From c94c0a1e36d57602d118199be9955c429a1321ff Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Mon, 1 Jul 2024 20:04:48 +0200 Subject: [PATCH 1/8] Use a bot user in a trusted agent for pipelines that require git push operations --- .buildkite/code-freeze.yml | 6 +++--- .../configure-git-for-release-management.sh | 15 ++++++++------- .buildkite/complete-code-freeze.yml | 6 +++--- .buildkite/finalize-release.yml | 6 +++--- .buildkite/new-beta-release.yml | 6 +++--- .buildkite/update-release-notes.yml | 6 +++--- 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/.buildkite/code-freeze.yml b/.buildkite/code-freeze.yml index 09095a497234..bef42bc2d80f 100644 --- a/.buildkite/code-freeze.yml +++ b/.buildkite/code-freeze.yml @@ -1,15 +1,15 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Code Freeze" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh install_gems bundle exec fastlane code_freeze skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/commands/configure-git-for-release-management.sh b/.buildkite/commands/configure-git-for-release-management.sh index eb39be490f66..c7c4a7a0821f 100755 --- a/.buildkite/commands/configure-git-for-release-management.sh +++ b/.buildkite/commands/configure-git-for-release-management.sh @@ -1,10 +1,11 @@ #!/bin/bash -eu -# Git command line client is not configured in Buildkite. Temporarily, we configure it in each step. -# Later on, we should be able to configure the agent instead. -curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts -git config --global user.email "mobile+wpmobilebot@automattic.com" -git config --global user.name "Automattic Release Bot" +# This script needs to be source'd as use-bot-for-git exports a variable and this needs to be visible outside +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be 'source'd (instead of being called directly as an executable) to work properly" + exit 1 +fi -# Buildkite is currently using the https url to checkout. We need to override it to be able to use the deploy key. -git remote set-url origin git@github.com:wordpress-mobile/WordPress-Android.git +echo '--- :robot_face: Use bot for git operations' +# shellcheck disable=SC1091 +source use-bot-for-git diff --git a/.buildkite/complete-code-freeze.yml b/.buildkite/complete-code-freeze.yml index 2b378accabdf..ea813bc1dcb5 100644 --- a/.buildkite/complete-code-freeze.yml +++ b/.buildkite/complete-code-freeze.yml @@ -1,16 +1,16 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Complete Code Freeze" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh .buildkite/commands/checkout-release-branch.sh install_gems bundle exec fastlane complete_code_freeze skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/finalize-release.yml b/.buildkite/finalize-release.yml index 015ba7cd5d78..2fd0869df661 100644 --- a/.buildkite/finalize-release.yml +++ b/.buildkite/finalize-release.yml @@ -1,14 +1,12 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Finalize release" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh .buildkite/commands/checkout-release-branch.sh install_gems @@ -16,3 +14,5 @@ steps: cp gradle.properties-example gradle.properties bundle exec fastlane finalize_release skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/new-beta-release.yml b/.buildkite/new-beta-release.yml index 3c2a9248fc18..4f2b8e441881 100644 --- a/.buildkite/new-beta-release.yml +++ b/.buildkite/new-beta-release.yml @@ -1,17 +1,17 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "New Beta Release" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh install_gems cp gradle.properties-example gradle.properties bundle exec fastlane new_beta_release skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/update-release-notes.yml b/.buildkite/update-release-notes.yml index e484a67471ab..57ac1df0e312 100644 --- a/.buildkite/update-release-notes.yml +++ b/.buildkite/update-release-notes.yml @@ -1,16 +1,16 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Update release notes" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh .buildkite/commands/checkout-editorial-branch.sh install_gems bundle exec fastlane update_appstore_strings version:${RELEASE_VERSION} + agents: + queue: "tumblr-metal" From afe335dd0cdd01f585a3075e888e75bf31c23c3d Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Tue, 2 Jul 2024 20:42:23 +0200 Subject: [PATCH 2/8] Replace plugin declaration to use shared var instead --- .buildkite/beta-builds.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.buildkite/beta-builds.yml b/.buildkite/beta-builds.yml index d7ee1deef39f..f6fb82ade867 100644 --- a/.buildkite/beta-builds.yml +++ b/.buildkite/beta-builds.yml @@ -4,12 +4,6 @@ # This pipeline is meant to be run via the Buildkite API, and is # only used for beta builds -# Nodes with values to reuse in the pipeline. -common_params: - # Common plugin settings to use with the `plugins` key. - - &common_plugins - - automattic/a8c-ci-toolkit#3.4.2 - agents: queue: "android" @@ -20,7 +14,7 @@ steps: - label: "Gradle Wrapper Validation" command: | validate_gradle_wrapper - plugins: *common_plugins + plugins: [$CI_TOOLKIT] # Wait for Gradle Wrapper to be validated before running any other jobs - wait @@ -53,7 +47,7 @@ steps: key: wpbuild command: ".buildkite/commands/beta-build.sh wordpress" depends_on: wplint - plugins: *common_plugins + plugins: [$CI_TOOLKIT] notify: - slack: "#build-and-ship" @@ -61,7 +55,7 @@ steps: key: jpbuild command: ".buildkite/commands/beta-build.sh jetpack" depends_on: jplint - plugins: *common_plugins + plugins: [$CI_TOOLKIT] notify: - slack: "#build-and-ship" @@ -73,4 +67,4 @@ steps: - wpbuild - jpbuild command: ".buildkite/commands/create-github-release.sh" - plugins: *common_plugins + plugins: [$CI_TOOLKIT] From 2597b0df0d9b28c2443bcb4155450c3f798450f0 Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Tue, 2 Jul 2024 20:45:17 +0200 Subject: [PATCH 3/8] [TO REVERT] Add temp lane to test git push permissions --- .buildkite/test-git-push.yml | 13 +++++++++++++ fastlane/lanes/release.rb | 12 ++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 .buildkite/test-git-push.yml diff --git a/.buildkite/test-git-push.yml b/.buildkite/test-git-push.yml new file mode 100644 index 000000000000..cbbd7bdf2471 --- /dev/null +++ b/.buildkite/test-git-push.yml @@ -0,0 +1,13 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json +--- + + +steps: + - label: "Test Git Push 👀" + plugins: [$CI_TOOLKIT] + command: | + install_gems + + bundle exec fastlane test_git_push + agents: + queue: "tumblr-metal" diff --git a/fastlane/lanes/release.rb b/fastlane/lanes/release.rb index d8491ed76b88..8464b2221dcc 100644 --- a/fastlane/lanes/release.rb +++ b/fastlane/lanes/release.rb @@ -121,6 +121,18 @@ create_release_management_pull_request('trunk', "Merge #{new_version} code freeze into trunk") end + lane :test_git_push do |options| + Fastlane::Helper::GitHelper.checkout_and_pull('iangmaia/trusted-agent-for-push-access') + + UI.message 'Bumping beta version and build code...' + VERSION_FILE.write_version( + version_name: code_freeze_beta_version, + version_code: next_build_code + ) + commit_version_bump + push_to_git_remote(tags: false) + end + ##################################################################################### # new_beta_release # ----------------------------------------------------------------------------------- From ab7a38e9168b3ad821e5b695efbd147c84956598 Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Wed, 3 Jul 2024 01:06:19 +0200 Subject: [PATCH 4/8] [TO REVERT] Use bot for test git operation --- .buildkite/test-git-push.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.buildkite/test-git-push.yml b/.buildkite/test-git-push.yml index cbbd7bdf2471..bf454dfabd74 100644 --- a/.buildkite/test-git-push.yml +++ b/.buildkite/test-git-push.yml @@ -6,6 +6,8 @@ steps: - label: "Test Git Push 👀" plugins: [$CI_TOOLKIT] command: | + source .buildkite/commands/configure-git-for-release-management.sh + install_gems bundle exec fastlane test_git_push From 06711d04cb73eaec26e79b93c9b144c7fac139d9 Mon Sep 17 00:00:00 2001 From: Automattic Release Bot Date: Tue, 2 Jul 2024 19:09:03 -0400 Subject: [PATCH 5/8] Bump version number --- version.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.properties b/version.properties index b7cdf22f3a11..9215ea29a74c 100644 --- a/version.properties +++ b/version.properties @@ -1,2 +1,2 @@ -versionName=25.1 -versionCode=1440 \ No newline at end of file +versionName=25.2-rc-1 +versionCode=1441 \ No newline at end of file From 2899ec5e2602826df1c0b10e7e93144a00c67740 Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Wed, 3 Jul 2024 01:13:49 +0200 Subject: [PATCH 6/8] Revert commits 2597b0df0d9b28c2443bcb4155450c3f798450f0, ab7a38e9168b3ad821e5b695efbd147c84956598, 06711d04cb73eaec26e79b93c9b144c7fac139d9 --- .buildkite/test-git-push.yml | 15 --------------- fastlane/lanes/release.rb | 12 ------------ version.properties | 4 ++-- 3 files changed, 2 insertions(+), 29 deletions(-) delete mode 100644 .buildkite/test-git-push.yml diff --git a/.buildkite/test-git-push.yml b/.buildkite/test-git-push.yml deleted file mode 100644 index bf454dfabd74..000000000000 --- a/.buildkite/test-git-push.yml +++ /dev/null @@ -1,15 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json ---- - - -steps: - - label: "Test Git Push 👀" - plugins: [$CI_TOOLKIT] - command: | - source .buildkite/commands/configure-git-for-release-management.sh - - install_gems - - bundle exec fastlane test_git_push - agents: - queue: "tumblr-metal" diff --git a/fastlane/lanes/release.rb b/fastlane/lanes/release.rb index 8464b2221dcc..d8491ed76b88 100644 --- a/fastlane/lanes/release.rb +++ b/fastlane/lanes/release.rb @@ -121,18 +121,6 @@ create_release_management_pull_request('trunk', "Merge #{new_version} code freeze into trunk") end - lane :test_git_push do |options| - Fastlane::Helper::GitHelper.checkout_and_pull('iangmaia/trusted-agent-for-push-access') - - UI.message 'Bumping beta version and build code...' - VERSION_FILE.write_version( - version_name: code_freeze_beta_version, - version_code: next_build_code - ) - commit_version_bump - push_to_git_remote(tags: false) - end - ##################################################################################### # new_beta_release # ----------------------------------------------------------------------------------- diff --git a/version.properties b/version.properties index 9215ea29a74c..b7cdf22f3a11 100644 --- a/version.properties +++ b/version.properties @@ -1,2 +1,2 @@ -versionName=25.2-rc-1 -versionCode=1441 \ No newline at end of file +versionName=25.1 +versionCode=1440 \ No newline at end of file From db4b88f08ed274269a27bb76bcb69b40942a31fd Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Thu, 4 Jul 2024 14:00:46 +0200 Subject: [PATCH 7/8] Inline the `use-bot-for-git` script sourcing --- .buildkite/code-freeze.yml | 2 +- .../commands/configure-git-for-release-management.sh | 11 ----------- .buildkite/complete-code-freeze.yml | 3 ++- .buildkite/finalize-release.yml | 3 ++- .buildkite/new-beta-release.yml | 2 +- .buildkite/update-release-notes.yml | 3 ++- 6 files changed, 8 insertions(+), 16 deletions(-) delete mode 100755 .buildkite/commands/configure-git-for-release-management.sh diff --git a/.buildkite/code-freeze.yml b/.buildkite/code-freeze.yml index bef42bc2d80f..ee8f63392853 100644 --- a/.buildkite/code-freeze.yml +++ b/.buildkite/code-freeze.yml @@ -6,7 +6,7 @@ steps: - label: "Code Freeze" plugins: [$CI_TOOLKIT] command: | - source .buildkite/commands/configure-git-for-release-management.sh + source use-bot-for-git install_gems diff --git a/.buildkite/commands/configure-git-for-release-management.sh b/.buildkite/commands/configure-git-for-release-management.sh deleted file mode 100755 index c7c4a7a0821f..000000000000 --- a/.buildkite/commands/configure-git-for-release-management.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -eu - -# This script needs to be source'd as use-bot-for-git exports a variable and this needs to be visible outside -if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then - echo "This script must be 'source'd (instead of being called directly as an executable) to work properly" - exit 1 -fi - -echo '--- :robot_face: Use bot for git operations' -# shellcheck disable=SC1091 -source use-bot-for-git diff --git a/.buildkite/complete-code-freeze.yml b/.buildkite/complete-code-freeze.yml index ea813bc1dcb5..f8d3da618d96 100644 --- a/.buildkite/complete-code-freeze.yml +++ b/.buildkite/complete-code-freeze.yml @@ -6,7 +6,8 @@ steps: - label: "Complete Code Freeze" plugins: [$CI_TOOLKIT] command: | - source .buildkite/commands/configure-git-for-release-management.sh + source use-bot-for-git + .buildkite/commands/checkout-release-branch.sh install_gems diff --git a/.buildkite/finalize-release.yml b/.buildkite/finalize-release.yml index 2fd0869df661..9cbade9c8858 100644 --- a/.buildkite/finalize-release.yml +++ b/.buildkite/finalize-release.yml @@ -6,7 +6,8 @@ steps: - label: "Finalize release" plugins: [$CI_TOOLKIT] command: | - source .buildkite/commands/configure-git-for-release-management.sh + source use-bot-for-git + .buildkite/commands/checkout-release-branch.sh install_gems diff --git a/.buildkite/new-beta-release.yml b/.buildkite/new-beta-release.yml index 4f2b8e441881..2e85933cea5a 100644 --- a/.buildkite/new-beta-release.yml +++ b/.buildkite/new-beta-release.yml @@ -6,7 +6,7 @@ steps: - label: "New Beta Release" plugins: [$CI_TOOLKIT] command: | - source .buildkite/commands/configure-git-for-release-management.sh + source use-bot-for-git install_gems diff --git a/.buildkite/update-release-notes.yml b/.buildkite/update-release-notes.yml index 57ac1df0e312..943b7769ca7c 100644 --- a/.buildkite/update-release-notes.yml +++ b/.buildkite/update-release-notes.yml @@ -6,7 +6,8 @@ steps: - label: "Update release notes" plugins: [$CI_TOOLKIT] command: | - source .buildkite/commands/configure-git-for-release-management.sh + source use-bot-for-git + .buildkite/commands/checkout-editorial-branch.sh install_gems From 59a75985689463d990107d1358f955ee5426f83e Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Thu, 4 Jul 2024 14:20:52 +0200 Subject: [PATCH 8/8] Improve logging for release pipelines --- .buildkite/code-freeze.yml | 3 +++ .buildkite/complete-code-freeze.yml | 4 ++++ .buildkite/finalize-release.yml | 4 ++++ .buildkite/new-beta-release.yml | 3 +++ .buildkite/update-release-notes.yml | 4 ++++ 5 files changed, 18 insertions(+) diff --git a/.buildkite/code-freeze.yml b/.buildkite/code-freeze.yml index ee8f63392853..0c8e12918ffd 100644 --- a/.buildkite/code-freeze.yml +++ b/.buildkite/code-freeze.yml @@ -6,10 +6,13 @@ steps: - label: "Code Freeze" plugins: [$CI_TOOLKIT] command: | + echo '--- :robot_face: Use bot for git operations' source use-bot-for-git + echo '--- :ruby: Setup Ruby Tools' install_gems + echo '--- :snowflake: Start Code Freeze' bundle exec fastlane code_freeze skip_confirm:true agents: queue: "tumblr-metal" diff --git a/.buildkite/complete-code-freeze.yml b/.buildkite/complete-code-freeze.yml index f8d3da618d96..5898aa2e9285 100644 --- a/.buildkite/complete-code-freeze.yml +++ b/.buildkite/complete-code-freeze.yml @@ -6,12 +6,16 @@ steps: - label: "Complete Code Freeze" plugins: [$CI_TOOLKIT] command: | + echo '--- :robot_face: Use bot for git operations' source use-bot-for-git + echo '--- :git: Checkout Release Branch' .buildkite/commands/checkout-release-branch.sh + echo '--- :ruby: Setup Ruby Tools' install_gems + echo '--- :snowflake: Complete Code Freeze' bundle exec fastlane complete_code_freeze skip_confirm:true agents: queue: "tumblr-metal" diff --git a/.buildkite/finalize-release.yml b/.buildkite/finalize-release.yml index 9cbade9c8858..0c91008c11f7 100644 --- a/.buildkite/finalize-release.yml +++ b/.buildkite/finalize-release.yml @@ -6,14 +6,18 @@ steps: - label: "Finalize release" plugins: [$CI_TOOLKIT] command: | + echo '--- :robot_face: Use bot for git operations' source use-bot-for-git + echo '--- :git: Checkout Release Branch' .buildkite/commands/checkout-release-branch.sh + echo '--- :ruby: Setup Ruby Tools' install_gems cp gradle.properties-example gradle.properties + echo '--- :shipit: Finalize Release' bundle exec fastlane finalize_release skip_confirm:true agents: queue: "tumblr-metal" diff --git a/.buildkite/new-beta-release.yml b/.buildkite/new-beta-release.yml index 2e85933cea5a..db233146ca9a 100644 --- a/.buildkite/new-beta-release.yml +++ b/.buildkite/new-beta-release.yml @@ -6,12 +6,15 @@ steps: - label: "New Beta Release" plugins: [$CI_TOOLKIT] command: | + echo '--- :robot_face: Use bot for git operations' source use-bot-for-git + echo '--- :ruby: Setup Ruby Tools' install_gems cp gradle.properties-example gradle.properties + echo '--- :shipit: New Beta Release' bundle exec fastlane new_beta_release skip_confirm:true agents: queue: "tumblr-metal" diff --git a/.buildkite/update-release-notes.yml b/.buildkite/update-release-notes.yml index 943b7769ca7c..1b2ee0a53ae0 100644 --- a/.buildkite/update-release-notes.yml +++ b/.buildkite/update-release-notes.yml @@ -6,12 +6,16 @@ steps: - label: "Update release notes" plugins: [$CI_TOOLKIT] command: | + echo '--- :robot_face: Use bot for git operations' source use-bot-for-git + echo '--- :git: Checkout Editorial Branch' .buildkite/commands/checkout-editorial-branch.sh + echo '--- :ruby: Setup Ruby Tools' install_gems + echo '--- :memo: Update Release Notes' bundle exec fastlane update_appstore_strings version:${RELEASE_VERSION} agents: queue: "tumblr-metal"