From 4c54cbbc5cde82f71156c236debbf55b9539af2b Mon Sep 17 00:00:00 2001 From: Hannes Wellmann Date: Tue, 20 Aug 2024 23:35:34 +0200 Subject: [PATCH] Add workflow for automated version increments in pull-requests --- .github/workflows/checkVersions.yml | 77 +++++++++++ .../workflows/publishVersionCheckResults.yml | 125 ++++++++++++++++++ 2 files changed, 202 insertions(+) create mode 100644 .github/workflows/checkVersions.yml create mode 100644 .github/workflows/publishVersionCheckResults.yml diff --git a/.github/workflows/checkVersions.yml b/.github/workflows/checkVersions.yml new file mode 100644 index 00000000000..43c7521b73d --- /dev/null +++ b/.github/workflows/checkVersions.yml @@ -0,0 +1,77 @@ +name: Check for version increments and apply them if necessary + +on: + workflow_call: + inputs: + botName: + description: The name of the bot that adds the necessary version increment changes + type: string + required: true + botMail: + description: The name of the bot that adds the necessary version increment changes + type: string + required: true + +permissions: read-all + +jobs: + versions-check-and-increment: + name: Check and increment service versions + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 # required for jgit timestamp provider to work + + - name: Set up Java + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 + with: + java-version: 17 + distribution: 'temurin' + cache: maven + + - name: Set up Maven + uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 + with: + maven-version: 3.9.9 + + - name: Check and increment versions + uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # master + with: + attempt_delay: 200 + attempt_limit: 10 + command: > + mvn generate-sources -Pfast-version-check + org.eclipse.tycho:tycho-versions-plugin:bump-versions -Dtycho.bump-versions.increment=100 + --threads 1C --fail-at-end --batch-mode --no-transfer-progress --show-version + + - name: Commit version increments, if any + run: | + set -x + if [[ $(git status --ignore-submodules --porcelain) != '' ]]; then + # Workspace is not clean, i.e. some version were changed + + # Read 'releaseNumberSDK' property as stream version + streamVersion=$(mvn help:evaluate -Dexpression=releaseNumberSDK --quiet -DforceStdout) + + git config --global user.email '${{ inputs.botMail }}' + git config --global user.name '${{ inputs.botName }}' + git add --all + git status + git commit -m "Bump version(s) for ${streamVersion} stream" + + git format-patch -1 HEAD --no-stat --output 'version_increments.patch' + + echo '${{ github.event.pull_request.number }}' > 'github_pull_request_number.txt' + + else + echo 'No version increments required' + fi + + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + with: + name: versions-git-patch + path: | + version_increments.patch + github_pull_request_number.txt diff --git a/.github/workflows/publishVersionCheckResults.yml b/.github/workflows/publishVersionCheckResults.yml new file mode 100644 index 00000000000..e5a90fcb522 --- /dev/null +++ b/.github/workflows/publishVersionCheckResults.yml @@ -0,0 +1,125 @@ +name: Publish Version Check Results +on: + workflow_call: + secrets: + githubBotPAT: + description: The personal access token (with scope 'public_repo') of the bot to push a required change to a PR branch in a fork. + required: false + +permissions: read-all + +jobs: + versions-check-result: + name: Publish Version Check Results + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion != 'skipped' + + steps: + - name: Dump GitHub context + run: echo '${{ toJSON(github) }}' + + - name: Search version increment git patch + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: search-patch + with: + script: | + let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + run_id: context.payload.workflow_run.id, + ...context.repo + }) + let artifact = allArtifacts.data.artifacts.find(artifact => artifact.name == 'versions-git-patch') + return artifact?.id + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + if: steps.search-patch.outputs.result + with: + ref: '${{ github.event.workflow_run.head_sha }}' + persist-credentials: false #Opt out from persisting the default Github-token authentication in order to enable use of the bot's PAT when pushing below + + - name: Download version increment git patch + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: fetch-patch + if: steps.search-patch.outputs.result + with: + script: | + let download = await github.rest.actions.downloadArtifact({ + artifact_id: ${{ steps.search-patch.outputs.result }}, + archive_format: 'zip', + ...context.repo + }) + let fs = require('fs') + fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/patch.zip`, Buffer.from(download.data)) + await exec.exec('unzip', ['patch.zip']) + let pr_number = Number(fs.readFileSync('github_pull_request_number.txt')) + core.setOutput('pull_request_number', pr_number) + await io.rmRF('patch.zip') + await io.rmRF('github_pull_request_number.txt') + + - name: Apply and push version increment + id: git-commit + if: steps.search-patch.outputs.result + run: | + set -x + # Set initial placeholder name/mail and read it from the patch later + git config --global user.email 'foo@bar' + git config --global user.name 'Foo Bar' + + git am version_increments.patch + + # Read the author's name+mail from the just applied patch and recommit it with both set as committer + botMail=$(git log -1 --pretty=format:'%ae') + botName=$(git log -1 --pretty=format:'%an') + git config --global user.email "${botMail}" + git config --global user.name "${botName}" + git commit --amend --no-edit + + fileList=$(git diff-tree --no-commit-id --name-only HEAD -r) + echo "file-list<> $GITHUB_OUTPUT + echo "$fileList" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + git push \ + "https://oauth2:${BOT_PA_TOKEN}@github.com/${{ github.event.workflow_run.head_repository.full_name }}.git" \ + 'HEAD:refs/heads/${{ github.event.workflow_run.head_branch }}' + env: + BOT_PA_TOKEN: ${{ secrets.githubBotPAT }} + + + - name: Add information comment + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + if: steps.search-patch.outputs.result + with: + github-token: ${{ secrets.githubBotPAT }} + script: | + let prNumber = ${{ steps.fetch-patch.outputs.pull_request_number }} + const fs = require('fs') + const fileList = `${{ steps.git-commit.outputs.file-list }}` + if (fileList) { // if list is empty, no versions were changed + github.rest.issues.createComment({ + issue_number: prNumber, ...context.repo, body: ` + This pull request changes some projects for the first time in this development. + Therefore the following files need a version increment: + \`\`\` + ${fileList} + \`\`\` + An additional commit containing all the necessary changes was pushed to the top of this PR's branch. To obtain these changes (for example if you want to push more changes) either fetch from your fork or apply the _git patch_. +
+ Git patch + + \`\`\` + ${ fs.readFileSync( process.env.GITHUB_WORKSPACE + '/version_increments.patch', {encoding: 'utf8'}).trim() } + \`\`\` +
+ `.trim() + }) + } + + +# TODO: Add an FAQ about version bumps? +# - Why are the version bumps necessary at all? +# According to the rules of semantic versioning at least the service version of a bundle should be increased if anything changes between releases. +# - Why is the service version bumped by +100 +# Allows service version increments on maintanance branches that stay semnatically smaller than the next releases version +# - Why a separate commit? +# Easier to identify in Git history and the actual change is easier to revert (version must not be reverted) +# TODO: make comment updatable?