From 4b1deb3439802577d17f05bcaa5c657fcb0899c5 Mon Sep 17 00:00:00 2001 From: "Stephane Lacoin (aka nxmatic)" Date: Fri, 26 Jul 2024 19:39:35 +0200 Subject: [PATCH] [gha] better handling of release branches --- .devenv/dist/flake.lock | 20 +- .devenv/dist/gwt.nix | 2 +- .devenv/flake.nix | 101 ++++++----- .devenv/gwt-version.sh | 46 +++-- .devenv/shell-hook.sh | 27 ++- .github/actions/maven-deploy/action.yml | 53 +++--- .github/actions/nix-develop/action.yml | 16 +- .../workflows/nuxeo-create-release-branch.yml | 121 +++++++++++++ .github/workflows/nuxeo-devenv-build.yml | 171 ++++++++---------- 9 files changed, 341 insertions(+), 216 deletions(-) create mode 100644 .github/workflows/nuxeo-create-release-branch.yml diff --git a/.devenv/dist/flake.lock b/.devenv/dist/flake.lock index 22e24e318..240098e2e 100644 --- a/.devenv/dist/flake.lock +++ b/.devenv/dist/flake.lock @@ -1,18 +1,5 @@ { "nodes": { - "customMacrodefs": { - "flake": false, - "locked": { - "lastModified": 1, - "narHash": "sha256-hJRm1eDQ5lCfjWZd+e1pGB43tSZsfSpJTkdZ2YKJDDA=", - "path": "custom-macrodefs.xml", - "type": "path" - }, - "original": { - "path": "custom-macrodefs.xml", - "type": "path" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -33,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721138476, - "narHash": "sha256-+W5eZOhhemLQxelojLxETfbFbc19NWawsXBlapYpqIA=", + "lastModified": 1722062969, + "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad0b5eed1b6031efaed382844806550c3dcb4206", + "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", "type": "github" }, "original": { @@ -49,7 +36,6 @@ }, "root": { "inputs": { - "customMacrodefs": "customMacrodefs", "flake-utils": "flake-utils", "nixpkgs": "nixpkgs" } diff --git a/.devenv/dist/gwt.nix b/.devenv/dist/gwt.nix index bf11709ee..7c128cedf 100644 --- a/.devenv/dist/gwt.nix +++ b/.devenv/dist/gwt.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, unzip, patch, rsync, jdk17, ant, git, which, coreutils, gnused, gnugrep, gwtVersion, gitRev, gwtTools, customMacrodefs }: +{ lib, stdenv, unzip, patch, rsync, jdk17, ant, git, which, coreutils, gnused, gnugrep, gwtVersion, gitRev, gwtTools }: stdenv.mkDerivation { pname = "gwt"; diff --git a/.devenv/flake.nix b/.devenv/flake.nix index db748a707..8550de9cf 100644 --- a/.devenv/flake.nix +++ b/.devenv/flake.nix @@ -16,7 +16,26 @@ computeGitRev = pkgs.writeScriptBin "nix-git-rev" (builtins.readFile ./git-rev.sh); buildGwtPackage = pkgs.writeScriptBin "nix-build-gwt" (builtins.readFile ./build-gwt.sh); pushGwtPackage = pkgs.writeScriptBin "nix-push-gwt" (builtins.readFile ./push-gwt.sh); - + shellHookScript = pkgs.writeTextFile { + name = "nix-shell-hook.rc"; + text = builtins.readFile ./shell-hook.sh; + }; + + # Github Token + defaultGithubToken = ""; + githubToken = builtins.getEnv "GITHUB_TOKEN"; + effectiveGithubToken = if githubToken != "" then githubToken else defaultGithubToken; + + # GH Token + ghToken = builtins.getEnv "GH_TOKEN"; + effectiveGhToken = if ghToken != "" then ghToken else effectiveGithubToken; + + # Cachix authentication token + defaultCachixAuthToken = ""; + cachixAuthToken = builtins.getEnv "CACHIX_AUTH_TOKEN"; + effectiveCachixAuthToken = if cachixAuthToken != "" then cachixAuthToken else defaultCachixAuthToken; + + # GWT version defaultGwtVersion = "0.0.0-dev"; gwtVersion = builtins.getEnv "GWT_VERSION"; @@ -32,58 +51,58 @@ gwtVersion = effectiveGwtVersion; }; gwt = pkgs.callPackage ./dist/gwt.nix { + inherit gwtTools; gwtVersion = effectiveGwtVersion; gitRev = effectiveGitRev; jdk17 = pkgs.jdk17; }; # shells - mkDevShell = { cachixAuthToken ? null }: - let - effectiveCachixAuthToken = if cachixAuthToken != null then cachixAuthToken else builtins.getEnv "CACHIX_AUTH_TOKEN"; - shellHookContent = builtins.readFile ./shell-hook.sh; - in pkgs.mkShell { - buildInputs = with pkgs; [ - cachix - jdk17 - ant - maven - yq-go - git - gh - unixtools.column - gwtTools - computeGwtVersion - computeGitRev - buildGwtPackage - pushGwtPackage - ]; + mkDevShell = pkgs.mkShell { + buildInputs = with pkgs; [ + cachix + jdk17 + ant + maven + yq-go + git + gh + unixtools.column + gwtTools + computeGwtVersion + computeGitRev + buildGwtPackage + pushGwtPackage + shellHookScript + ]; - shellHook = '' - cachix use gwt-nuxeo - export CACHIX_AUTH_TOKEN="${effectiveCachixAuthToken}" - export NIX_GWT_VERSION="${effectiveGwtVersion}" - export NIX_GWT_TOOLS="${gwtTools}" - export NIX_GIT_REV="${effectiveGitRev}" - - if [ -z "$CACHIX_AUTH_TOKEN" ]; then - echo "Warning: CACHIX_AUTH_TOKEN is not set. Cachix may not work correctly for private caches." - fi - - ${shellHookContent} - ''; - }; + shellHook = '' + cat <&2 - return 1 + local PR_BASE_REF=$2 # Add this parameter for pull request base branch + + # Check if it's a pull request + if [[ -n "$PR_BASE_REF" ]]; then + # Use the base branch of the pull request + BRANCH_NAME=$PR_BASE_REF fi + + case "$BRANCH_NAME" in + main-nuxeo) + echo "0.0.0-nuxeo" + ;; + *-nuxeo | *-test) + echo "${BRANCH_NAME}" + ;; + *) + echo "Unsupported branch name: $BRANCH_NAME" >&2 + return 1 + ;; + esac } +# Always try to get the current Git branch first +if BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD 2>/dev/null); then + if [[ "$BRANCH_NAME" != "HEAD" ]]; then + process_branch_name "$BRANCH_NAME" + exit 0 + fi +fi + +# Fall back to GITHUB_REF if we couldn't get the branch from Git if [ -n "$GITHUB_REF" ]; then case $GITHUB_REF in refs/tags/*) @@ -27,10 +47,6 @@ if [ -n "$GITHUB_REF" ]; then ;; esac else - if TAG=$(git describe --exact-match --tags HEAD 2>/dev/null); then - echo "$TAG" - else - BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) - process_branch_name "$BRANCH_NAME" - fi + echo "Unable to determine version: no Git branch and no GITHUB_REF" >&2 + exit 1 fi diff --git a/.devenv/shell-hook.sh b/.devenv/shell-hook.sh index be0fec566..6ec6c84b7 100644 --- a/.devenv/shell-hook.sh +++ b/.devenv/shell-hook.sh @@ -1,15 +1,24 @@ -#!/usr/bin/env -S bash -e -o pipefail +set -ax +[[ -n "${NIX_GITHUB_TOKEN:-}" ]] && + GITHUB_TOKEN="${NIX_GITHUB_TOKEN}" +[[ -n "${NIX_GITHUB_TOKEN:-}" ]] && + GH_TOKEN="${NIX_GITHUB_TOKEN}" +[[ -n "${NIX_CACHIX_AUTH_TOKEN:-}" ]] && + CACHIX_AUTH_TOKEN="${NIX_CACHIX_AUTH_TOKEN}" +GWT_VERSION=$( [[ -d .git ]] && nix-gwt-version || echo "${NIX_GWT_VERSION:-}" ) +GWT_TOOLS="${NIX_GWT_TOOLS:-}" +GIT_REV=$( [[ -d .git ]] && nix-git-rev || echo "${NIX_GIT_REV:-}" ) +set +ax -[[ -n "${RUNNER_DEBUG}" ]] && - set -x - -set -a -GWT_VERSION=$( [[ -d .git ]] && echo "$(nix-gwt-version)" || echo "${NIX_GWT_VERSION}" ) -GWT_TOOLS="${NIX_GWT_TOOLS}" -GIT_REV=$( [[ -d .git ]] && echo "$(nix-git-rev)" || echo "${NIX_GIT_REV}" ) -set +a +if [ -z "${CACHIX_AUTH_TOKEN:-}" ]; then + echo "Warning: CACHIX_AUTH_TOKEN is not set. Cachix may not work correctly for private caches." +else + cachix use gwt-nuxeo +fi cat < /dev/null && echo 'true' || echo 'false' ) + ~ + shell: /usr/bin/bash -ex -o pipefail {0} + + - name: Exit if branch exists + if: steps.check_branch.outputs.exists == 'true' + run: | + cat <<~ + Error: Release branches already exists. + + Please delete the following branches before running this workflow again: + + $ git push origin :$NUXEO_RELEASE_BRANCH + $ git push origin :$NUXEO_PRERELEASE_BRANCH + ~ + exit 1 + shell: /usr/bin/bash -ex -o pipefail {0} + + - name: Enable tmate session + if: runner.debug + uses: mxschmitt/action-tmate@v3 + with: + detached: true + + - name: Set up Nix Development Environment + uses: ./.github/actions/nix-develop + with: + cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Create release branches and apply Nuxeo changes + run: | + git config user.name github-actions + git config user.email github-actions@github.com + + : Check if upstream remote exists, if not add it + if ! git remote | grep -q '^upstream$'; then + git remote add upstream https://github.com/gwtproject/gwt.git + fi + + : Fetch the upstream and get the last common commit + git fetch upstream main + git fetch upstream tag $GWT_VERSION + + COMMON_ANCESTOR=$(git merge-base HEAD upstream/main) + + : Create and push the release branch based on the GWT version tag + git checkout -b $NUXEO_RELEASE_BRANCH $GWT_VERSION + git push -f origin $NUXEO_RELEASE_BRANCH + + : Cherry-pick patch branch commits and push it + git checkout -b $NUXEO_PRERELEASE_BRANCH $NUXEO_RELEASE_BRANCH + + : Create and apply patch, then create commit message + if git diff ${COMMON_ANCESTOR}..nuxeo/main | + tee >(git apply --quiet --whitespace=fix) >(grep -q .) > /dev/null; then + SQUASH_MSG=$(cat <