Merge branch 'main' into feature/gh-2812-aws-s3-searchpaths

Signed-off-by: Geonwook Ham <tomy8964@naver.com>

Author: tomy8964

.github/dependabot.yml

@@ -1,15 +1,5 @@
 version: 2
 updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    target-branch: "4.1.x"
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    target-branch: "4.2.x"
-    schedule:
-      interval: "weekly"
   - package-ecosystem: "github-actions"
     directory: "/"
     target-branch: "4.3.x"
@@ -24,18 +14,7 @@ updates:
     directory: /
     schedule:
       interval: daily
-    target-branch: 4.1.x
-    ignore:
-      # only upgrade patch versions for maintenance branch
-      - dependency-name: "*"
-        update-types:
-          - version-update:semver-major
-          - version-update:semver-minor
-  - package-ecosystem: maven
-    directory: /
-    schedule:
-      interval: daily
-    target-branch: 4.2.x
+    target-branch: 4.3.x
     ignore:
       # only upgrade patch versions for maintenance branch
       - dependency-name: "*"
@@ -46,18 +25,13 @@ updates:
     directory: /
     schedule:
       interval: daily
-    target-branch: 4.3.x
+    target-branch: main
     ignore:
       # only upgrade patch versions for maintenance branch
       - dependency-name: "*"
         update-types:
           - version-update:semver-major
           - version-update:semver-minor
-  - package-ecosystem: maven
-    directory: /
-    schedule:
-      interval: daily
-    target-branch: main
   - package-ecosystem: npm
     target-branch: docs-build
     directory: /
@@ -68,16 +42,6 @@ updates:
     directory: /docs
     schedule:
       interval: weekly
-  - package-ecosystem: npm
-    target-branch: 4.1.x
-    directory: /docs
-    schedule:
-      interval: weekly
-  - package-ecosystem: npm
-    target-branch: 4.2.x
-    directory: /docs
-    schedule:
-      interval: weekly
   - package-ecosystem: npm
     target-branch: 4.3.x
     directory: /docs

.github/workflows/ci.yml

@@ -0,0 +1,34 @@
+name: Spring Cloud Config CI Job
+
+on:
+  push:
+    branches:
+      - main
+      - 4.3.x
+      - 4.2.x
+
+  # Scheduled builds run daily at midnight UTC
+  schedule:
+    - cron: '0 0 * * *'
+
+  # Manual trigger with optional branch override
+  workflow_dispatch:
+    inputs:
+      branches:
+        description: "Which branch should be built (can be a comma-separated list of branches)"
+        required: true
+        default: 'main'
+        type: string
+
+jobs:
+  deploy:
+    uses: spring-cloud/spring-cloud-github-actions/.github/workflows/deploy.yml@main
+    with:
+      branches: ${{ inputs.branches }}
+    secrets:
+      ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+      ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+      COMMERCIAL_ARTIFACTORY_USERNAME: ${{ secrets.COMMERCIAL_ARTIFACTORY_USERNAME }}
+      COMMERCIAL_ARTIFACTORY_PASSWORD: ${{ secrets.COMMERCIAL_ARTIFACTORY_PASSWORD }}
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/deploy-docs.yml

@@ -16,7 +16,7 @@ jobs:
     # if: github.repository_owner == 'spring-cloud'
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: docs-build
           fetch-depth: 1

.github/workflows/maven.yaml

@@ -15,14 +15,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '17'
       - name: Cache local Maven repository
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -31,12 +31,12 @@ jobs:
       - name: Build with Maven
         run: ./mvnw -s .settings.xml clean org.jacoco:jacoco-maven-plugin:prepare-agent install -U -P sonar -nsu --batch-mode -Dmaven.test.redirectTestOutputToFile=true -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
       - name: Publish Test Report
-        uses: mikepenz/action-junit-report@v5
+        uses: mikepenz/action-junit-report@v6
         if: always() # always run even if the previous step fails
         with:
           report_paths: '**/surefire-reports/TEST-*.xml'
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: surefire-reports
           path: '**/surefire-reports/*'

README.adoc

@@ -113,6 +113,13 @@ parsing or rendering it, just copying it to `${main.basedir}`
 any changes in the README it will then show up after a Maven build as
 a modified file in the correct place. Just commit it and push the change.
 
+You can generate the docs site using the following command:
+
+[indent=0]
+----
+	./mvnw -pl docs -P docs antora:antora
+----
+
 [[working-with-the-code]]
 == Working with the code
 If you don't have an IDE preference we would recommend that you use
@@ -156,20 +163,6 @@ The generated eclipse projects can be imported by selecting `import existing pro
 from the `file` menu.
 
 
-[[jce]]
-== JCE
-
-If you get an exception due to "Illegal key size" and you are using Sun’s JDK, you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
-See the following links for more information:
-
-https://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html[Java 6 JCE]
-
-https://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html[Java 7 JCE]
-
-https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html[Java 8 JCE]
-
-Extract the JCE files into the `JDK/jre/lib/security` folder for whichever version of JRE/JDK x64/x86 you use.
-
 [[contributing]]
 = Contributing
 

docs/modules/ROOT/nav.adoc

@@ -14,6 +14,7 @@
 *** xref:server/environment-repository/aws-s3-backend.adoc[]
 *** xref:server/environment-repository/aws-parameter-store-backend.adoc[]
 *** xref:server/environment-repository/aws-secrets-manager-backend.adoc[]
+*** xref:server/environment-repository/gcp-secret-manager-backend.adoc[]
 *** xref:server/environment-repository/credhub-backend.adoc[]
 *** xref:server/environment-repository/mongo-backend.adoc[]
 *** xref:server/environment-repository/composite-repositories.adoc[]

docs/modules/ROOT/pages/quickstart.adoc

@@ -3,14 +3,97 @@
 
 This quick start walks through using both the server and the client of Spring Cloud Config Server.
 
-First, start the server, as follows:
+First create a Spring Boot application with a dependency on `org.springframework.cloud:spring-cloud-config-server`.
 
+.pom.xml
+[source,xml]
+----
+...
+  <properties>
+    <java.version>21</java.version>
+    <spring-cloud.version>2025.1.0</spring-cloud.version>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.cloud</groupId>
+      <artifactId>spring-cloud-config-server</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>org.springframework.cloud</groupId>
+        <artifactId>spring-cloud-dependencies</artifactId>
+        <version>${spring-cloud.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+...
+----
+
+.build.gradle
+[source,json]
+----
+...
+ext {
+  set('springCloudVersion', "2025.1.0")
+}
+
+dependencies {
+  implementation 'org.springframework.cloud:spring-cloud-config-server'
+}
+
+dependencyManagement {
+  imports {
+    mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
+  }
+}
+...
 ----
-$ cd spring-cloud-config-server
-$ ../mvnw spring-boot:run
+
+In the main application class add the `@EnableConfigServer` annotation.
+
+.ConfigServerApplication.java
+[source,java]
 ----
+@EnableConfigServer
+@SpringBootApplication
+public class ConfigServerApplication {
+
+	public static void main(String[] args) {
+		new SpringApplicationBuilder(ConfigServerApplication.class).run(args);
+	}
 
-The server is a Spring Boot application, so you can run it from your IDE if you prefer to do so (the main class is `ConfigServerApplication`).
+}
+----
+
+Finally in your `application.yaml` file (or `application.properties`) add the following properties.
+
+.application.yaml
+[source,yaml]
+----
+spring:
+  application:
+    name: configserver
+  cloud:
+    config:
+      server:
+        git:
+          uri: https://github.com/spring-cloud-samples/config-repo
+          repos:
+            - patterns: multi-repo-demo-*
+              uri: https://github.com/spring-cloud-samples/config-repo
+server:
+  port: 8888
+----
 
 Next try out a client, as follows:
 

docs/modules/ROOT/pages/server/aot-and-native-image-support.adoc

@@ -4,10 +4,9 @@
 
 Since `4.0.0`, Spring Cloud Config Server supports Spring AOT transformations. As of `4.1.0` it also supports GraalVM native images, as long as GraalVM 21 or higher is used, however it requires the user to add some workarounds for known GraalVM issues, as described below.
 
+[IMPORTANT]
 ====
-
-IMPORTANT::
-Due to [a bug](https://github.com/oracle/graal/issues/5134) in Graal's `FileSystemProvider` a configuration workaround needs to be added to allow the Config Server to run as a native image.  You will need to add the following options to your GraalVM build plugin setup (please refer to https://www.graalvm.org/[GraalVM] Maven or Gradle plugin documentation for more details):
+Due to https://github.com/oracle/graal/issues/5134[a bug] in Graal's `FileSystemProvider` a configuration workaround needs to be added to allow the Config Server to run as a native image.  You will need to add the following options to your GraalVM build plugin setup (please refer to https://graalvm.github.io/native-build-tools/latest/maven-plugin.html[Maven plugin for GraalVM] or https://graalvm.github.io/native-build-tools/latest/gradle-plugin.html[Gradle plugin for GraalVM] for more details):
 
 [source,indent=0]
 ----
@@ -18,13 +17,11 @@ Due to [a bug](https://github.com/oracle/graal/issues/5134) in Graal's `FileSyst
 --initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG$Default
 --initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV
 ----
-
-NOTE:: Adding the additional build time initializations can affect performance, but it still may offer gains as compared to a regular JVM run. Make sure to measure and compare for your application.
-
 ====
 
-TIP::
-If you are connecting with your config data backend over SSH, keep in mind that GraalVM requires https://www.graalvm.org/latest/reference-manual/native-image/dynamic-features/JCASecurityServices/#provider-registration[security provider registration using `java.security`]
+NOTE: Adding the additional build time initializations can affect performance, but it still may offer gains as compared to a regular JVM run. Make sure to measure and compare for your application.
+
+TIP: If you are connecting with your config data backend over SSH, keep in mind that GraalVM requires https://www.graalvm.org/latest/reference-manual/native-image/dynamic-features/JCASecurityServices/#provider-registration[security provider registration using `java.security`]
 
 WARNING: Refresh scope is not supported with native images. If you are going to run your config client application as a native image, make sure to set `spring.cloud.refresh.enabled` property to `false`.
 

docs/modules/ROOT/pages/server/encryption-and-decryption.adoc

@@ -1,9 +1,6 @@
 [[encryption-and-decryption]]
 = Encryption and Decryption
 
-IMPORTANT: To use the encryption and decryption features you need the full-strength JCE installed in your JVM (it is not included by default).
-You can download the "`Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files`" from Oracle and follow the installation instructions (essentially, you need to replace the two policy files in the JRE lib/security directory with the ones that you downloaded).
-
 If the remote property sources contain encrypted content (values starting with `\{cipher}`), they are decrypted before sending to clients over HTTP.
 The main advantage of this setup is that the property values need not be in plain text when they are "`at rest`" (for example, in a git repository).
 If a value cannot be decrypted, it is removed from the property source and an additional property is added with the same key but prefixed with `invalid` and a value that means "`not applicable`" (usually `<n/a>`).