This repository demonstrates automated release workflows for a Spring Boot web application using GitHub Actions. It showcases various release automation patterns, semantic versioning, and deployment strategies that can be applied to enterprise software development workflows.
- Framework: Spring Boot 2.6.3 with Java 8
- Build Tool: Maven with wrapper
- Main Application:
com.example.springboot.Application - REST Endpoint:
HelloControllerserving "Greetings from Spring Boot!" at root URL - Testing: JUnit 5 test framework
- Demo Guide: Detailed walkthrough of the application structure and build process
- Help & References: Spring Boot documentation and useful guides
- RESTful web service
- Maven-based build system
- Comprehensive GitHub Actions workflows
- Multi-environment deployment support
- Semantic versioning automation
- Security scanning and dependency management
- Java 8 or higher
- Maven 3.x (or use included wrapper)
- Git
-
Clone the repository
git clone <repository-url> cd automated-release-main
-
Build the application
./mvnw clean package
-
Run the application
./mvnw spring-boot:run
-
Test the endpoint
curl http://localhost:8080 # Returns: "Greetings from Spring Boot!" -
Run tests
./mvnw test
This repository includes multiple GitHub Actions workflows demonstrating different release strategies:
| Workflow | Trigger | Purpose |
|---|---|---|
auto-release.yml |
Push to main | Automatic release based on PR labels |
release.yml |
Manual/Push | Full release with artifact building |
manual-release.yml |
Manual | Manual release with version selection |
package-and-deploy.yml |
Manual | Package and deploy to GitHub Packages |
- Automatic version bumping based on PR labels:
MAJOR: Breaking changes (x.0.0)MINOR: New features (0.x.0)PATCH: Bug fixes (0.0.x)
- Custom semver action: Uses
snsinahub-org/semverfor version management - Changelog generation: Automated changelog from commits and PRs
- Maven artifact building: Compiles JAR files
- GitHub Packages: Publishes to GitHub Package Registry
- Release assets: Attaches JAR files to GitHub releases
- SBOM generation: Software Bill of Materials for security compliance
- Multi-environment: Sandbox β UAT β Production
- Environment protection: Manual approvals for production
- Artifact promotion: Same artifact deployed across environments
- Deployment tracking: Status badges and reporting
super-linter.yml: Code linting across multiple languagesdependency-review-action.yml: Dependency vulnerability scanningscorecard.yml: OSSF Scorecard security assessmentsbom.yml: Software Bill of Materials generation
semver.yml: Semantic version testinglist-releases.yml: Release management utilitiesdownload-release.yml: Release asset retrievalcreat-pr-from-tag.yml: Tag-based PR creation
pom.xml: Project dependencies and build configuration.mvn/local-settings.xml: GitHub Packages authenticationconfig/m2-settings.xml: Alternative Maven settings
.github/release.yml: Release notes configuration.github/pull_request_template.md: PR templateazure-pipelines.yml: Azure DevOps pipeline (legacy)
The following environment variables are required for full functionality:
S_TOKEN: GitHub token for package publishingUSERNAME: GitHub username for authenticationGITHUB_TOKEN: Automatic GitHub Actions token
- No hardcoded secrets in repository
- Environment-based authentication
- Dependency vulnerability scanning
- Security policy enforcement through workflows
- Create a PR with appropriate labels (
MAJOR,MINOR, orPATCH) - Merge to main branch
- Release is automatically created with proper semantic version
- Go to Actions β Manual release
- Select release type (MAJOR/MINOR/PATCH)
- Specify branch and version prefix
- Trigger workflow
- Go to Actions β package and deploy
- Enter desired version number
- Deploys to GitHub Packages
- Sandbox: Development testing environment
- UAT: User acceptance testing
- Production: Live environment (requires approval)
- Use semantic versioning labels (
MAJOR,MINOR,PATCH) - Follow the PR template
- Ensure all tests pass
- Update documentation as needed
- Create feature branch
- Implement changes
- Add appropriate tests
- Create PR with semantic label
- Code review and merge
- Automatic release triggered
- Workflow status badges: Real-time pipeline status
- Release tracking: GitHub releases with changelogs
- Artifact management: GitHub Packages integration
- Security scanning: Automated vulnerability detection
- Build failures: Check Java/Maven versions
- Authentication errors: Verify GitHub tokens
- Test failures: Run tests locally first
- Deployment issues: Check environment configurations
- GitHub Actions logs
- Maven build output
- Application logs via Spring Boot Actuator
This project is licensed under the MIT License - see the LICENSE file for details.
This is a demonstration repository for release automation patterns. Adapt the workflows to your organization's needs and security requirements.
- Demo Guide: Complete application overview and development setup
- Help & References: Spring Boot documentation, Maven guides, and external resources
For questions or support, refer to the GitHub Actions documentation and Spring Boot guides.