-
Notifications
You must be signed in to change notification settings - Fork 211
221 lines (190 loc) · 8.13 KB
/
5_bumper_repository.yml
File metadata and controls
221 lines (190 loc) · 8.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
name: Repository bumper 5.x
run-name: Bump ${{ github.ref_name }} (${{ inputs.id }})
on:
workflow_dispatch:
inputs:
version:
description: 'Target version (e.g. 1.2.3)'
default: ''
required: false
type: string
stage:
description: 'Version stage (e.g. alpha0)'
default: ''
required: false
type: string
tag:
description: 'Change branches references to tag-like references (e.g. v4.12.0-alpha7)'
default: false
required: false
type: boolean
set_as_main:
description: "Enable main branch mode: bump version values only, keep branch references pointing to main"
required: false
type: boolean
default: false
issue-link:
description: 'Issue link in format https://github.com/wazuh/<REPO>/issues/<ISSUE-NUMBER>'
required: true
type: string
revert:
description: 'Set to true to revert the bump changes applied for this issue'
default: false
required: false
type: boolean
id:
description: 'Optional identifier for the run'
required: false
type: string
jobs:
bump:
name: Repository bumper 5.x
runs-on: ubuntu-22.04
permissions:
contents: write
pull-requests: write
env:
CI_COMMIT_AUTHOR: wazuhci
CI_COMMIT_EMAIL: 22834044+wazuhci@users.noreply.github.com
CI_GPG_PRIVATE_KEY: ${{ secrets.CI_WAZUHCI_GPG_PRIVATE }}
GH_TOKEN: ${{ secrets.CI_WAZUHCI_BUMPER_TOKEN }}
BUMP_SCRIPT_PATH: tools/repository_bumper.sh
BUMP_LOG_PATH: tools
steps:
- name: Dump event payload
run: |
cat $GITHUB_EVENT_PATH | jq '.inputs'
- name: Set up GPG key
id: signing_setup
run: |
echo "${{ env.CI_GPG_PRIVATE_KEY }}" | gpg --batch --import
KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/ {print $5; exit}')
echo "gpg_key_id=$KEY_ID" >> $GITHUB_OUTPUT
- name: Set up git
run: |
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
git config --global commit.gpgsign true
git config --global user.signingkey "${{ steps.signing_setup.outputs.gpg_key_id }}"
echo "use-agent" >> ~/.gnupg/gpg.conf
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
echo RELOADAGENT | gpg-connect-agent
export DEBIAN_FRONTEND=noninteractive
export GPG_TTY=$(tty)
- name: Checkout repository
uses: actions/checkout@v6
with:
# Using workflow-specific GITHUB_TOKEN because currently CI_WAZUHCI_BUMPER_TOKEN
# doesn't have all the necessary permissions
token: ${{ env.GH_TOKEN }}
- name: Determine branch name
id: vars
env:
VERSION: ${{ inputs.version }}
STAGE: ${{ inputs.stage }}
TAG: ${{ inputs.tag }}
run: |
script_params=""
version=${{ env.VERSION }}
stage=${{ env.STAGE }}
tag=${{ env.TAG }}
set_as_main=${{ inputs.set_as_main }}
if [[ "$set_as_main" == "true" ]]; then
script_params="--set-as-main"
fi
# Both version and stage provided
if [[ -n "$version" && -n "$stage" && "$tag" != "true" ]]; then
script_params+=" --version ${version} --stage ${stage}"
elif [[ -n "$version" && -n "$stage" && "$tag" == "true" ]]; then
script_params+=" --version ${version} --stage ${stage} --tag ${tag}"
fi
issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}')
if [[ "${{ inputs.revert }}" == "true" ]]; then
BRANCH_NAME="enhancement/wqa${issue_number}-revert-bump-${{ github.ref_name }}"
echo "pr_title=Revert bump ${{ github.ref_name }} branch" >> $GITHUB_OUTPUT
else
BRANCH_NAME="enhancement/wqa${issue_number}-bump-${{ github.ref_name }}"
echo "pr_title=Bump ${{ github.ref_name }} branch" >> $GITHUB_OUTPUT
fi
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
echo "script_params=${script_params}" >> $GITHUB_OUTPUT
- name: Create and switch to bump branch
run: |
git checkout -b ${{ steps.vars.outputs.branch_name }}
- name: Make version bump changes
if: inputs.revert != true
run: |
echo "Running bump script"
bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }}
- name: Commit changes (Bump)
if: inputs.revert != true
run: |
git add .
git commit -m "feat: bump ${{ github.ref_name }}"
- name: Fetch full history (Revert)
if: inputs.revert == true
run: git fetch --unshallow
- name: Revert references (Revert)
id: revert_step
if: inputs.revert == true
run: |
ISSUE_NUMBER=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}')
BUMP_BRANCH="enhancement/wqa${ISSUE_NUMBER}-bump-${{ github.ref_name }}"
PR_NUMBER=$(gh pr list --head "$BUMP_BRANCH" --base "${{ github.ref_name }}" --state merged --json number --jq '.[0].number')
if [ -z "$PR_NUMBER" ] || [ "$PR_NUMBER" == "null" ]; then
echo "Error: The original PR for the bump was not found"
echo "Searching merged PR from: $BUMP_BRANCH to ${{ github.ref_name }}"
exit 1
fi
echo "Original PR found: #$PR_NUMBER"
MERGE_COMMIT=$(gh pr view $PR_NUMBER --json mergeCommit --jq '.mergeCommit.oid')
git revert -m 1 $MERGE_COMMIT --no-commit
# Remove the files to prevent them from being included in the revert commit
git checkout HEAD -- VERSION.json 2>/dev/null || true
git checkout HEAD -- CHANGELOG.md 2>/dev/null || true
# Add any other repository-specific version files here
if git diff --staged --quiet; then
echo "No references to revert. Skipping commit."
echo "has_changes=false" >> $GITHUB_OUTPUT
else
git commit -m "feat: revert ${{ github.ref_name }} references"
echo "has_changes=true" >> $GITHUB_OUTPUT
fi
- name: Push changes
if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true')
run: |
git push origin ${{ steps.vars.outputs.branch_name }}
- name: Create pull request
if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true')
id: create_pr
run: |
gh auth setup-git
PR_URL=$(gh pr create \
--title "${{ steps.vars.outputs.pr_title }}" \
--body "Issue: ${{ inputs.issue-link }}" \
--base ${{ github.ref_name }} \
--head ${{ steps.vars.outputs.branch_name }})
echo "Pull request created: ${PR_URL}"
echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT
- name: Merge pull request
if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true')
run: |
# Any checks for the PR are bypassed since the branch is expected to be functional
gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge --admin
- name: Show bump logs
if: inputs.revert != true
run: |
echo "Bump complete."
echo "Branch: ${{ steps.vars.outputs.branch_name }}"
echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}"
echo "Bumper scripts logs:"
cat ${BUMP_LOG_PATH}/repository_bumper*log
- name: Show revert logs
if: inputs.revert == true
run: |
echo "Revert bump complete."
echo "Branch: ${{ steps.vars.outputs.branch_name }}"
echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}"
echo "Revert bumper scripts logs:"
cat ${BUMP_LOG_PATH}/repository_bumper*log || true