spring-security/.github/workflows/release-next-version.yml

name: Release Next Version

on:
  schedule:
    - cron: '0 17 * * MON' # Every Monday at 5pm UTC
  workflow_dispatch: # Manual trigger

env:
  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
  RUN_JOBS: ${{ github.repository == 'spring-projects/spring-security' }}

jobs:
  release-next-version:
    name: Initiate Release If Scheduled
    if: env.RUN_JOBS == 'true'
    runs-on: ubuntu-latest
    steps:
      - id: checkout-source
        name: Checkout Source Code
        uses: actions/checkout@v2
        with:
          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
      - id: setup-jdk
        name: Set up JDK 17
        uses: actions/setup-java@v1
        with:
          java-version: '17'
      - name: Setup gradle user name
        run: |
          mkdir -p ~/.gradle
          echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
      - name: Setup Gradle
        uses: gradle/gradle-build-action@v2
        env:
          GRADLE_USER_HOME: ~/.gradle
      - id: check-release-due
        name: Check Release Due
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew gitHubCheckNextVersionDueToday
          echo "::set-output name=is_due_today::$(cat build/github/milestones/is-due-today)"
      - id: check-open-issues
        name: Check for open issues
        if: steps.check-release-due.outputs.is_due_today == true
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew gitHubCheckMilestoneHasNoOpenIssues
          echo "::set-output name=is_open_issues::$(cat build/github/milestones/is-open-issues)"
      - id: validate-release-state
        name: Validate State of Release
        if: steps.check-release-due.outputs.is_due_today == true && steps.check-release-due.outputs.is_open_issues == true
        run: |
          echo "The release is due today but there are open issues"
          exit 1
      - id: update-version-and-push
        name: Update version and push
        if: steps.check-release-due.outputs.is_due_today == true && steps.check-release-due.outputs.is_open_issues == false
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          git config user.name 'github-actions[bot]'
          git config user.email 'github-actions[bot]@users.noreply.github.com'
          ./gradlew :updateProjectVersion
          ./gradlew :spring-security-docs:antoraUpdateVersion
          updatedVersion=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
          git commit -am "Release $updatedVersion"
          git tag $updatedVersion
          git push
          git push origin $updatedVersion
      - id: send-slack-notification
        name: Send Slack message
        if: failure()
        uses: Gamesight/slack-workflow-status@v1.0.1
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
          channel: '#spring-security-ci'
          name: 'CI Notifier'