diff --git a/.github/bump-version-patch.yaml b/.github/bump-version-patch.yaml deleted file mode 100644 index 6e34938..0000000 --- a/.github/bump-version-patch.yaml +++ /dev/null @@ -1,2 +0,0 @@ -- op: remove - path: /on/push diff --git a/.github/bump-version.bump.sh b/.github/bump-version.bump.sh deleted file mode 100755 index 613d0ff..0000000 --- a/.github/bump-version.bump.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# This script is copied from the depot repo; edit it there, not in the destination repo. - -# Decide what the next versions are going to be. Inputs are the mode, current version, and optional release version override. -# Outputs are the new release version and the new development version. - -# Mode can be "release" or "prerelease". See bump-version.yaml for details. - -set -e - -case "$#" in -"2") - MODE="$1" - CURRENTVERS="$2" - ;; -"3") - MODE="$1" - CURRENTVERS="$2" - RELEASEVERS="$3" - ;; -*) - echo "Usage: $0 mode current_vers [new_vers]" 1>&2 - exit 1 -esac -if [ "${MODE}" != "release" ] && [ "${MODE}" != "prerelease" ] ; then - echo "Invalid mode '${MODE}'" 1>&2 - exit 1 -fi - -for V in ${CURRENTVERS} ${RELEASEVERS} ; do - # Sanity check: Ignoring any pre-release info, version must not be 0.0.0. - if [ "${V/-*/}" = "0.0.0" ] ; then - echo "Illegal zero version '${V}'" 1>&2 - exit 1 - fi - # Sanity check: Must start with a valid semver. - if ! [[ ${V} =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))? ]] ; then - echo "Invalid version '${V}'" 1>&2 - exit 1 - fi -done - -# Derive a new release version. -if [ -z "${RELEASEVERS}" ] ; then - case "${MODE}" in - "release") - RELEASEVERS="${CURRENTVERS/-*}" - ;; - "prerelease") - # Replace [-.]pre[-.$] with [-.]rc[-.$]. - RELEASEVERS="$(echo "${CURRENTVERS}" | sed -E 's/([-.])pre([-.]|$)/\1rc\2/')" - # If no [-.]rc[-.$], append -rc.0. - if ! [[ ${RELEASEVERS} =~ [-.]rc([-.]|$) ]] ; then - RELEASEVERS="${RELEASEVERS}-rc.0" - fi - # If there's no number after the "rc", append ".0". - if ! [[ ${RELEASEVERS} =~ [-.]rc[-.][0-9]+ ]] ; then - RELEASEVERS="${RELEASEVERS}.0" - fi - ;; - esac -fi -# The prefix is there to support Go's release naming conventions. -echo "release=${BUMP_VERSION_RELEASE_PREFIX}${RELEASEVERS}" >> "$GITHUB_OUTPUT" - -# Derive a new bumped version from the release version. -# Increment the last number in the string. -VERSION="$(echo "${RELEASEVERS}" | gawk '{ start=match($0, /(.*[^0-9])([0-9]+)([^0-9]*)$/, a) ; a[2] += 1 ; printf("%s%s%s", a[1], a[2], a[3]) }')" -# Replace [-.]rc[-.$] with pre. -VERSION="$(echo "${VERSION}" | sed -E 's/([-.])rc([-.]|$)/\1pre\2/')" -# If no [-.]pre[-.$], then append -pre. -if ! [[ ${VERSION} =~ [-.]pre([-.]|$) ]] ; then - VERSION="${VERSION}-pre" -fi -echo "bumped=${VERSION}" >> "$GITHUB_OUTPUT" diff --git a/.github/bump-version.get.sh b/.github/bump-version.get.sh deleted file mode 100755 index ed1cc8f..0000000 --- a/.github/bump-version.get.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash - -# This script is copied from the depot repo; edit it there, not in the destination repo. - -# Get the semver from various files in the repo. - -# Always performs sanity checking: -# - There must be at least one version file. -# - All version files must agree. (Ignoring the contents but not existence of pre-release version.) -# - The version must be a valid semver. -# - The version must not be 0.0.0. - -set -e - -# Parse args -if [ $# -gt 0 ] ; then - echo "Usage: $0" 1>&2 - exit 1 -fi - -# Find the version files in this directory or its descendants, but don't recurse too deep. -# This line must be kept in sync with "bump-version.set.sh". -VERSFILES=$(find . -maxdepth 3 ! -path ./.git/\* | grep -v /node_modules/ | grep -E '.*/(version|Cargo.toml|version.go|package.json|pom.xml|version.sbt|build.gradle.kts)$') - -# Do we have at least one? -if [ -z "${VERSFILES}" ] ; then - echo "No version files found; aborting" 1>&2 - exit 1 -fi - -# Read the versions. -CURRENTVERS="" -for FILE in ${VERSFILES} ; do - # Parse each version file according to its type. - case $(basename "${FILE}") in - version) - # It's a file to capture version info for generic things that don't have their own format. - VERS=$(cat "${FILE}") - ;; - Cargo.toml) - VERS=$(cargo metadata --manifest-path "${FILE}" --no-deps --offline --format-version 1 | jq -re '.packages[0].version') - ;; - version.go) - VERS=$(grep "const Version" < "${FILE}" | sed -e 's/^[^"]*"//' -e 's/"$//') - ;; - package.json) - if [ "$(dirname "${FILE}")" = "." ] ; then - # This is the root package.json, so we want .version. - VERS=$(jq -re '.version' < "${FILE}") - else - # This isn't the root package.json, so we assume it depends on the package declared in the root package.json. We need to - # get the root package's name. - ROOTJSNAME="$(jq -re '.name' < package.json)" - VERS=$(jq -re ".dependencies[\"${ROOTJSNAME}\"]" < "${FILE}") - # Strip off any leading "^". - VERS=${VERS/^/} - fi - ;; - pom.xml) - if [ "$(dirname "${FILE}")" = "." ] ; then - # This is the root pom.xml, so we want /m:project/m:version. - VERS=$(xmlstarlet sel -N m="http://maven.apache.org/POM/4.0.0" -t -v "/m:project/m:version" < "${FILE}") - else - # This isn't the root pom.xml, so we assume it depends on the package declared in the root pom.xml. We need to get the - # root pom's artifactId. - ROOTID=$(xmlstarlet sel -N m="http://maven.apache.org/POM/4.0.0" -t -v "/m:project/m:artifactId" < pom.xml) - # Select /m:project/m:dependencies/m:dependency/m:version where it has a sibling m:artifactId with the correct value. - XPATH="/m:project/m:dependencies/m:dependency[m:artifactId=\"${ROOTID}\"]/m:version" - VERS=$(xmlstarlet sel -N m="http://maven.apache.org/POM/4.0.0" -t -v "${XPATH}" < "${FILE}") - fi - ;; - version.sbt) - VERS=$(sed -e 's/^[^"]*"//' -e 's/"$//' < "${FILE}") - ;; - build.gradle.kts) - VERS=$(grep "^version.*=" < "${FILE}" | sed -e 's/^[^"]*"//' -e 's/"$//') - ;; - *) - echo "Can't parse '${FILE}' for version" 1>&2 - exit 1 - ;; - esac - - if [ -z "${VERS}" ] ; then - echo "Empty version from '${FILE}'" 1>&2 - exit 1 - fi - - # If this is the first parsed version file, then set current version. - if [ -z "${CURRENTVERS}" ] ; then - CURRENTVERS="${VERS}" - fi - - # Compare this file's version to other files' version. Ignore anything after the "-" in a pre-release version, but keep the "-" - # so a release version is unequal to a pre-release. - if ! [ "${CURRENTVERS/-*/-}" = "${VERS/-*/-}" ] ; then - echo "Version '${VERS}' in '${FILE}' doesn't match '${CURRENTVERS}' from others in '${VERSFILES}'" 1>&2 - exit 1 - fi -done - -# Sanity check: Ignoring any pre-release info, version must not be 0.0.0. -if [ "${CURRENTVERS/-*/}" = "0.0.0" ] ; then - echo "Illegal zero version '${CURRENTVERS}'" 1>&2 - exit 1 -fi -# Sanity check: Must start with a valid semver. -if ! [[ ${CURRENTVERS} =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))? ]] ; then - echo "Invalid version '${CURRENTVERS}'" 1>&2 - exit 1 -fi - -echo "${CURRENTVERS}" diff --git a/.github/bump-version.set.sh b/.github/bump-version.set.sh deleted file mode 100755 index 4a2d650..0000000 --- a/.github/bump-version.set.sh +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/bash - -# This script is copied from the depot repo; edit it there, not in the destination repo. - -# Set the semver in various files. - -# Always performs sanity checking: -# - There must be at least one version file. -# - The version must be a valid semver. -# - The version must not be 0.0.0. -# - After running, altered files must already be under Git control, and they must be only the version files we know how to handle, -# and modifications must be 0 or 1 line changes. - -# If setting the version to $a.$b.$c-$pre, substitute "SNAPSHOT" for $pre in any Java-related files. - -set -e - -# Parse args -if [ $# -ne 1 ] ; then - echo "Usage: $0 version" 1>&2 - exit 1 -fi -NEWVERS="$1" - -# Sanity check: Ignoring any pre-release info, version must not be 0.0.0. -if [ "${NEWVERS/-*/}" = "0.0.0" ] ; then - echo "Illegal zero version '${NEWVERS}'" 1>&2 - exit 1 -fi -# Sanity check: Must start with a valid semver, with an optional leading "v". -if ! [[ ${NEWVERS} =~ ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))? ]] ; then - echo "Invalid version '${NEWVERS}'" 1>&2 - exit 1 -fi - -# Find the version files in this directory or its descendants, but don't recurse too deep. -# This line must be kept in sync with "bump-version.get.sh". -VERSFILES=$(find . -maxdepth 3 ! -path ./.git/\* | grep -v /node_modules/ | grep -E '.*/(version|Cargo.toml|version.go|package.json|pom.xml|version.sbt|build.gradle.kts)$') - -# Edit the version files. -for FILE in ${VERSFILES} ; do - DIR=$(dirname "${FILE}") - case $(basename "${FILE}") in - version) - echo "${NEWVERS}" > "${FILE}" - ;; - - Cargo.toml) - sed 's/^version = ".*"$/version = "'"${NEWVERS}"'"/' "${FILE}" > "${FILE}.tmp" - mv "${FILE}.tmp" "${FILE}" - - # If there's a Cargo.lock, update it also. - if [ -f "${DIR}/Cargo.lock" ] ; then - CARGO_LOCKS="${CARGO_LOCKS} ${DIR}" - fi - ;; - - version.go) - sed 's/const Version = ".*"/const Version = "'"${NEWVERS}"'"/' "${FILE}" > "${FILE}.tmp" - mv "${FILE}.tmp" "${FILE}" - ;; - - package.json) - if [ "${DIR}" = "." ] ; then - # This is the root package.json, so we want .version. - jq --indent 4 ".version=\"${NEWVERS}\"" "${FILE}" > "${FILE}.new" - else - # Get the root package's name. - ROOTJSNAME="$(jq -re '.name' < package.json)" - jq --indent 4 ".dependencies[\"${ROOTJSNAME}\"]=\"^${NEWVERS}\"" "${FILE}" > "${FILE}.new" - fi - mv "${FILE}.new" "${FILE}" - ;; - - pom.xml) - # Replace -foo with -SNAPSHOT to be compatible with Java conventions. - JAVAVERS="${NEWVERS/-*/-SNAPSHOT}" - - if [ "${DIR}" = "." ] ; then - # This is the root pom.xml, so we want /m:project/m:version. - xmlstarlet ed -L -P -N m="http://maven.apache.org/POM/4.0.0" -u "/m:project/m:version" -v "${JAVAVERS}" "${FILE}" - else - # We've already computed our XPATH expression above, so reuse that here. - xmlstarlet ed -L -P -N m="http://maven.apache.org/POM/4.0.0" -u "${XPATH}" -v "${JAVAVERS}" "${FILE}" - fi - ;; - - version.sbt) - # Replace -foo with -SNAPSHOT to be compatible with Java conventions. - # Disabling this logic to work with cmk-s3-proxy. Since we only use bump-version to publish our scala containers, not our - # scala libs, the -SNAPSHOT suffix isn't an important convention. - # JAVAVERS="${NEWVERS/-*/-SNAPSHOT}" - JAVAVERS="${NEWVERS}" - - # The file might use the old, deprecated syntax or the newer syntax: - # version in ThisBuild := "1.2.3-SNAPSHOT" - # ThisBuild / version := "1.2.3-SNAPSHOT" - sed 's,^ThisBuild / version := ".*"$,ThisBuild / version := "'"${JAVAVERS}"'",' "${FILE}" > "${FILE}.tmp" - sed 's,^version in ThisBuild := ".*"$,ThisBuild / version := "'"${JAVAVERS}"'",' "${FILE}.tmp" > "${FILE}" - rm "${FILE}.tmp" - ;; - - build.gradle.kts) - # Replace -foo with -SNAPSHOT to be compatible with Java conventions. - JAVAVERS="${NEWVERS/-*/-SNAPSHOT}" - sed 's/^version = ".*"$/version = "'"${JAVAVERS}"'"/' "${FILE}" > "${FILE}.tmp" - mv "${FILE}.tmp" "${FILE}" - ;; - - *) - echo "Can't edit '${FILE}' with new version" 1>&2 - exit 1 - esac - - # Add it to git. - git add "${FILE}" - # Verify that we've changed zero or one line. - git diff --cached -w --numstat "${FILE}" > /tmp/diffcount - if [ -s /tmp/diffcount ] ; then - # shellcheck disable=SC2034 - read -r ADDED REMOVED FILENAME < /tmp/diffcount - if [ "${ADDED}" -ne 1 ] || [ "${REMOVED}" -ne 1 ] ; then - echo "Changes to '${FILE}' must be zero or one line, but observed edits are:" 1>&2 - git diff --cached "${FILE}" 1>&2 - exit 1 - fi - fi -done - -# If there are Cargo.lock files, we need to run "cargo fetch" after all the Cargo.toml files have been edited. -for DIR in ${CARGO_LOCKS} ; do - ( cd "${DIR}" && cargo fetch ) - git add "${DIR}/Cargo.lock" -done - -# Look for files that have been changed, but that we haven't told git about. -echo "Checking for modified but untracked files:" -if git status -s | grep -qEv '^M ' ; then - echo "Modified but untracked files:" 1>&2 - git status -s | grep -Ev '^M ' 1>&2 - echo "This probably means '$0' modified a file but forgot to 'git add' it." 1>&2 - exit 1 -fi diff --git a/.github/update-workflows-patch.yaml b/.github/update-workflows-patch.yaml deleted file mode 100644 index d54ffb1..0000000 --- a/.github/update-workflows-patch.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- op: replace - path: /on/schedule/0/cron - value: "55 7 * * 1" diff --git a/.github/update-workflows.sh b/.github/update-workflows.sh deleted file mode 100755 index 898badf..0000000 --- a/.github/update-workflows.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/env bash - -# This script is copied from the depot repo; edit it there, not in the destination repo. - -# Copy the requested templates from the templates repo to this one, applying patches as we go. -# You must be in the target repo when you run this, and depot must be checked out as a sibling to this repo. - -set -e -set -o pipefail - -THISREPO=$(git rev-parse --show-toplevel) -TEMPLATES="${THISREPO}/../depot/github-actions/.github" - -if [ $# -ge 1 ] ; then - WORKFLOWS=$* -else - # Scan to see which templates are installed, and update them. - for WF in "${THISREPO}"/.github/workflows/*.yaml ; do - BASE=$(basename "${WF}") - if [ -f "${TEMPLATES}/workflows/${BASE}" ] ; then - WORKFLOWS="${WORKFLOWS} ${BASE}" - fi - done - - if [ -z "${WORKFLOWS}" ] ; then - echo "No workflows specified as args, and none found in ${THISREPO}/.github/workflows." 1>&2 - exit 1 - fi -fi - -for X in jsonpatch yaml2json json2yaml ; do - if ! command -v ${X} &> /dev/null ; then - echo "Can't find ${X} on the PATH." 1>&2 - exit 1 - fi -done - -mkdir -p "${THISREPO}/.github/workflows" -for WF in ${WORKFLOWS} ; do - echo "Updating ${WF}..." - BASE=$(basename "${WF}" .yaml) - YAMLPATCH=".github/${BASE}-patch.yaml" - JSONPATCH="/tmp/${BASE}-patch.json" - - # Remove the target files before creating them from scratch. This lets us handle file renames and deletes. - rm -f "${THISREPO}"/.github/"${BASE}".* - - # Copy the workflow file, using jsonpatch. - ( - echo "# DO NOT EDIT THIS FILE." - echo "# Instead, edit the jsonpatch file (actually YAML) in ${YAMLPATCH}" - echo "# For docs, see github-actions in the IronCoreLabs/depot repo." - echo "" - if [ -f "${THISREPO}/${YAMLPATCH}" ] ; then - yaml2json < "${THISREPO}/${YAMLPATCH}" > "${JSONPATCH}" - yaml2json < "${TEMPLATES}/workflows/${WF}" | jsonpatch - "${JSONPATCH}" | json2yaml - else - yaml2json < "${TEMPLATES}/workflows/${WF}" | json2yaml - fi - ) > "${THISREPO}/.github/workflows/${WF}" - - # Copy any related files or directories with the same name. - find "${TEMPLATES}" -name "${BASE}.*" ! -name "${BASE}.yaml" -print | while read -r SRCFILE ; do - DSTFILE="${THISREPO}/.github/$(basename "${SRCFILE}")" - # First unlink it, to prevent this script from overwriting itself while it's running. - rm -f "${DSTFILE}" - cp "${SRCFILE}" "${DSTFILE}" - done - - # If there's an example patch file in depot, but none in this repo, copy it over. - # If you add an example patch file that's really optional, you'll need to change this logic. - SRCPATCH="${TEMPLATES}/${BASE}-patch.yaml" - DSTPATCH="${THISREPO}/.github/${BASE}-patch.yaml" - if [ -f "${SRCPATCH}" ] && ! [ -f "${DSTPATCH}" ] ; then - echo "" - echo "Copying ${SRCPATCH} to ${DSTPATCH}; make sure you customize it." - cp "${SRCPATCH}" "${DSTPATCH}" - # Be annoying to catch the user's attention. - echo "" - echo "" - sleep 5 - fi -done diff --git a/.github/workflows/bump-version.yaml b/.github/workflows/bump-version.yaml index 96cf683..a7de401 100644 --- a/.github/workflows/bump-version.yaml +++ b/.github/workflows/bump-version.yaml @@ -1,89 +1,19 @@ -# DO NOT EDIT THIS FILE. -# Instead, edit the jsonpatch file (actually YAML) in .github/bump-version-patch.yaml -# For docs, see github-actions in the IronCoreLabs/depot repo. - name: Bump Version -'on': + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + # This repo doesn't trigger Bump Version on push to `main` workflow_dispatch: inputs: version: description: New semver release version. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -env: - MODE: release + jobs: - skip: - runs-on: ubuntu-22.04 - outputs: - skip: ${{ steps.skip.outputs.skip }} - steps: - - name: Maybe skip - id: skip - run: "# If it's a push to main, and any of the commits are from Dependabot,\ - \ we should skip.\nif [ ${{ github.event_name }} = push ] ; then\n if [ $(jq\ - \ -r < ${{ github.event_path }} '.commits | map(.author.name == \"dependabot[bot]\"\ - ) | any') = true ] ; then\n echo \"skip=true\" >> \"$GITHUB_OUTPUT\"\n\ - \ fi\nfi\n" bump: - needs: - - skip - runs-on: ubuntu-22.04 - if: ${{ needs.skip.outputs.skip != 'true' }} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - token: ${{ secrets.WORKFLOW_PAT }} - - name: Configure git - run: 'git config --global user.email ops@ironcorelabs.com - - git config --global user.name "Leeroy Travis" - - ' - - name: Release - id: release - run: "set -x\nRETRIES=10\nTRY=0\nwhile [ $TRY -lt $RETRIES ] ; do\n TRY=$(expr\ - \ $TRY + 1)\n # Get the current version.\n CURRENT=$(.github/bump-version.get.sh)\n\ - \ # Calculate next release version, and next dev version. Output to $GITHUB_OUTPUT,\ - \ which we then read.\n .github/bump-version.bump.sh \"${{ env.MODE }}\"\ - \ \"${CURRENT}\" ${{ github.event.inputs.version }}\n . $GITHUB_OUTPUT\n\ - \ # Set the in-tree version to the release version.\n .github/bump-version.set.sh\ - \ \"${release}\"\n git diff --cached\n # GHA intermixes the stdout from\ - \ git diff with stderr from \"set -x\", so we pause to let it settle.\n sleep\ - \ 1\n git commit -m \"Set release version ${release} [skip ci]\"\n git tag\ - \ \"${release}\"\n\n # Bump to the next development version.\n .github/bump-version.set.sh\ - \ \"${bumped}\"\n git diff --cached\n sleep 1\n git commit -m \"Bump to\ - \ next development version ${bumped} [skip ci]\"\n\n # If we push the release\ - \ commit and its tag in one step, we hit strange race conditions where one\ - \ client succeeds\n # pushing the tag, and another client succeeds pushing\ - \ the commit. Instead, we push the commit first and then the tag.\n # That\ - \ seems to cause the loser of the race to fail early.\n if git push origin\ - \ \"${{ github.ref }}\" && git push origin \"${release}\" ; then\n # Just\ - \ exit.\n exit 0\n fi\n\n # If the \"git push\" failed, then let's forget\ - \ our last two commits, re-pull the latest changes, and try again.\n git\ - \ reset --hard HEAD~2\n git tag -d \"${release}\"\n git pull origin \"${{\ - \ github.ref }}\"\n # Wait a little bit to let competing workflows finish\ - \ their business.\n sleep 10\ndone\n# Fallthrough for repeated failure case.\n\ - echo \"Failed to push bumped versions; tried $TRY times.\"\nexit 1\n" - - name: Generate release text - id: release-body - run: "set -x\n# Get the most recent commit. Hopefully it was a PR merge.\nCOMMIT=$(jq\ - \ -r '.after' ${{ github.event_path }})\nif [ \"${COMMIT}\" = \"null\" ] ||\ - \ [ -z \"${COMMIT}\" ] ; then\n exit 0\nfi\n# Get the most recent PRs; hopefully\ - \ ours is one of them.\ncurl -fSs -H \"Accept: application/vnd.github+json\"\ - \ \\\n -H \"Authorization: Bearer ${{ secrets.WORKFLOW_PAT }}\" \\\n https://api.github.com/repos/${{\ - \ github.repository }}/pulls?state=all\\&base=${{ github.ref }}\\&sort=updated\\\ - &direction=desc > /tmp/prs.json\n# Find a PR that resulted in our commit.\n\ - PR=$(jq -r \".[] | select(.merge_commit_sha == \\\"${COMMIT}\\\") | .number\"\ - \ /tmp/prs.json)\nif [ \"${PR}\" = \"null\" ] || [ -z \"${PR}\" ] ; then\n\ - \ exit 0\nfi\n# Build the string we'll use as the description of the release.\n\ - echo \"body=latest_pr:${PR}\" >> \"$GITHUB_OUTPUT\"\n" - - name: Create prerelease - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.WORKFLOW_PAT }} - prerelease: true - tag: ${{ steps.release.outputs.release }} - body: ${{ steps.release-body.outputs.body }} + uses: IronCoreLabs/workflows/.github/workflows/bump-version.yaml@bump-version-v1 + with: + version: ${{ inputs.version }} + secrets: inherit diff --git a/.github/workflows/update-workflows.yaml b/.github/workflows/update-workflows.yaml deleted file mode 100644 index 560a7dd..0000000 --- a/.github/workflows/update-workflows.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# DO NOT EDIT THIS FILE. -# Instead, edit the jsonpatch file (actually YAML) in .github/update-workflows-patch.yaml -# For docs, see github-actions in the IronCoreLabs/depot repo. - -name: Update Workflows -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -'on': - push: - paths: - - .github/** - branches: - - '!main' - schedule: - - cron: 55 7 * * 1 - workflow_dispatch: null -jobs: - update: - runs-on: ubuntu-22.04 - steps: - - uses: actions/setup-python@v4 - with: - python-version: 3.x - - name: Install JSON tools - run: pip3 install jsonpatch pyyaml - - name: Build yaml2json, json2yaml - run: 'mkdir -p ~/bin - - cat - << EOF > ~/bin/json2yaml - - #!/usr/bin/env python3 - - import json - - import sys - - import yaml - - sys.stdout.write(yaml.dump(json.load(sys.stdin),sort_keys=False)) - - EOF - - cat - << EOF > ~/bin/yaml2json - - #!/usr/bin/env python3 - - import json - - import sys - - import yaml - - json.dump(yaml.full_load(sys.stdin),sys.stdout) - - EOF - - chmod +x ~/bin/json2yaml ~/bin/yaml2json - - echo "${HOME}/bin" >> ${GITHUB_PATH} - - ' - - name: Check out this repo - uses: actions/checkout@v3 - with: - path: thisrepo - token: ${{ secrets.WORKFLOW_PAT }} - - name: Check out template repo - uses: actions/checkout@v3 - with: - path: depot - repository: IronCoreLabs/depot - token: ${{ secrets.WORKFLOW_PAT }} - - name: Randomize - run: "# Only create the patch file if it doesn't already exist. We don't want\ - \ to change the time every time we run this.\nif ! [ -f thisrepo/.github/update-workflows-patch.yaml\ - \ ] ; then\n (\n echo \"- op: replace\"\n echo \" path: /on/schedule/0/cron\"\ - \n echo \" value: \\\"$(( $RANDOM % 60 )) 7 * * 1\\\"\"\n ) > thisrepo/.github/update-workflows-patch.yaml\n\ - \ # \"git add\" and commit will be taken care of below.\nfi\nif [ -f thisrepo/.github/workflows/rebuild.yaml\ - \ ] && ! [ -f thisrepo/.github/rebuild-patch.yaml ] ; then\n (\n echo\ - \ \"- op: replace\"\n echo \" path: /on/schedule/0/cron\"\n echo \"\ - \ value: \\\"$(( $RANDOM % 60 )) 16 * * 2\\\"\"\n ) > thisrepo/.github/rebuild-patch.yaml\n\ - fi\n" - - name: Update workflows - id: update - working-directory: thisrepo - run: "set -x\nset -o pipefail\n\n# If it fails, we still want to create a PR;\ - \ it helps signal a human to come fix it.\nif ! bash -x .github/update-workflows.sh\ - \ ; then\n echo \"failed=true\" >> \"$GITHUB_OUTPUT\"\nelse\n echo \"failed=false\"\ - \ >> \"$GITHUB_OUTPUT\"\nfi\n\necho \"Git status:\"\ngit status\n\ngit add\ - \ -A\n\nif [ -z \"$(git status --porcelain)\" ] ; then\n echo \"No updated\ - \ workflows; done.\"\n echo \"skip=true\" >> \"$GITHUB_OUTPUT\"\nfi\n" - - name: Commit and push or PR - working-directory: thisrepo - if: steps.update.outputs.skip != 'true' - run: "set -x\nset -o pipefail\ngit config --global user.email ops@ironcorelabs.com\n\ - git config --global user.name \"Leeroy Travis\"\n\ngit commit -m \"Update\ - \ workflows from templates.\"\n\n# If the update applied cleanly, try pushing\ - \ straight to the branch we're on.\nif [ \"${{ steps.update.outputs.failed\ - \ }}\" = \"false\" ] && git push ; then\n exit 0\nfi\n\n# Simple push failed.\ - \ We don't care why it failed; we just need to make a PR out of this commit.\n\ - NEW_BRANCH=\"workflow-update-$(date -u '+%Y-%m-%d')\"\ngit branch \"${NEW_BRANCH}\"\ - \ngit push -u origin \"${NEW_BRANCH}\"\n\n# Create a PR.\nPRBODY=\"Updating\ - \ from templates.\"\nif [ \"${{ steps.update.outputs.failed }}\" == \"true\"\ - \ ] ; then\n PRBODY=$(printf \"%s\\n\\n%s\" \"${PRBODY}\" \"@IronCoreLabs/ops\ - \ patch didn't apply cleanly.\")\nfi\n# https://github.com/IronCoreLabs/depot/issues/333\n\ - echo \"${PRBODY}\" > body.txt\necho -n \"${NEW_BRANCH}\" > head.txt\necho\ - \ ${{ steps.update.outputs.failed }} | \\\njq --rawfile body body.txt --rawfile\ - \ head head.txt \\\n '{\"title\": \"Update workflows from templates\",\n\ - \ \"base\": \"main\",\n \"head\": $head,\n \"body\": $body,\n \ - \ \"draft\": .}' | \\\ncurl -Ss -X POST \\\n -H \"Authorization: token ${{\ - \ secrets.WORKFLOW_PAT }}\" \\\n -H \"Content-Type: application/json\" \\\ - \n --data @- \\\n https://api.github.com/repos/${{ github.repository }}/pulls\ - \ \\\n | tee pr.json\n\n# Label the PR.\nPR=$(jq -r '.issue_url' < pr.json)\n\ - curl -Ss -X POST \\\n -H \"Authorization: token ${{ secrets.WORKFLOW_PAT\ - \ }}\" \\\n -H \"Content-Type: application/json\" \\\n --data '{\"labels\"\ - : [\"ops\"]}' \\\n \"${PR}/labels\"\n"