failure() && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Notification
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        with:
+          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
@@ -11,7 +11,7 @@ jobs:
     strategy:
       matrix:
         # List of active maintenance branches.
-        branch: [ main, 6.2.x, 6.1.x, 5.8.x ]
+        branch: [ main, 6.4.x, 6.3.x, 6.2.x, 5.8.x ]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
 
@@ -16,9 +16,9 @@ jobs:
     name: Update on Supported Branches
     strategy:
       matrix:
-        branch: [ '5.8.x', '6.1.x', '6.2.x', 'main' ]
+        branch: [ '5.8.x', '6.2.x', '6.3.x', 'main' ]
     steps:
-      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@17ed79ea5fbd65813c69ef1062a024d4a37ff0ca
+      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@852920ba3fb1f28b35a2f13201133bc00ef33677
         name: Update
         with:
           docs-branch: ${{ matrix.branch }}
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Update on docs-build
     steps:
-      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@17ed79ea5fbd65813c69ef1062a024d4a37ff0ca
+      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@852920ba3fb1f28b35a2f13201133bc00ef33677
         name: Update
         with:
           docs-branch: 'docs-build'
 
@@ -11,3 +11,13 @@ jobs:
     name: Update Scheduled Release Version
     uses: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml@v1
     secrets: inherit
+  send-notification:
+    name: Send Notification
+    needs: [ update-scheduled-release-version ]
+    if: ${{ failure() || cancelled() }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Notification
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        with:
+          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}