Merge branch '3.1.x' into 3.2.x

Closes gh-2713

Author: marcusdacoregio

.github/workflows/continuous-integration-workflow.yml

@@ -8,99 +8,42 @@ on:
     - cron: '0 10 * * *' # Once per day at 10am UTC
   workflow_dispatch: # Manual trigger
 
-env:
-  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
-  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
-  ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
-  ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
-
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-latest
-    if: github.repository == 'spring-projects/spring-session'
+    uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@v1
     strategy:
       matrix:
-        jdk: [17]
-      fail-fast: false
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK ${{ matrix.jdk }}
-        uses: actions/setup-java@v4
-        with:
-          java-version: ${{ matrix.jdk }}
-          distribution: 'temurin'
-          cache: 'gradle'
-      - name: Setup gradle user name
-        run: |
-          mkdir -p ~/.gradle
-          echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
-      - name: Cache Gradle packages
-        uses: actions/cache@v3
-        with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
-      - name: Build with Gradle
-        run: |
-          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
-          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
-          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
-          ./gradlew clean build -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --no-daemon --stacktrace
-  artifacts:
+        os: [ ubuntu-latest ]
+        jdk: [ 17 ]
+    with:
+      runs-on: ${{ matrix.os }}
+      java-version: ${{ matrix.jdk }}
+      distribution: temurin
+    secrets: inherit
+  deploy-artifacts:
     name: Deploy Artifacts
-    needs: [build]
-    runs-on: ubuntu-latest
-    if: github.repository == 'spring-projects/spring-session'
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          cache: 'gradle'
-      - name: Setup gradle user name
-        run: |
-          mkdir -p ~/.gradle
-          echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
-      - name: Deploy artifacts
-        run: |
-          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
-          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
-          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
-          ./gradlew publishArtifacts finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace
-        env:
-          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
-          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
-          OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
-          OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
-          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
-          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
-  docs:
+    needs: [ build ]
+    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1
+    with:
+      should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }}
+    secrets: inherit
+  deploy-docs:
     name: Deploy Docs
-    needs: [build]
-    runs-on: ubuntu-latest
-    if: github.repository == 'spring-projects/spring-session'
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          cache: 'gradle'
-      - name: Setup gradle user name
-        run: |
-          mkdir -p ~/.gradle
-          echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
-      - name: Deploy Docs
-        run: |
-          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
-          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
-          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
-          ./gradlew deployDocs --no-daemon -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
-        env:
-          DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
-          DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
-          DOCS_HOST: ${{ secrets.DOCS_HOST }}
+    needs: [ build ]
+    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-docs.yml@v1
+    with:
+      should-deploy-docs: ${{ needs.build.outputs.should-deploy-artifacts }}
+    secrets: inherit
+  perform-release:
+    name: Perform Release
+    needs: [ deploy-artifacts, deploy-docs ]
+    uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@v1
+    with:
+      should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }}
+      project-version: ${{ needs.deploy-artifacts.outputs.project-version }}
+      milestone-repo-url: https://repo.spring.io/artifactory/milestone
+      release-repo-url: https://repo1.maven.org/maven2
+      artifact-path: org/springframework/session/spring-session-core
+      slack-announcing-id: spring-session-announcing
+    secrets: inherit

.github/workflows/release-scheduler.yml

@@ -0,0 +1,27 @@
+name: Release Scheduler
+
+on:
+  schedule:
+    - cron: '15 13 * * TUE' # Every Tuesday at 13:15pm UTC
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  dispatch_scheduled_releases:
+    name: Dispatch scheduled releases
+    if: ${{ github.repository_owner == 'spring-projects' }}
+    strategy:
+      matrix:
+        # List of active maintenance branches.
+        branch: [ main, 3.2.x, 3.1.x ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - name: Dispatch
+        env:
+          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+        run: gh workflow run update-scheduled-release-version.yml -r ${{ matrix.branch }}

.github/workflows/update-scheduled-release-version.yml

@@ -0,0 +1,10 @@
+name: Update Scheduled Release Version
+
+on:
+  workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.yml on main.
+
+jobs:
+  update-scheduled-release-version:
+    name: Update Scheduled Release Version
+    uses: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml@v1
+    secrets: inherit

build.gradle

@@ -30,6 +30,7 @@ plugins {
 }
 
 apply plugin: 'io.spring.convention.root'
+apply plugin: 'io.spring.security.release'
 
 group = 'org.springframework.session'
 description = 'Spring Session'
@@ -56,3 +57,13 @@ nohttp {
 	source.exclude "spring-session-docs/.gradle/nodejs/**"
 	source.exclude "spring-session-docs/modules/ROOT/examples/**/build/**"
 }
+
+springRelease {
+	repositoryOwner = "spring-projects"
+	repositoryName = "spring-session"
+	weekOfMonth = 3
+	dayOfWeek = 2
+	referenceDocUrl = "https://docs.spring.io/spring-session/reference/{version}/index.html"
+	apiDocUrl = "https://docs.spring.io/spring-session/docs/{version}/api/"
+	replaceSnapshotVersionInReferenceDocUrl = true
+}

buildSrc/build.gradle

@@ -4,13 +4,14 @@ plugins {
     id "groovy"
 }
 
-sourceCompatibility = JavaVersion.VERSION_11
+sourceCompatibility = JavaVersion.VERSION_17
 
 repositories {
     jcenter()
     gradlePluginPortal()
     mavenCentral()
     maven { url 'https://repo.spring.io/plugins-release/' }
+    maven { url 'https://repo.spring.io/snapshot' }
 }
 
 sourceSets {
@@ -74,6 +75,7 @@ dependencies {
     implementation 'org.jfrog.buildinfo:build-info-extractor-gradle:4.29.4'
     implementation 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7.1'
     implementation libs.com.squareup.okhttp3.okhttp
+    implementation libs.io.spring.security.release.plugin
 
     testImplementation platform('org.junit:junit-bom:5.8.2')
     testImplementation "org.junit.jupiter:junit-jupiter-api"

gradle/libs.versions.toml

@@ -63,5 +63,6 @@ org-springframework-spring-framework-bom = "org.springframework:spring-framework
 org-springframework-boot-spring-boot-dependencies = { module = "org.springframework.boot:spring-boot-dependencies", version.ref = "org-springframework-boot" }
 org-springframework-boot-spring-boot-gradle-plugin = { module = "org.springframework.boot:spring-boot-gradle-plugin", version.ref = "org-springframework-boot" }
 org-testcontainers-testcontainers-bom = { module = "org.testcontainers:testcontainers-bom", version.ref = "org-testcontainers" }
+io-spring-security-release-plugin = "io.spring.gradle:spring-security-release-plugin:1.0.1-SNAPSHOT"
 
 [plugins]

scripts/release/release-notes-sections.yml

@@ -1,17 +1,25 @@
 changelog:
+  repository: spring-projects/spring-session
   issues:
     exclude:
-      labels: ["duplicate", "invalid", "declined"]
+      labels: ["status: duplicate", "status: invalid", "status: declined"]
+    ports:
+      - label: "status: forward-port"
+        bodyExpression: 'Forward port of issue #(\d+).*'
   sections:
-    - title: "New Features"
-      emoji: ":star:"
-      labels: ["enhancement"]
-    - title: "Bug Fixes"
-      emoji: ":beetle:"
-      labels: ["bug", "regression"]
-    - title: "Dependency Upgrades"
-      emoji: ":hammer:"
-      labels: ["dependency-upgrade"]
-    - title: "Non-passive"
-      emoji: ":rewind:"
-      labels: ["breaks-passivity"]
+    - title: ":star: New Features"
+      labels: [ "type: enhancement" ]
+      sort: "title"
+    - title: ":beetle: Bug Fixes"
+      labels: [ "type: bug", "type: regression" ]
+      sort: "title"
+    - title: ":hammer: Dependency Upgrades"
+      labels: [ "type: dependency-upgrade" ]
+      sort: "title"
+    - title: ":rewind: Non-passive"
+      labels: [ "type: breaks-passivity" ]
+      sort: "title"
+  contributors:
+    title: ":heart: Contributors"
+    exclude:
+      names: ["marcusdacoregio", "dependabot[bot]"]