Bump 1392-testing-workflow-revert () #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Repository bumper 5.x | |
| run-name: Bump ${{ github.ref_name }} (${{ inputs.id }}) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Target version (e.g. 1.2.3)' | |
| default: '' | |
| required: false | |
| type: string | |
| stage: | |
| description: 'Version stage (e.g. alpha0)' | |
| default: '' | |
| required: false | |
| type: string | |
| tag: | |
| description: 'Change branches references to tag-like references (e.g. v4.12.0-alpha7)' | |
| default: false | |
| required: false | |
| type: boolean | |
| set_as_main: | |
| description: "Enable main branch mode: bump version values only, keep branch references pointing to main" | |
| required: false | |
| type: boolean | |
| default: false | |
| issue-link: | |
| description: 'Issue link in format https://github.com/wazuh/<REPO>/issues/<ISSUE-NUMBER>' | |
| required: true | |
| type: string | |
| revert: | |
| description: 'Set to true to revert the bump changes applied for this issue' | |
| default: false | |
| required: false | |
| type: boolean | |
| id: | |
| description: 'Optional identifier for the run' | |
| required: false | |
| type: string | |
| jobs: | |
| bump: | |
| name: Repository bumper 5.x | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| CI_COMMIT_AUTHOR: wazuhci | |
| CI_COMMIT_EMAIL: 22834044+wazuhci@users.noreply.github.com | |
| CI_GPG_PRIVATE_KEY: ${{ secrets.CI_WAZUHCI_GPG_PRIVATE }} | |
| GH_TOKEN: ${{ secrets.CI_WAZUHCI_BUMPER_TOKEN }} | |
| BUMP_SCRIPT_PATH: tools/repository_bumper.sh | |
| BUMP_LOG_PATH: tools | |
| steps: | |
| - name: Dump event payload | |
| run: | | |
| cat $GITHUB_EVENT_PATH | jq '.inputs' | |
| - name: Set up GPG key | |
| id: signing_setup | |
| run: | | |
| echo "${{ env.CI_GPG_PRIVATE_KEY }}" | gpg --batch --import | |
| KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/ {print $5; exit}') | |
| echo "gpg_key_id=$KEY_ID" >> $GITHUB_OUTPUT | |
| - name: Set up git | |
| run: | | |
| git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}" | |
| git config --global user.email "${{ env.CI_COMMIT_EMAIL }}" | |
| git config --global commit.gpgsign true | |
| git config --global user.signingkey "${{ steps.signing_setup.outputs.gpg_key_id }}" | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| echo RELOADAGENT | gpg-connect-agent | |
| export DEBIAN_FRONTEND=noninteractive | |
| export GPG_TTY=$(tty) | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| # Using workflow-specific GITHUB_TOKEN because currently CI_WAZUHCI_BUMPER_TOKEN | |
| # doesn't have all the necessary permissions | |
| token: ${{ env.GH_TOKEN }} | |
| - name: Determine branch name | |
| id: vars | |
| env: | |
| VERSION: ${{ inputs.version }} | |
| STAGE: ${{ inputs.stage }} | |
| TAG: ${{ inputs.tag }} | |
| run: | | |
| script_params="" | |
| version=${{ env.VERSION }} | |
| stage=${{ env.STAGE }} | |
| tag=${{ env.TAG }} | |
| set_as_main=${{ inputs.set_as_main }} | |
| if [[ "$set_as_main" == "true" ]]; then | |
| script_params="--set-as-main" | |
| fi | |
| # Both version and stage provided | |
| if [[ -n "$version" && -n "$stage" && "$tag" != "true" ]]; then | |
| script_params+=" --version ${version} --stage ${stage}" | |
| elif [[ -n "$version" && -n "$stage" && "$tag" == "true" ]]; then | |
| script_params+=" --version ${version} --stage ${stage} --tag ${tag}" | |
| fi | |
| issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}') | |
| if [[ "${{ inputs.revert }}" == "true" ]]; then | |
| BRANCH_NAME="enhancement/wqa${issue_number}-revert-bump-${{ github.ref_name }}" | |
| echo "pr_title=Revert bump ${{ github.ref_name }} branch" >> $GITHUB_OUTPUT | |
| else | |
| BRANCH_NAME="enhancement/wqa${issue_number}-bump-${{ github.ref_name }}" | |
| echo "pr_title=Bump ${{ github.ref_name }} branch" >> $GITHUB_OUTPUT | |
| fi | |
| echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| echo "script_params=${script_params}" >> $GITHUB_OUTPUT | |
| - name: Create and switch to bump branch | |
| run: | | |
| git checkout -b ${{ steps.vars.outputs.branch_name }} | |
| - name: Make version bump changes | |
| if: inputs.revert != true | |
| run: | | |
| echo "Running bump script" | |
| bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }} | |
| - name: Commit changes (Bump) | |
| if: inputs.revert != true | |
| run: | | |
| git add . | |
| git commit -m "feat: bump ${{ github.ref_name }}" | |
| - name: Fetch full history (Revert) | |
| if: inputs.revert == true | |
| run: git fetch --unshallow | |
| - name: Revert references (Revert) | |
| id: revert_step | |
| if: inputs.revert == true | |
| run: | | |
| ISSUE_NUMBER=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}') | |
| BUMP_BRANCH="enhancement/wqa${ISSUE_NUMBER}-bump-${{ github.ref_name }}" | |
| PR_NUMBER=$(gh pr list --head "$BUMP_BRANCH" --base "${{ github.ref_name }}" --state merged --json number --jq '.[0].number') | |
| if [ -z "$PR_NUMBER" ] || [ "$PR_NUMBER" == "null" ]; then | |
| echo "Error: The original PR for the bump was not found" | |
| echo "Searching merged PR from: $BUMP_BRANCH to ${{ github.ref_name }}" | |
| exit 1 | |
| fi | |
| echo "Original PR found: #$PR_NUMBER" | |
| MERGE_COMMIT=$(gh pr view $PR_NUMBER --json mergeCommit --jq '.mergeCommit.oid') | |
| git revert -m 1 $MERGE_COMMIT --no-commit | |
| # Remove the files to prevent them from being included in the revert commit | |
| git checkout HEAD -- VERSION.json 2>/dev/null || true | |
| git checkout HEAD -- CHANGELOG.md 2>/dev/null || true | |
| # Add any other repository-specific version files here | |
| if git diff --staged --quiet; then | |
| echo "No references to revert. Skipping commit." | |
| echo "has_changes=false" >> $GITHUB_OUTPUT | |
| else | |
| git commit -m "feat: revert ${{ github.ref_name }} references" | |
| echo "has_changes=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Push changes | |
| if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true') | |
| run: | | |
| git push origin ${{ steps.vars.outputs.branch_name }} | |
| - name: Create pull request | |
| if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true') | |
| id: create_pr | |
| run: | | |
| gh auth setup-git | |
| PR_URL=$(gh pr create \ | |
| --title "${{ steps.vars.outputs.pr_title }}" \ | |
| --body "Issue: ${{ inputs.issue-link }}" \ | |
| --base ${{ github.ref_name }} \ | |
| --head ${{ steps.vars.outputs.branch_name }}) | |
| echo "Pull request created: ${PR_URL}" | |
| echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT | |
| - name: Merge pull request | |
| if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true') | |
| run: | | |
| # Any checks for the PR are bypassed since the branch is expected to be functional | |
| gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge --admin | |
| - name: Show bump logs | |
| if: inputs.revert != true | |
| run: | | |
| echo "Bump complete." | |
| echo "Branch: ${{ steps.vars.outputs.branch_name }}" | |
| echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}" | |
| echo "Bumper scripts logs:" | |
| cat ${BUMP_LOG_PATH}/repository_bumper*log | |
| - name: Show revert logs | |
| if: inputs.revert == true | |
| run: | | |
| echo "Revert bump complete." | |
| echo "Branch: ${{ steps.vars.outputs.branch_name }}" | |
| echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}" | |
| echo "Revert bumper scripts logs:" | |
| cat ${BUMP_LOG_PATH}/repository_bumper*log || true |