From 092135d9ef826b0403204e31b53dbc6648d70de1 Mon Sep 17 00:00:00 2001 From: Jente Sondervorst Date: Mon, 18 May 2026 15:55:20 +0200 Subject: [PATCH 1/3] =?UTF-8?q?Revert=20inline=20mirror=20=E2=80=94=20cent?= =?UTF-8?q?ral=20config=20lives=20in=20gh-automation=20now?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Maven Artifactory mirror configuration that this repo carried inline (s4u/maven-settings-action + REWRITE_GRADLE_MIRROR_* env vars) has been moved to the shared reusable workflows in openrewrite/gh-automation (#95). Restoring the thin-caller form so this repo picks up the central configuration automatically and benefits from any future updates to it. No behavioral change: callers of the reusable workflow continue to route Maven resolution through artifactory.moderne.ninja's moderne-cache-3. --- .github/workflows/ci.yml | 50 ++++---------- .github/workflows/publish.yml | 65 ++++--------------- .../resources/META-INF/rewrite/jspecify.yml | 2 +- 3 files changed, 24 insertions(+), 93 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4f5db1faf..b48b2cd42d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,41 +20,15 @@ concurrency: jobs: build: - runs-on: ubuntu-latest - if: github.event_name != 'schedule' || github.repository_owner == 'openrewrite' || github.repository_owner == 'moderneinc' - steps: - - uses: openrewrite/gh-automation/.github/actions/setup@main - with: - java_version: | - 25 - 21 - develocity_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - - # Route Maven resolution through Moderne's Artifactory cache to avoid - # Maven Central rate-limiting (HTTP 429) under parallel test load. - - uses: s4u/maven-settings-action@v4.0.0 - with: - mirrors: '[{"id": "moderne-cache", "name": "Moderne Artifactory Cache", "mirrorOf": "*", "url": "https://artifactory.moderne.ninja/artifactory/moderne-cache-3/"}]' - servers: ${{ secrets.ARTIFACTORY_USERNAME != '' && format('[{{"id":"moderne-cache","username":"{0}","password":"{1}"}}]', secrets.ARTIFACTORY_USERNAME, secrets.ARTIFACTORY_PASSWORD) || '[]' }} - - - uses: openrewrite/gh-automation/.github/actions/build@main - env: - REWRITE_GRADLE_MIRROR_URL: https://artifactory.moderne.ninja/artifactory/moderne-cache-3/ - REWRITE_GRADLE_MIRROR_USERNAME: ${{ secrets.AST_PUBLISH_USERNAME }} - REWRITE_GRADLE_MIRROR_PASSWORD: ${{ secrets.AST_PUBLISH_PASSWORD }} - - - if: failure() && github.event_name == 'schedule' && (github.repository_owner == 'openrewrite' || github.repository_owner == 'moderneinc') - uses: openrewrite/gh-automation/.github/actions/slack-failure@main - with: - webhook: ${{ secrets.OPS_GITHUB_ACTIONS_WEBHOOK }} - - - if: > - github.event_name != 'pull_request' && - github.ref == 'refs/heads/main' && - (github.repository_owner == 'openrewrite' || github.repository_owner == 'moderneinc') - uses: openrewrite/gh-automation/.github/actions/publish-snapshots@main - with: - sonatype_username: ${{ secrets.SONATYPE_USERNAME }} - sonatype_token: ${{ secrets.SONATYPE_TOKEN }} - ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} - ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} + uses: openrewrite/gh-automation/.github/workflows/ci-gradle.yml@main + with: + java_version: | + 25 + 21 + secrets: + gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + sonatype_username: ${{ secrets.SONATYPE_USERNAME }} + sonatype_token: ${{ secrets.SONATYPE_TOKEN}} + ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} + ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} + OPS_GITHUB_ACTIONS_WEBHOOK: ${{ secrets.OPS_GITHUB_ACTIONS_WEBHOOK }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6945d9d137..2f7a77faf2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,59 +11,16 @@ concurrency: group: publish-${{ github.ref }} cancel-in-progress: false -env: - GRADLE_SWITCHES: --console=plain --info --stacktrace --warning-mode=all --no-daemon - ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }} - ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_TOKEN }} - ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_SIGNING_KEY }} - ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_SIGNING_PASSWORD }} - jobs: release: - runs-on: ubuntu-latest - steps: - - uses: openrewrite/gh-automation/.github/actions/setup@main - with: - java_version: | - 25 - 21 - develocity_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - - # Route Maven resolution through Moderne's Artifactory cache to avoid - # Maven Central rate-limiting (HTTP 429) under parallel test load. - - uses: s4u/maven-settings-action@v4.0.0 - with: - mirrors: '[{"id": "moderne-cache", "name": "Moderne Artifactory Cache", "mirrorOf": "*", "url": "https://artifactory.moderne.ninja/artifactory/moderne-cache-3/"}]' - servers: ${{ secrets.ARTIFACTORY_USERNAME != '' && format('[{{"id":"moderne-cache","username":"{0}","password":"{1}"}}]', secrets.ARTIFACTORY_USERNAME, secrets.ARTIFACTORY_PASSWORD) || '[]' }} - - - name: publish-candidate - if: contains(github.ref, '-rc.') - env: - REWRITE_GRADLE_MIRROR_URL: https://artifactory.moderne.ninja/artifactory/moderne-cache-3/ - REWRITE_GRADLE_MIRROR_USERNAME: ${{ secrets.AST_PUBLISH_USERNAME }} - REWRITE_GRADLE_MIRROR_PASSWORD: ${{ secrets.AST_PUBLISH_PASSWORD }} - run: | - ./gradlew \ - ${{ env.GRADLE_SWITCHES }} \ - -Preleasing \ - -Prelease.disableGitChecks=true \ - -Prelease.useLastTag=true \ - candidate \ - publish \ - closeAndReleaseSonatypeStagingRepository - - - name: publish-release - if: (!contains(github.ref, '-rc.')) - env: - REWRITE_GRADLE_MIRROR_URL: https://artifactory.moderne.ninja/artifactory/moderne-cache-3/ - REWRITE_GRADLE_MIRROR_USERNAME: ${{ secrets.AST_PUBLISH_USERNAME }} - REWRITE_GRADLE_MIRROR_PASSWORD: ${{ secrets.AST_PUBLISH_PASSWORD }} - run: | - ./gradlew \ - ${{ env.GRADLE_SWITCHES }} \ - -Preleasing \ - -Prelease.disableGitChecks=true \ - -Prelease.useLastTag=true \ - final \ - publish \ - closeAndReleaseSonatypeStagingRepository + uses: openrewrite/gh-automation/.github/workflows/publish-gradle.yml@main + with: + java_version: | + 25 + 21 + secrets: + gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + sonatype_username: ${{ secrets.SONATYPE_USERNAME }} + sonatype_token: ${{ secrets.SONATYPE_TOKEN}} + ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} + ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} diff --git a/src/main/resources/META-INF/rewrite/jspecify.yml b/src/main/resources/META-INF/rewrite/jspecify.yml index 656df487e2..bbf2217104 100644 --- a/src/main/resources/META-INF/rewrite/jspecify.yml +++ b/src/main/resources/META-INF/rewrite/jspecify.yml @@ -62,7 +62,7 @@ recipeList: - org.openrewrite.java.dependencies.AddDependency: groupId: org.jspecify artifactId: jspecify - version: 1.0.0 + version: latest.release onlyIfUsing: javax.annotation.*ull* acceptTransitive: true - org.openrewrite.java.migrate.jspecify.MoveAnnotationToArrayType: From 3122d38ade487d5079bcc5d4a863491e3fbdcd5a Mon Sep 17 00:00:00 2001 From: Jente Sondervorst Date: Mon, 18 May 2026 16:03:14 +0200 Subject: [PATCH 2/3] Pass artifactory_* secrets to the reusable workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These authenticate the Maven mirror at artifactory.moderne.ninja so its virtual-repo iteration can traverse all backing repos. When the secrets aren't set on the repo (or org), this is a no-op — the mirror is consulted anonymously, which is sufficient for any artifact present in the anonymous-readable backing repos. --- .github/workflows/ci.yml | 2 ++ .github/workflows/publish.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b48b2cd42d..502f10d282 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,4 +31,6 @@ jobs: sonatype_token: ${{ secrets.SONATYPE_TOKEN}} ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} + artifactory_username: ${{ secrets.ARTIFACTORY_USERNAME }} + artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} OPS_GITHUB_ACTIONS_WEBHOOK: ${{ secrets.OPS_GITHUB_ACTIONS_WEBHOOK }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2f7a77faf2..b3701ad688 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,3 +24,5 @@ jobs: sonatype_token: ${{ secrets.SONATYPE_TOKEN}} ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} + artifactory_username: ${{ secrets.ARTIFACTORY_USERNAME }} + artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} From 382daeedacd0549c34ef45ae13a265a8b518870c Mon Sep 17 00:00:00 2001 From: Jente Sondervorst Date: Mon, 18 May 2026 16:12:30 +0200 Subject: [PATCH 3/3] Apply suggestion from @Jenson3210 --- src/main/resources/META-INF/rewrite/jspecify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/META-INF/rewrite/jspecify.yml b/src/main/resources/META-INF/rewrite/jspecify.yml index bbf2217104..656df487e2 100644 --- a/src/main/resources/META-INF/rewrite/jspecify.yml +++ b/src/main/resources/META-INF/rewrite/jspecify.yml @@ -62,7 +62,7 @@ recipeList: - org.openrewrite.java.dependencies.AddDependency: groupId: org.jspecify artifactId: jspecify - version: latest.release + version: 1.0.0 onlyIfUsing: javax.annotation.*ull* acceptTransitive: true - org.openrewrite.java.migrate.jspecify.MoveAnnotationToArrayType: