-
Notifications
You must be signed in to change notification settings - Fork 60
349 lines (311 loc) · 13.3 KB
/
bootstrap_pack_from_pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
name: Bootstrack Pack from PR
on:
issue_comment:
types: created
# make sure these secrets are defined:
# NEW_PACK_REPOS_TOKEN: bot PAT w/ scopes: repo, admin:org
# PACK_SLACK_WEBHOOK_URL
permissions:
pull-requests: write # comments, reactions
contents: read
env:
GH_TOKEN: ${{ github.token }}
jobs:
# This job is very helpful in debugging why conditions don't match.
# To debug, uncomment this to inspect the event payload.
#debug:
# name: Debug event
# runs-on: ubuntu-latest
# steps:
# - name: print github.event
# shell: bash
# env:
# GITHUB_EVENT: ${{ toJSON(github.event) }}
# run: |
# echo "${GITHUB_EVENT}"
permissions_check:
name: Check Comment Author Permissions
# "!bootstrap pack" comment on pull requests
if: >-
github.event.issue.pull_request
&& github.event.comment.body == '!bootstrap pack'
# Warning: github.event.comment.author_association
# cannot be used to check permissions
# because it is NONE for some TSC members.
runs-on: ubuntu-latest
steps:
- name: Ensure the commentor is an active TSC member
# ie: Validate commentor can commit to incubator
shell: bash
env:
VALID_ROLES: "admin maintain write"
# the space before/after ROLE ensures we match the whole word
run: |
export COMMENTOR_ROLE=$(
gh api -X GET \
'/repos/${{ github.repository }}/collaborators/${{ github.event.comment.user.login }}/permission' \
--jq '.role_name'
)
echo "COMMENTOR_ROLE=${COMMENTOR_ROLE}"
if [[ " ${VALID_ROLES} " =~ " ${COMMENTOR_ROLE} " ]]; then
echo "Commentor may bootstrap packs."
else
echo "Commentor may NOT bootstrap packs. '${COMMENTOR_ROLE}' is not one of: ${VALID_ROLES}"
echo "(ie the Commentor must have write access to ${{ github.repository }})."
exit 2
fi
- name: Add eyes emoji reaction to say inspecting PR
shell: bash
run: |
gh api -X POST -f content=eyes \
'/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions'
ready_to_merge_check:
name: Check for Merge Readiness
needs: [permissions_check]
runs-on: ubuntu-latest
steps:
- name: Make sure incubator PR is approved
shell: bash
# reviewDecision is a PullRequestReviewDecision enum: APPROVED, CHANGES_REQUESTED, REVIEW_REQUIRED
# see https://docs.github.com/en/graphql/reference/enums#pullrequestreviewdecision
run: |
export REVIEW_DECISION=$(
gh api graphql \
-F owner=${{ github.repository_owner }} \
-F repo=${{ github.event.repository.name }} \
-F pull_number=${{ github.event.issue.number }} \
-f query='query($owner: String!, $repo: String!, $pull_number: Int!) {
repository(owner: $owner, name:$repo) {
pullRequest(number:$pull_number) {
reviewDecision
}
}
}' \
--jq '.data.repository.pullRequest.reviewDecision'
)
echo "REVIEW_DECISION=${REVIEW_DECISION}"
if [[ "${REVIEW_DECISION}" == "APPROVED" ]]; then
echo "Pack PR has been approved. Bootstrapping may continue."
else
echo "Pack PR has NOT been approved. Halting pack bootstrap!"
exit 3
fi
- name: Make sure CI workflow is passing for PR
shell: bash
run: |
export CIRESULT=$(
gh api graphql \
-F owner=${{ github.repository_owner }} \
-F repo=${{ github.event.repository.name }} \
-F pull_number=${{ github.event.issue.number }} \
-f query='query($owner: String!, $repo: String!, $pull_number: Int!) {
repository(owner: $owner, name:$repo) {
pullRequest(number:$pull_number) {
commits(last: 1) {
nodes {
commit {
statusCheckRollup {
state
}
}
}
}
}
}
}' \
--jq '.data.repository.pullRequest.commits.nodes.[].commit.statusCheckRollup.state'
)
echo "CIRESULT=${CIRESULT}"
if [[ "${CIRESULT}" == "SUCCESS" ]]; then
echo "Pack CI has succeeded. Bootstrapping may continue."
else
echo "Pack CI has NOT succeeded. Halting pack bootstrap!"
exit 4
fi
- name: Mark running with rocket reaction and label
shell: bash
run: |
gh api -X POST -f content=rocket \
'/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions'
jq -n '{"labels": ["bootstrap:in-progress"]}' | \
gh api -X POST \
'/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels' \
--input -
- name: Publish status in incubator PR comment
shell: bash
env:
COMMENT: |
:rocket: Hold onto your hats! Now bootstrapping a new pack repo...
Bootstrapping will:
(1) extract details about the new pack;
(2) create the pack repo and repo metadata;
(3) copy this PR into the `transfer` branch in the new repo;
(4) use `transfer` branch for the pack's first PR.
Details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
gh pr comment '${{ github.event.issue.html_url }}' --body "${COMMENT}"
extract_pack_details:
name: New Pack / Extract Details
needs: [permissions_check, ready_to_merge_check]
runs-on: ubuntu-latest
steps:
- name: Extract Pack Details
id: pack-details
uses: StackStorm-Exchange/ci/.github/actions/extract-pack-meta@master
with:
pack-directory: incubator
repository: ${{ github.repository }}
# expects an issue_comment event
ref: refs/pull/${{ github.event.issue.number }}/head
fetch-depth: 0
outputs:
pack_name: ${{ steps.pack-details.outputs.pack_name }}
pack_ref: ${{ steps.pack-details.outputs.pack_ref }}
pack_description: ${{ steps.pack-details.outputs.pack_description }}
pack_path: ${{ steps.pack-details.outputs.pack_path }}
in_submodule: ${{ steps.pack-details.outputs.in_submodule }}
in_subdir: ${{ steps.pack-details.outputs.in_subdir }}
bootstrap_pack_repo:
needs: [extract_pack_details]
name: New Pack # / Bootstrap Repo
uses: StackStorm-Exchange/ci/.github/workflows/pack-bootstrap_repo.yaml@master
secrets: # available contexts: github, needs, secrets
admin_token: ${{ secrets.NEW_PACK_REPOS_TOKEN }} # min scopes: admin:org, repo
slack_webhook_url: ${{ secrets.PACK_SLACK_WEBHOOK_URL }}
with: # available contexts: github, needs
# TODO: validate that this || works if pack_ref is empty
pack_name: ${{ needs.extract_pack_details.outputs.pack_ref || needs.extract_pack_details.outputs.pack_name }}
pack_description: ${{ needs.extract_pack_details.outputs.pack_description }}
# we are using defaults for these.
#homepage: "https://exchange.stackstorm.com/#${PACK_NAME}"
#pack_org: StackStorm-Exchange
#pack_repo_prefix: stackstorm
#pack_repo_template: StackStorm-Exchange/ci-pack-template
#tsc_team: TSC
# based on
# https://github.com/StackStorm-Exchange/exchange-incubator/issues/7#issuecomment-923614663
# https://github.com/StackStorm-Exchange/exchange-incubator/issues/7#issuecomment-281247786
create_pack_pr:
name: New Pack / Create First PR
needs: [extract_pack_details, bootstrap_pack_repo]
runs-on: ubuntu-latest
steps:
- name: Setup environment
shell: bash
env:
# Should we make this configurable somehow? (repository secrets, ...)
BOT_USER: stackstorm-neptr
BOT_EMAIL: [email protected]
run: |
mkdir -p ${HOME}/.local/bin
echo "$HOME/.local/bin" >> $GITHUB_PATH
git config --global user.name "${BOT_USER}"
git config --global user.email "${BOT_EMAIL}"
- name: Install git-filter-branch
if: needs.extract_pack_details.outputs.in_submodule == 'false'
# yes, this is only one python file. instructions say to put it on the PATH.
shell: bash
run: |
curl https://raw.githubusercontent.com/newren/git-filter-repo/v2.34.0/git-filter-repo -o ${HOME}/.local/bin/git-filter-repo
chmod +x ${HOME}/.local/bin/git-filter-repo
- name: Checkout pack repo
uses: actions/checkout@v2
with:
repository: ${{ needs.bootstrap_pack_repo.outputs.pack_repo }}
path: pack
fetch-depth: 0
persist-credentials: false
- name: Checkout incubator
uses: actions/checkout@v2
with:
path: incubator
fetch-depth: 0
- name: Checkout Incubator PR
working-directory: incubator
shell: bash
run: |
git fetch origin pull/${{ github.event.issue.number }}/head:pr
git checkout pr
git submodule init
git submodule update --remote
# for git-filter-repo usage see:
# https://www.mankier.com/1/git-filter-repo
- name: Move pack to root of repo
if: needs.extract_pack_details.outputs.in_submodule == 'false'
working-directory: incubator
shell: bash
run: |
PACK_DIR=$(
realpath --relative-to="${PWD}" '${{ needs.extract_pack_details.outputs.pack_path }}'
)
git-filter-repo --subdirectory-filter "${PACK_DIR}" --force
- name: Add incubator as git remote
if: needs.extract_pack_details.outputs.in_submodule == 'false'
working-directory: pack
shell: bash
run: |
git remote add source ../incubator
git fetch source
- name: Add git remote for source repo in incubator submodule
if: needs.extract_pack_details.outputs.in_submodule == 'true'
working-directory: pack
shell: bash
run: |
git remote add source ${{ needs.extract_pack_details.outputs.pack_path }}
git fetch source
- name: Create branch for initial pack content
working-directory: pack
shell: bash
run: |
git checkout -b transfer
- name: Pull source history into pack repo
working-directory: pack
shell: bash
# ort strategy replaces recursive strategy on git 2.33+
# ours => Fix merge conflicts by preferring exchange-provided files
# (which should be a minimal required set of files).
# Update the PR before merging if needed.
run: |
git merge source/pr --allow-unrelated-histories -s ort -X ours \
-m 'Merge ${{ github.event.issue.html_url }}'
- name: Create initial content PR on pack repo
working-directory: pack
shell: bash
env:
GH_TOKEN: ${{ secrets.NEW_PACK_REPOS_TOKEN }} # min scopes: public_repo (included in repo)
PR_TITLE: 'Transfer ${{ needs.extract_pack_details.outputs.pack_name }} pack from Incubator'
PR_BODY: |
Pack: ${{ needs.extract_pack_details.outputs.pack_name }}
Description: ${{ needs.extract_pack_details.outputs.pack_description }}
Incubator PR: ${{ github.event.issue.html_url }}
run: |
git config remote.origin.gh-resolved base
git config remote.origin.pushurl "https://${GH_TOKEN}@github.com/${{ needs.bootstrap_pack_repo.outputs.pack_repo }}.git"
git push -u origin transfer
gh pr create --title "${PR_TITLE}" --body "${PR_BODY}"
- name: Mark running with hooray reaction and label
shell: bash
run: |
gh api -X DELETE \
'/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/bootstrap:in-progress'
gh api -X POST -f content=hooray \
'/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions'
jq -n '{"labels": ["bootstrap:complete"]}' |\
gh api -X POST \
'/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels' \
--input -
- name: Publish status in incubator PR comment
shell: bash
env:
COMMENT: |
:tada: Hoooray! Here is the pack's first PR: https://github.com/${{ needs.bootstrap_pack_repo.outputs.pack_repo }}/pull/1
Please do the following:
(1) make sure everything looks correct in the PR;
(2) merge it!
(3) make sure a TSC Senior Maintainer has setup group and user access;
(4) wait for the next exchange index update (monitor updates [here](https://github.com/StackStorm-Exchange/index/actions))
(5) once the index has updated, check out:
${{ needs.bootstrap_pack_repo.outputs.homepage }}
(6) Close WITHOUT merging this PR. DO NOT MERGE THIS PR.
run: |
gh pr comment '${{ github.event.issue.html_url }}' --body "${COMMENT}"