From a0e77323bace0098a2f8f79a552b8cf6c0cfd200 Mon Sep 17 00:00:00 2001 From: Sanchith Hegde Date: Wed, 10 Jan 2024 18:43:06 +0530 Subject: [PATCH] ci: use git commands for pushing commits and tags in release workflows --- .../release-nightly-version-reusable.yml | 87 ++++--------------- .github/workflows/release-nightly-version.yml | 83 ++++-------------- 2 files changed, 34 insertions(+), 136 deletions(-) diff --git a/.github/workflows/release-nightly-version-reusable.yml b/.github/workflows/release-nightly-version-reusable.yml index deb8c44cc3c3..accd8c12a913 100644 --- a/.github/workflows/release-nightly-version-reusable.yml +++ b/.github/workflows/release-nightly-version-reusable.yml @@ -3,11 +3,8 @@ name: Create a nightly tag on: workflow_call: secrets: - app_id: - description: App ID for the GitHub app - required: true - app_private_key: - description: Private key for the GitHub app + token: + description: GitHub token for authenticating with GitHub required: true outputs: tag: @@ -31,23 +28,17 @@ jobs: runs-on: ubuntu-latest steps: - - name: Generate GitHub app token - id: generate_app_token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.app_id }} - private-key: ${{ secrets.app_private_key }} - - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ secrets.token }} - name: Check if the workflow is run on an allowed branch shell: bash run: | - if [[ "${{github.ref}}" != "refs/heads/${ALLOWED_BRANCH_NAME}" ]]; then - echo "::error::This workflow is expected to be run from the '${ALLOWED_BRANCH_NAME}' branch. Current branch: '${{github.ref}}'" + if [[ "${{ github.ref }}" != "refs/heads/${ALLOWED_BRANCH_NAME}" ]]; then + echo "::error::This workflow is expected to be run from the '${ALLOWED_BRANCH_NAME}' branch. Current branch: '${{ github.ref }}'" exit 1 fi @@ -139,62 +130,22 @@ jobs: }' CHANGELOG.md rm release-notes.md - # We make use of GitHub API calls to commit and tag the changelog instead of the simpler - # `git commit`, `git tag` and `git push` commands to have signed commits and tags - - name: Commit generated changelog and create tag + - name: Set git configuration + shell: bash + run: | + git config --local user.name 'github-actions' + git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com' + + - name: Commit, tag and push generated changelog shell: bash - env: - GH_TOKEN: ${{ steps.generate_app_token.outputs.token }} run: | - HEAD_COMMIT="$(git rev-parse 'HEAD^{commit}')" - - # Create a tree based on the HEAD commit of the current branch and updated changelog file - TREE_SHA="$( - gh api \ - --method POST \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - '/repos/{owner}/{repo}/git/trees' \ - --raw-field base_tree="${HEAD_COMMIT}" \ - --raw-field 'tree[][path]=CHANGELOG.md' \ - --raw-field 'tree[][mode]=100644' \ - --raw-field 'tree[][type]=blob' \ - --field 'tree[][content]=@CHANGELOG.md' \ - --jq '.sha' - )" - - # Create a commit to point to the above created tree - NEW_COMMIT_SHA="$( - gh api \ - --method POST \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - '/repos/{owner}/{repo}/git/commits' \ - --raw-field "message=chore(version): ${NEXT_TAG}" \ - --raw-field "parents[]=${HEAD_COMMIT}" \ - --raw-field "tree=${TREE_SHA}" \ - --jq '.sha' - )" - - # Update the current branch to point to the above created commit - # We disable forced update so that the workflow will fail if the branch has been updated since the workflow started - # (for example, new commits were pushed to the branch after the workflow execution started). - gh api \ - --method PATCH \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - "/repos/{owner}/{repo}/git/refs/heads/${ALLOWED_BRANCH_NAME}" \ - --raw-field "sha=${NEW_COMMIT_SHA}" \ - --field 'force=false' - - # Create a lightweight tag to point to the above created commit - gh api \ - --method POST \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - '/repos/{owner}/{repo}/git/refs' \ - --raw-field "ref=refs/tags/${NEXT_TAG}" \ - --raw-field "sha=${NEW_COMMIT_SHA}" + git add CHANGELOG.md + git commit --message "chore(version): ${NEXT_TAG}" + + git tag "${NEXT_TAG}" HEAD + + git push origin "${ALLOWED_BRANCH_NAME}" + git push origin "${NEXT_TAG}" - name: Set job outputs shell: bash diff --git a/.github/workflows/release-nightly-version.yml b/.github/workflows/release-nightly-version.yml index 36a843469d0c..7c5989819fa6 100644 --- a/.github/workflows/release-nightly-version.yml +++ b/.github/workflows/release-nightly-version.yml @@ -27,23 +27,17 @@ jobs: runs-on: ubuntu-latest steps: - - name: Generate GitHub app token - id: generate_app_token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.HYPERSWITCH_BOT_APP_ID }} - private-key: ${{ secrets.HYPERSWITCH_BOT_APP_PRIVATE_KEY }} - - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ secrets.AUTO_RELEASE_PAT }} - name: Check if the workflow is run on an allowed branch shell: bash run: | - if [[ "${{github.ref}}" != "refs/heads/${ALLOWED_BRANCH_NAME}" ]]; then - echo "::error::This workflow is expected to be run from the '${ALLOWED_BRANCH_NAME}' branch. Current branch: '${{github.ref}}'" + if [[ "${{ github.ref }}" != "refs/heads/${ALLOWED_BRANCH_NAME}" ]]; then + echo "::error::This workflow is expected to be run from the '${ALLOWED_BRANCH_NAME}' branch. Current branch: '${{ github.ref }}'" exit 1 fi @@ -80,66 +74,20 @@ jobs: echo "Postman collection files have no modifications" fi - - name: Commit updated Postman collections if modified + - name: Set git configuration + shell: bash + run: | + git config --local user.name 'github-actions' + git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com' + + - name: Commit and push updated Postman collections if modified shell: bash - env: - GH_TOKEN: ${{ steps.generate_app_token.outputs.token }} if: ${{ env.POSTMAN_COLLECTION_FILES_UPDATED == 'true' }} run: | - # Obtain current HEAD commit SHA and use that as base tree SHA for creating a new tree - HEAD_COMMIT="$(git rev-parse 'HEAD^{commit}')" - UPDATED_TREE_SHA="${HEAD_COMMIT}" - - # Obtain the flags to be passed to the GitHub CLI. - # Each line contains the flags to be used corresponding to the file. - lines="$( - git ls-files \ - --format '--raw-field tree[][path]=%(path) --raw-field tree[][mode]=%(objectmode) --raw-field tree[][type]=%(objecttype) --field tree[][content]=@%(path)' \ - postman/collection-json - )" - - # Create a tree based on the HEAD commit of the current branch, using the contents of the updated Postman collections directory - while IFS= read -r line; do - # Split each line by space to obtain the flags passed to the GitHub CLI as an array - IFS=' ' read -ra flags <<< "${line}" - - # Create a tree by updating each collection JSON file. - # The SHA of the created tree is used as the base tree SHA for updating the next collection file. - UPDATED_TREE_SHA="$( - gh api \ - --method POST \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - '/repos/{owner}/{repo}/git/trees' \ - --raw-field base_tree="${UPDATED_TREE_SHA}" \ - "${flags[@]}" \ - --jq '.sha' - )" - done <<< "${lines}" - - # Create a commit to point to the tree with all updated collections - NEW_COMMIT_SHA="$( - gh api \ - --method POST \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - '/repos/{owner}/{repo}/git/commits' \ - --raw-field "message=chore(postman): update Postman collection files" \ - --raw-field "parents[]=${HEAD_COMMIT}" \ - --raw-field "tree=${UPDATED_TREE_SHA}" \ - --jq '.sha' - )" - - # Update the current branch to point to the above created commit. - # We disable forced update so that the workflow will fail if the branch has been updated since the workflow started - # (for example, new commits were pushed to the branch after the workflow execution started). - gh api \ - --method PATCH \ - --header 'Accept: application/vnd.github+json' \ - --header 'X-GitHub-Api-Version: 2022-11-28' \ - "/repos/{owner}/{repo}/git/refs/heads/${ALLOWED_BRANCH_NAME}" \ - --raw-field "sha=${NEW_COMMIT_SHA}" \ - --field 'force=false' + git add postman + git commit --message 'chore(postman): update Postman collection files' + + git push origin "${ALLOWED_BRANCH_NAME}" create-nightly-tag: name: Create a nightly tag @@ -147,5 +95,4 @@ jobs: needs: - update-postman-collections secrets: - app_id: ${{ secrets.HYPERSWITCH_BOT_APP_ID }} - app_private_key: ${{ secrets.HYPERSWITCH_BOT_APP_PRIVATE_KEY }} + token: ${{ secrets.AUTO_RELEASE_PAT }}