Add rollouts #106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Add rollouts | |
on: | |
workflow_dispatch: | |
inputs: | |
start: | |
description: "Rollout start time" | |
default: "2 PM UTC tomorrow" | |
stable_hours: | |
description: "stable: rollout duration (hours, 0 to skip)" | |
default: "48" | |
testing_hours: | |
description: "testing: rollout duration (hours, 0 to skip)" | |
default: "48" | |
next_hours: | |
description: "next: rollout duration (hours, 0 to skip)" | |
default: "48" | |
permissions: | |
# none at all | |
contents: none | |
# This workflow could almost use the default GITHUB_TOKEN, if we were to | |
# push the branch into this repo. However, GitHub Actions has recursion | |
# avoidance that would prevent CI from running on the PR: | |
# | |
# https://github.com/peter-evans/create-pull-request/blob/28fa4848947e/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs | |
# | |
# So we create the PR using a separate Personal Access Token in | |
# COREOSBOT_RELENG_TOKEN, belonging to a machine account. That allows CI to | |
# run when the PR is first created. However, it's also possible to rerun | |
# the workflow and have it force-push the branch, reusing the same PR. In | |
# that case the push also cannot come from GITHUB_TOKEN, or CI will not | |
# rerun. Thus we also do the push using COREOSBOT_RELENG_TOKEN. Since we | |
# don't want to give the machine account privileges to this repo, we push | |
# to a forked repo owned by the machine account. | |
jobs: | |
rollout: | |
name: "Add rollouts" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install dependencies | |
run: pip install python-dateutil dateparser | |
- name: Check out repository | |
uses: actions/checkout@v3 | |
with: | |
# We need an unbroken commit chain when pushing to the fork. Don't | |
# make assumptions about which commits are already available there. | |
fetch-depth: 0 | |
- name: Check out fedora-coreos-stream-generator | |
uses: actions/checkout@v3 | |
with: | |
repository: coreos/fedora-coreos-stream-generator | |
path: generator | |
# We need Git tags for the metadata.generator field | |
fetch-depth: 0 | |
- name: Build fedora-coreos-stream-generator | |
working-directory: generator | |
run: make | |
- name: Update metadata | |
env: | |
START: ${{ github.event.inputs.start }} | |
stable_HOURS: ${{ github.event.inputs.stable_hours }} | |
testing_HOURS: ${{ github.event.inputs.testing_hours }} | |
next_HOURS: ${{ github.event.inputs.next_hours }} | |
run: | | |
set -euxo pipefail | |
RED="\e[31m" | |
YELLOW="\e[33m" | |
GREEN="\e[32m" | |
RESET="\e[0m" | |
git config --global user.name "CoreOS Bot" | |
git config --global user.email "[email protected]" | |
rollout_desc= | |
branch_name=rollout | |
for stream in stable testing next; do | |
# skip this stream if requested | |
stream_hours="${stream}_HOURS" | |
if [ "${!stream_hours}" -eq 0 ]; then | |
echo -e "${YELLOW}${stream} rollout duration set to 0; skipping${RESET}" | |
continue | |
fi | |
# update stream metadata | |
old_version=$(jq -r .architectures.x86_64.artifacts.qemu.release < "streams/${stream}.json") | |
generator/fedora-coreos-stream-generator -releases="https://fcos-builds.s3.amazonaws.com/prod/streams/${stream}/releases.json" -output-file="streams/${stream}.json" -pretty-print | |
version=$(jq -r .architectures.x86_64.artifacts.qemu.release < "streams/${stream}.json") | |
if [ "${old_version}" = "${version}" ]; then | |
echo -e "${YELLOW}${stream} unchanged at version ${version}; skipping${RESET}" | |
continue | |
fi | |
# add rollout | |
echo -e "${GREEN}${stream} updating from ${old_version} to ${version}${RESET}" | |
./rollout.py add "${stream}" "${version}" "${START}" "${!stream_hours}" | |
# commit | |
git add "streams/${stream}.json" "updates/${stream}.json" | |
git commit -m "Roll out ${stream} ${version}" | |
# update state | |
rollout_desc="${rollout_desc}${rollout_desc:+, }${stream} ${version}" | |
branch_name="${branch_name}-${version}" | |
done | |
if [ -z "${rollout_desc}" ]; then | |
echo -e "${RED}Nothing to update?${RESET}" | |
exit 1 | |
fi | |
rm -rf generator | |
# ensure create-pull-request doesn't commit stream metadata | |
# timestamp bumps for unchanged streams | |
git reset --hard | |
echo "BRANCH_NAME=${branch_name}" >> ${GITHUB_ENV} | |
echo "ROLLOUT_DESC=${rollout_desc}" >> ${GITHUB_ENV} | |
- name: Open pull request | |
uses: peter-evans/[email protected] | |
with: | |
token: ${{ secrets.COREOSBOT_RELENG_TOKEN }} | |
branch: ${{ env.BRANCH_NAME }} | |
push-to-fork: coreosbot-releng/fedora-coreos-streams | |
title: "Roll out ${{ env.ROLLOUT_DESC }}" | |
body: "Requested by @${{ github.actor }} via [GitHub workflow](${{ github.server_url }}/${{ github.repository }}/actions/workflows/rollout.yml) ([source](${{ github.server_url }}/${{ github.repository }}/blob/main/.github/workflows/rollout.yml))." | |
delete-branch: true |