Add samples and some fixes

* Don't use Maven & Gradle wrappers to avoid extra downloads.
Rely on `actions/setup-java`
* Add caller workflow samples
* More documentation about workflows in this project

Author: artembilan

.github/workflows/spring-artifactory-maven-release-staging.yml

@@ -37,7 +37,7 @@ jobs:
       buildNumber: ${{ steps.configure-jfrog.outputs.buildNumber }}
     steps:
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
           show-progress: false
@@ -69,7 +69,7 @@ jobs:
 
       - name: Set Release Version
         run: |
-          ./mvnw versions:set -DnewVersion=${{ inputs.releaseVersion }} -DgenerateBackupPoms=false -DprocessAllModules=true -B -ntp
+          mvn versions:set -DnewVersion=${{ inputs.releaseVersion }} -DgenerateBackupPoms=false -DprocessAllModules=true -B -ntp
 
       - name: Build and Publish
         run: |
@@ -91,7 +91,7 @@ jobs:
           git commit -a -m "[artifactory-release] Release version ${{ inputs.releaseVersion }}"
           git tag "v${{ inputs.releaseVersion }}"
           git push --tags origin
-          ./mvnw build-helper:parse-version versions:set \
+          mvn build-helper:parse-version versions:set \
             -DnewVersion='${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.${{ (contains(inputs.releaseVersion, '-M') || contains(inputs.releaseVersion, '-RC')) && '${parsedVersion.incrementalVersion}' || '${parsedVersion.nextIncrementalVersion}' }}'-SNAPSHOT \
             -DgenerateBackupPoms=false -DprocessAllModules=true -B -ntp
           git commit -a -m "[artifactory-release] Next development version"

.github/workflows/spring-artifactory-release.yml

@@ -95,12 +95,12 @@ jobs:
     steps:
 
       - name: Call smoke tests workflow
-        uses: aurelien-baudet/workflow-dispatch@main
+        uses: aurelien-baudet/workflow-dispatch@v2
         with:
           workflow: ${{ inputs.verifyStagedWorkflow }}
           wait-for-completion-interval: 30s
           display-workflow-run-url-interval: 5s
-          workflow-logs: print
+#          workflow-logs: print - uncomment when v3 for action is released
           token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
           inputs: '{ "releaseVersion": "${{ needs.releaseVersion.outputs.releaseVersion }}" }'
 

.github/workflows/spring-maven-pull-request-build.yml

@@ -20,7 +20,7 @@ jobs:
           cache: 'maven'
 
       - name: Build with Maven
-        run: ./mvnw verify -B -ntp
+        run: mvn verify -B -ntp
 
       - name: Capture Test Results
         if: failure()

README.md

@@ -1,58 +1,99 @@
 # GitHub Actions Workflows for Spring Projects
 
 This project containers reusable GitHub Actions Workflows to build Spring projects with Gradle or Maven.
-SNAPSHOT and Release workflows uses JFrog CLI to publish artifacts into Artifactory.
+The workflows are designed for specific tasks and can be reused individually or in combinations in the target projects.
 
-The `spring-artifactory-release.yml` must be used like this in the target workflow:
+To use these workflows in your project a set of organization secrets must be granted to the repository:
 ```
-name: Release
-
-on:
-  workflow_dispatch:
-
-run-name: Release current version for branch ${{ github.ref_name }}
-
-jobs:
-  release:
-    uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-artifactory-release.yml@main
-    with:
-      buildToolArgs: dist
-      verifyStagedWorkflow: verify-staged-artifacts.yml
-    secrets:
-      GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
-      GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
-      GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-      GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
-      JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
-      SPRING_RELEASE_SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }}
-      OSSRH_URL: ${{ secrets.OSSRH_URL }}
-      OSSRH_S01_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
-      OSSRH_S01_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
-      OSSRH_STAGING_PROFILE_NAME: ${{ secrets.OSSRH_STAGING_PROFILE_NAME }}
-      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+GH_ACTIONS_REPO_TOKEN
+GRADLE_ENTERPRISE_CACHE_USER
+GRADLE_ENTERPRISE_CACHE_PASSWORD
+GRADLE_ENTERPRISE_SECRET_ACCESS_KEY
+JF_ARTIFACTORY_SPRING
+SPRING_RELEASE_SLACK_WEBHOOK_URL
+OSSRH_URL
+OSSRH_S01_TOKEN_USERNAME
+OSSRH_S01_TOKEN_PASSWORD
+OSSRH_STAGING_PROFILE_NAME
+GPG_PASSPHRASE
+GPG_PRIVATE_KEY
 ```
-on every branch which is supposed to be released via GitHub actions.
+
+The Gradle Enterprise secrets are optional: not used by Maven and Gradle project might not be enrolled for the service.  
+
+The mentioned secrets must be passed explicitly since these reusable workflows might be in different GitHub org than target project.
+
+The SNAPSHOT and Release workflows uses JFrog CLI to publish artifacts into Artifactory.
+
+## Build SNAPSHOT and Pull Request Workflows
+
+The `[spring-gradle-pull-request-build.yml](.github%2Fworkflows%2Fspring-gradle-pull-request-build.yml)` and `[spring-maven-pull-request-build.yml](.github%2Fworkflows%2Fspring-maven-pull-request-build.yml)` are straight forward, single job reusable workflows.
+They perform Gradle `check` task and Maven `verify` goal, respectively.
+The caller workflow is as simple as follows.
+
+Gradle Pull Request caller workflow:
+./samples/pr-build-gradle.yml
+
+Maven Pull Request caller workflow:
+./samples/pr-build-maven.yml
+
+You can add more branches to react for pull request events.
+
+The SNAPSHOT workflows (`[spring-artifactory-gradle-snapshot.yml](.github%2Fworkflows%2Fspring-artifactory-gradle-snapshot.yml)` and `[spring-artifactory-maven-snapshot.yml](.github%2Fworkflows%2Fspring-artifactory-maven-snapshot.yml)`, respectively) are also that simple.
+They use JFrog CLI action to be able to publish artifacts into `libs-snapshot-local` repository.
+The Gradle workflow can be supplied with Gradle Enterprise secrets.
+
+Gradle SNAPSHOT caller workflow:
+./samples/ci-snapshot-gradle.yml
+
+Maven SNAPSHOT caller workflow:
+./samples/ci-snapshot-maven.yml
+
+## Release Workflow
+
+The `[spring-artifactory-release.yml](.github%2Fworkflows%2Fspring-artifactory-release.yml)` workflow is complex enough, has some branching jobs and makes some assumptions and expects particular conditions on your repository:
+
+- The versioning schema must follow these rules: 3-digit-dotted number for `major`, `minor` and `patch` parts, snapshot is suffixed with `-SNAPSHOT`, milestones are with `-M{number}` and `-RC{number}` suffix, the GA release is without any suffix.
+For example: `0.0.1-SNAPSHOT`, `1.0.0-M1`, `2.1.0-RC2`, `3.3.3`.
+- GitHub Milestone titles must be exact as the version to release number.
+For example: `1.0.0-M1`, `2.1.0-RC2`, `3.3.3`.
+- GitHub Milestones must be scheduled: have a `Due on` date set.
+Otherwise, release workflow will be cancelled with a warning that nothing to release for respective SNAPSHOT in a branch.
+
+The logic of this release workflow:
+
+- Take a SNAPSHOT version from a dispatched branch (Maven `help:evaluate -Dexpression="project.version"` and Gradle `gradle properties | grep "^version:"`, respectively)
+- List GitHub milestones matching the candidate version and select the closest one by due on date
+- Cancel workflow if no scheduled Milestone
+- Call Maven or Gradle according to the project (essentially, it tests for `pom.xml` file presence) with the release version extracted from the previous job.
+This job stages released artifacts using JFrog CLI into `libs-staging-local` repository on Spring Artifactory and commits `Next development version` to the branch we are releasing against
+- The next job is to [verify staged artifacts](#verify-staged-artifacts)
+- When verification is successful, next job promotes release from staging either to `libs-milestone-local` or `libs-release-local`(and Maven Central) according to the releasing version schema
+- Then `[spring-finalize-release.yml](.github%2Fworkflows%2Fspring-finalize-release.yml)` job is executed, which generates release notes using [Spring Changelog Generator](https://github.com/spring-io/github-changelog-generator) excluding repository admins from `Contributors` section.
+The `gh release create` command is performed on a tag for just released version.
+And in the end the milestone is closed and specific Slack channel is notified about release.
+
+Example of Release caller workflow:
+./samples/release.yml
+
+Such a workflow must be on every branch which is supposed to be released via GitHub actions.
 
 The `buildToolArgs` parameter for this job means extra build tool arguments.
 For example, the mentioned `dist` value is a Gradle task in the project.
 Can be any Maven goal or other command line arguments.
 
-The mentioned secrets must be passed explicitly since these reusable workflows might be in different GitHub org than target project. 
+## Verify Staged Artifacts
 
-When a release workflow is dispatched, the `releaseVersion` job determines the milestone to release against the current SNAPSHOT version in the branch.
-If no milestone scheduled, the whole workflow is cancelled.
 Then `staging` job uses the `releaseVersion` output from the previous `releaseVersion` job and dispatch the work to Gradle or Maven jobs according to the project build tool.
 The `verify-staged` expects an optional `verifyStagedWorkflow` input (the `verify-staged-artifacts.yml`, by default) workflow supplied from the target project.
-For example, [Spring Integration for AWS](https://github.com/spring-projects/spring-integration-aws) use `jfrog rt download` command to verify that released `spring-integration-aws.jar` is valid.
+For example, [Spring Integration for AWS](https://github.com/spring-projects/spring-integration-aws) use `jfrog rt download` command to verify that released `spring-integration-aws-${{ inputs.releaseVersion }}.jar` is valid.
 Other projects may check out their samples repository and setup release version to perform smoke tests against just staged artifacts.
 
-The next job in the workflow is to promote release from staging either to `libs-milestone-local` or `libs-release-local`(and Maven Central) according to the releasing version schema.
+Verify staged workflow sample:
+./samples/verify-staged-artifacts.yml
 
-After promotion, the `finalize` job is executed, which generates release notes using [Spring Changelog Generator](https://github.com/spring-io/github-changelog-generator) excluding repository admins from `Contributors` section.
-Then the `gh release create` command is performed on a tag for just released version.
-And in the end the milestone is closed and specific Slack channel is notified about release.
+## Gradle and Artifactory
 
 Gradle projects must not manage `com.jfrog.artifactory` plugin anymore: the `jf gradlec` command sets up this plugin and respective tasks into a project using JFrog specific Gradle init script.
-In addition, the `spring-artifactory-gradle-snapshot.yml` and `spring-artifactory-gradle-release-staging.yml` add `spring-project-init.gradle` script to provide an `artifactory` plugin settings for artifacts publications.
+In addition, the `[spring-artifactory-gradle-snapshot.yml](.github%2Fworkflows%2Fspring-artifactory-gradle-snapshot.yml)` and `[spring-artifactory-gradle-release-staging.yml](.github%2Fworkflows%2Fspring-artifactory-gradle-release-staging.yml)` add `spring-project-init.gradle` script to provide an `artifactory` plugin settings for artifacts publications.
 This script also adds a `nextDevelopmentVersion` task which is used when release has been staged and job is ready to push `Next development version` commit.

samples/ci-snapshot-gradle.yml

@@ -0,0 +1,18 @@
+name: CI SNAPSHOT
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-snapshot:
+    uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-artifactory-gradle-snapshot.yml@main
+    with:
+      gradleTasks: dist
+    secrets:
+      GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
+      GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+      GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+      JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}

samples/ci-snapshot-maven.yml

@@ -0,0 +1,13 @@
+name: CI SNAPSHOT
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build_snapshot:
+    uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-artifactory-maven-snapshot.yml@main
+    secrets:
+      JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}

samples/pr-build-gradle.yml

@@ -0,0 +1,10 @@
+name: Pull Request Build
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build-pull-request:
+    uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-gradle-pull-request-build.yml@main

samples/pr-build-maven.yml

@@ -0,0 +1,10 @@
+name: Pull Request Build
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-maven-pull-request-build.yml@main

samples/release.yml

@@ -0,0 +1,25 @@
+name: Release
+
+on:
+  workflow_dispatch:
+
+run-name: Release current version for branch ${{ github.ref_name }}
+
+jobs:
+  release:
+    uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-artifactory-release.yml@main
+    with:
+      buildToolArgs: dist
+    secrets:
+      GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+      GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
+      GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+      GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+      JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
+      SPRING_RELEASE_SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }}
+      OSSRH_URL: ${{ secrets.OSSRH_URL }}
+      OSSRH_S01_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
+      OSSRH_S01_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
+      OSSRH_STAGING_PROFILE_NAME: ${{ secrets.OSSRH_STAGING_PROFILE_NAME }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}

samples/verify-staged-artifacts.yml

@@ -0,0 +1,28 @@
+name: Verify Staged Artifacts
+
+on:
+  workflow_dispatch:
+    inputs:
+      releaseVersion:
+        description: 'Release version like 3.0.0-M1, 3.1.0-RC1, 3.2.0 etc.'
+        required: true
+        type: string
+
+jobs:
+  verify-staged-with-jfrog:
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: jfrog/setup-jfrog-cli@v3
+        env:
+          JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
+
+      - name: Download Artifact from Staging Repo
+        run: |
+          fileToDownload=org/springframework/integration/spring-integration-aws/${{ inputs.releaseVersion }}/spring-integration-aws-${{ inputs.releaseVersion }}.jar
+          jfrog rt download libs-staging-local/$fileToDownload
+          if [ ! -f $fileToDownload ]
+          then
+            echo "::error title=No staged artifact::No spring-integration-aws-${{ inputs.releaseVersion }}.jar in staging repository"
+            exit 1
+          fi