Synchronize .github directory between 2.x and main

Author: ppkarwasz

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Submit a bug report
+---
+
+## Description
+
+[A clear and concise description of what the bug is.]
+
+## Configuration
+
+**Version:** [Log4j version]
+
+**Operating system:** [OS and version]
+
+**JDK:** [JDK distribution and version]
+
+## Logs
+
+```
+[Stacktraces, errors, etc. relevant applications logs.]
+```
+
+## Reproduction
+
+[An isolated test reproducing the test.
+JUnit tests similar to the ones in the code base are extremely appreciated.]

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,9 @@
+---
+name: Feature request
+about: Submit a feature request
+---
+
+**Warning!**
+It is highly recommended to discuss feature requests in [the mailing lists](https://logging.apache.org/log4j/2.x/support.html) first.
+
+[A clear and concise description of the feature requested.]

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,8 @@
+---
+name: Question
+about: Ask a question
+---
+
+As clearly indicated in [the Log4j support page](https://logging.apache.org/log4j/2.x/support.html#issues), **please use mailing lists for questions!**
+
+Issues asking questions will be removed, and you will be asked to post questions to the mailing lists instead.

.github/generate-email.sh

@@ -41,14 +41,15 @@ PROJECT_VERSION="$2"
 COMMIT_ID="$3"
 
 # Check release notes file
-RELEASE_NOTES_FILE="$SCRIPT_DIR/../target/generated-sources/site/asciidoc/release-notes/$PROJECT_VERSION.adoc"
+RELEASE_NOTES_FILE="$SCRIPT_DIR/../src/site/_release-notes/_$PROJECT_VERSION.adoc"
 [ -f "$RELEASE_NOTES_FILE" ] || {
     stderr "Couldn't find release notes file: $RELEASE_NOTES_FILE"
     exit 1
 }
 
 dump_release_notes() {
-    awk "f{print} /^Release date::/{f=1}" "$RELEASE_NOTES_FILE"
+    awk "f{print} /^Release date::/{f=1}" "$RELEASE_NOTES_FILE" \
+        | sed -r 's!'$PROJECT_REPO'/(issues|pull)/[0-9]+\[([0-9]+)\]!#\2!g'
 }
 
 case $1 in
@@ -77,7 +78,7 @@ net negative vote count. All votes are welcome and we encourage
 everyone to test the release, but only the Logging Services PMC
 votes are officially counted.
 
-=== Release Notes
+== Release Notes
 EOF
     dump_release_notes
     ;;
@@ -96,7 +97,7 @@ website[1].
 
 [1] $PROJECT_SITE
 
-=== Release Notes
+== Release Notes
 EOF
     dump_release_notes
     ;;

.github/pull_request_template.md

@@ -0,0 +1,9 @@
+[A clear and concise description of what the pull request is for along with a reference to the associated issue IDs, if they exist.]
+
+## Checklist
+
+* Base your changes on `2.x` branch if you are targeting Log4j 2; use `main` otherwise
+* `./mvnw verify` succeeds (if it fails due to code formatting issues reported by Spotless, simply run `./mvnw spotless:apply` and retry)
+* Non-trivial changes contain an entry file in the `src/changelog/.2.x.x` directory
+* Tests for the changes are provided
+* [Commits are signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (optional, but highly recommended)

.github/workflows/build.yml

@@ -41,33 +41,37 @@ jobs:
     uses: apache/logging-parent/.github/workflows/build-reusable.yaml@main
     with:
       java-version: 11
+      site-enabled: true
 
   deploy-snapshot:
     needs: build
-    if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x'
+    if: github.repository == 'apache/logging-log4j2' && github.ref_name == 'main'
     uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@main
     # Secrets for deployments
     secrets:
       NEXUS_USER: ${{ secrets.NEXUS_USER }}
       NEXUS_PW: ${{ secrets.NEXUS_PW }}
+    with:
+      java-version: 11
 
   deploy-release:
     needs: build
     if: github.repository == 'apache/logging-log4j2' && startsWith(github.ref_name, 'release/')
     uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@main
     # Secrets for deployments
     secrets:
-      GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }}
+      GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
       LOGGING_STAGE_DEPLOYER_USER: ${{ secrets.LOGGING_STAGE_DEPLOYER_USER }}
       LOGGING_STAGE_DEPLOYER_PW: ${{ secrets.LOGGING_STAGE_DEPLOYER_PW }}
-      SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
-      SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
+      SVN_USERNAME: ${{ secrets.LOGGING_SVN_DEV_USERNAME }}
+      SVN_PASSWORD: ${{ secrets.LOGGING_SVN_DEV_PASSWORD }}
     # Write permissions to allow the Maven `revision` property update, changelog release, etc.
     permissions:
       contents: write
     with:
-      project-id: log4j2
+      java-version: 11
+      project-id: log4j
       distribution-attachment-filepath-pattern: |-
-        '^.*/target/log4j-(1\.2-api|api(-test)?|appserver|cassandra|core(-test)?|couchdb|docker|flume-ng|iostreams|jakarta-(smtp|web)|jcl|jdbc-dbcp2|jpa|jpl|jul|kubernetes|layout-template-json|mongodb[34]|log4j-slf4j2?-impl|log4j-spring-(boot|cloud-config-client)|taglib|to-(jul|slf4j)|web)'${PROJECT_VERSION}'(-sources)?\.jar$'
-      distribution-attachment-count: 1
+        '^.*/target/log4j-(1\\.2-api|api(-test)?|appserver|cassandra|core(-test)?|couchdb|docker|flume-ng|iostreams|jakarta-(smtp|web)|jcl|jdbc-dbcp2|jpa|jpl|jul|kubernetes|layout-template-json|mongodb[34]|slf4j2?-impl|spring-(boot|cloud-config-client)|taglib|to-(jul|slf4j)|web)-'${PROJECT_VERSION}'\\.jar$'
+      distribution-attachment-count: 30
       site-enabled: true

.github/workflows/codeql-analysis.yml

@@ -15,14 +15,13 @@
 # limitations under the License.
 #
 
-name: "CodeQL"
+name: codeql-analysis
 
 on:
   push:
-    branches: [ master ]
+    branches: [ "2.x", "main" ]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [ "2.x", "main" ]
   schedule:
     - cron: '32 12 * * 5'
 
@@ -31,51 +30,11 @@ permissions: read-all
 jobs:
 
   analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
+    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@main
+    with:
+      java-version: 11
+    # Permissions required to publish Security Alerts
     permissions:
       actions: read
       contents: read
       security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'java' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-
-      - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744   # 3.6.0
-        with:
-          fetch-depth: 32
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@6a28655e3dcb49cb0840ea372fd6d17733edd8a4    # 2.21.8
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-      - name: Setup JDK 11
-        uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2   # 3.12.0
-        with:
-          distribution: temurin
-          java-version: 11
-          cache: maven
-
-      - name: Build with Maven
-        timeout-minutes: 60
-        shell: bash
-        run: |
-          ./mvnw \
-          --show-version --batch-mode --errors --no-transfer-progress \
-          -DskipTests
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6a28655e3dcb49cb0840ea372fd6d17733edd8a4    # 2.21.8

.github/workflows/merge-dependabot.yaml

@@ -29,14 +29,20 @@ permissions: read-all
 jobs:
 
   build:
-    if: github.repository == 'apache/logging-log4j-kotlin' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
+    if: github.repository == 'apache/logging-log4j2' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
     uses: apache/logging-parent/.github/workflows/build-reusable.yaml@main
+    with:
+      java-version: |
+        8
+        11
 
   merge-dependabot:
     needs: build
     uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@main
+    java-version: |
+      11
     permissions:
-      contents: write                                     # to push changelog commits
-      pull-requests: write                                # to close the PR
+      contents: write                                             # to push changelog commits
+      pull-requests: write                                        # to close the PR
     secrets:
-      GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }}       # to sign commits
+      GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}       # to sign commits

.github/workflows/scorecards-analysis.yml

@@ -0,0 +1,71 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: scorecards-analysis
+
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: "30 1 * * 6"    # Weekly on Saturdays
+  push:
+    branches: [ "2.x", "main" ]
+
+permissions: read-all
+
+jobs:
+
+  analysis:
+
+    name: "Scorecards analysis"
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to the code-scanning dashboard.
+      security-events: write
+      actions: read
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+
+    steps:
+
+      - name: "Checkout code"
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608   # 4.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031    # 2.2.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # A read-only PAT token, which is sufficient for the action to function.
+          # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          # Publish the results for public repositories to enable scorecard badges.
+          # For more details: https://github.com/ossf/scorecard-action#publishing-results
+          publish_results: true
+
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32    # 3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab    # 2.1.22
+        with:
+          sarif_file: results.sarif