diff --git a/.github/workflows/check-merge-freeze.yml b/.github/workflows/check-merge-freeze.yml index c24b32dc718..d30fa39495b 100644 --- a/.github/workflows/check-merge-freeze.yml +++ b/.github/workflows/check-merge-freeze.yml @@ -2,7 +2,7 @@ name: Merge freeze on: pull_request: - types: [opened, ready_for_review, synchronize, reopened, labeled, unlabeled] + types: [opened, ready_for_review, synchronize, reopened, labeled, unlabeled, enqueued] branches: [main] merge_group: types: [checks_requested] @@ -11,7 +11,9 @@ jobs: check-merge-freeze: name: Check # This condition is to avoid blocking the PR causing the freeze in the first place. - if: ${{ !contains(github.event.pull_request.labels.*.name, 'release:merge-freeze') }} + if: | + (!startsWith(github.event.pull_request.title || github.event.merge_group.head_commit.message, '[chore] Prepare release')) || + (github.event.pull_request.user.login || github.event.merge_group.head_commit.author.name) != 'opentelemetrybot' runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 00a48e478ca..b363c6bd8a2 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -101,8 +101,7 @@ jobs: # - Run make prepare-release PREVIOUS_VERSION=0.52.0 RELEASE_CANDIDATE=0.53.0 MODSET=beta - name: Prepare release for core env: - BOT_GITHUB_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }} REPO: open-telemetry/opentelemetry-collector CANDIDATE_BETA: ${{ inputs.candidate-beta }} CANDIDATE_STABLE: ${{ inputs.candidate-stable }} diff --git a/.github/workflows/scripts/check-merge-freeze.sh b/.github/workflows/scripts/check-merge-freeze.sh index efd8927b17d..9cb59dd80b3 100755 --- a/.github/workflows/scripts/check-merge-freeze.sh +++ b/.github/workflows/scripts/check-merge-freeze.sh @@ -3,9 +3,9 @@ # Copyright The OpenTelemetry Authors # SPDX-License-Identifier: Apache-2.0 -BLOCKERS=$( gh pr list --search "label:release:merge-freeze" --json url --jq '.[].url' --repo "${REPO}" ) +BLOCKERS=$( gh pr list -A opentelemetrybot -S "[chore] Prepare release" --json url -q '.[].url' -R "${REPO}" ) if [ "${BLOCKERS}" != "" ]; then - echo "Merging in main is frozen, as there are open PRs labeled 'release:merge-freeze': ${BLOCKERS}" + echo "Merging in main is frozen, as there are open \"Prepare release\" PRs: ${BLOCKERS}" echo "If you believe this is no longer true, re-run this job to unblock your PR." exit 1 fi diff --git a/.github/workflows/scripts/release-prepare-release.sh b/.github/workflows/scripts/release-prepare-release.sh index e3438ec5950..80884a73786 100755 --- a/.github/workflows/scripts/release-prepare-release.sh +++ b/.github/workflows/scripts/release-prepare-release.sh @@ -42,11 +42,8 @@ fi git push origin "${BRANCH}" # Use OpenTelemetryBot account to create PR, allowing workflows to run -PR=$(GITHUB_TOKEN="$BOT_GITHUB_TOKEN" gh pr create --title "[chore] Prepare release ${RELEASE_VERSION}" --body " +# The title must match the checks in check-merge-freeze.yml +gh pr create --title "[chore] Prepare release ${RELEASE_VERSION}" --body " The following commands were run to prepare this release: ${COMMANDS} -") - -# The `release:merge-freeze` label will cause the `check-merge-freeze` workflow to fail, enforcing the freeze. -# The bot does not have permissions to add labels, so this is done using the CI action token. -gh pr edit "$PR" --add-label release:merge-freeze || echo "Failed to add merge-freeze label" +"