Skip to content

Commit d04f132

Browse files
sarahchen6sarahchen6
authored
Try isolating logic that creates PR (#9845)
* Rename trust policy * Clean BRANCH variable definition * Comment out logic that creates the initial release branch * Remove ref param when checking out * Reorder to match other workflows
1 parent 9f0225c commit d04f132

File tree

2 files changed

+35
-37
lines changed

2 files changed

+35
-37
lines changed

.github/chainguard/self.update-system-tests.push.sts.yaml renamed to .github/chainguard/self.update-system-tests.create-pr.sts.yaml

File renamed without changes.

.github/workflows/create-release-branch.yaml

Lines changed: 35 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -15,14 +15,18 @@ jobs:
1515
create-release-branch:
1616
runs-on: ubuntu-latest
1717
permissions:
18-
contents: write # Allow pushing the empty release branch
18+
# contents: write # Allow pushing the empty release branch
19+
contents: read
1920
id-token: write # Required for OIDC token federation
2021
steps:
2122
- uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
2223
id: octo-sts
2324
with:
2425
scope: DataDog/dd-trace-java
25-
policy: self.update-system-tests.push
26+
policy: self.update-system-tests.create-pr
27+
28+
- name: Checkout dd-trace-java at tag
29+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
2630

2731
- name: Determine tag
2832
id: determine-tag
@@ -42,69 +46,63 @@ jobs:
4246
id: define-branch
4347
run: |
4448
TAG=${{ steps.determine-tag.outputs.tag }}
45-
BRANCH="release/${TAG%.0}.x"
46-
echo "branch=${BRANCH}" >> "$GITHUB_OUTPUT"
49+
echo "branch=release/${TAG%.0}.x" >> "$GITHUB_OUTPUT"
4750
48-
- name: Checkout dd-trace-java at tag
49-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
50-
with:
51-
ref: ${{ github.sha }}
51+
# - name: Check if branch already exists
52+
# id: check-branch
53+
# run: |
54+
# BRANCH=${{ steps.define-branch.outputs.branch }}
55+
# if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
56+
# echo "creating_new_branch=false" >> "$GITHUB_OUTPUT"
57+
# echo "Branch $BRANCH already exists - skipping following steps"
58+
# else
59+
# echo "creating_new_branch=true" >> "$GITHUB_OUTPUT"
60+
# echo "Branch $BRANCH does not exist - proceeding with following steps"
61+
# fi
5262

53-
- name: Check if branch already exists
54-
id: check-branch
55-
run: |
56-
BRANCH=${{ steps.define-branch.outputs.branch }}
57-
if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
58-
echo "creating_new_branch=false" >> "$GITHUB_OUTPUT"
59-
echo "Branch $BRANCH already exists - skipping following steps"
60-
else
61-
echo "creating_new_branch=true" >> "$GITHUB_OUTPUT"
62-
echo "Branch $BRANCH does not exist - proceeding with following steps"
63-
fi
63+
# - name: Create and push empty release branch
64+
# if: steps.check-branch.outputs.creating_new_branch == 'true'
65+
# run: |
66+
# git checkout -b "${{ steps.define-branch.outputs.branch }}"
67+
# git push -u origin "${{ steps.define-branch.outputs.branch }}"
6468

65-
- name: Create and push empty release branch
66-
if: steps.check-branch.outputs.creating_new_branch == 'true'
67-
run: |
68-
git checkout -b "${{ steps.define-branch.outputs.branch }}"
69-
git push -u origin "${{ steps.define-branch.outputs.branch }}"
69+
- name: Update system-tests references to latest commit SHA on main
70+
# if: steps.check-branch.outputs.creating_new_branch == 'true'
71+
run: BRANCH=main ./tooling/update_system_test_reference.sh
7072

7173
- name: Define temp branch name
72-
if: steps.check-branch.outputs.creating_new_branch == 'true'
74+
# if: steps.check-branch.outputs.creating_new_branch == 'true'
7375
id: define-temp-branch
74-
run: echo "branch=ci/pin-system-tests-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
75-
76-
- name: Update system-tests references to latest commit SHA on main
77-
if: steps.check-branch.outputs.creating_new_branch == 'true'
78-
run: BRANCH=main ./tooling/update_system_test_reference.sh
76+
run: echo "temp-branch=ci/pin-system-tests-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
7977

8078
- name: Commit changes
81-
if: steps.check-branch.outputs.creating_new_branch == 'true'
79+
# if: steps.check-branch.outputs.creating_new_branch == 'true'
8280
id: create-commit
8381
run: |
8482
git config user.name "github-actions[bot]"
8583
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
8684
git commit -m "chore: Pin system-tests for release branch" .github/workflows/run-system-tests.yaml
8785
echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
88-
86+
8987
- name: Push changes to temp branch
90-
if: steps.check-branch.outputs.creating_new_branch == 'true'
88+
# if: steps.check-branch.outputs.creating_new_branch == 'true'
9189
uses: DataDog/commit-headless@5a0f3876e0fbdd3a86b3e008acf4ec562db59eee # action/v2.0.1
9290
with:
9391
token: "${{ steps.octo-sts.outputs.token }}"
94-
branch: "${{ steps.define-temp-branch.outputs.branch }}"
92+
branch: "${{ steps.define-temp-branch.outputs.temp-branch }}"
9593
head-sha: "${{ github.sha }}"
9694
create-branch: true
9795
command: push
9896
commits: "${{ steps.create-commit.outputs.commit }}"
9997

10098
- name: Create pull request from temp branch to release branch
101-
if: steps.check-branch.outputs.creating_new_branch == 'true'
99+
# if: steps.check-branch.outputs.creating_new_branch == 'true'
102100
env:
103101
GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
104102
run: |
105-
gh pr create --title "Pin system-tests for ${{ steps.define-branch.outputs.branch }}" \
103+
gh pr create --title "Pin system-tests for ${{ steps.define-branch.outputs.branch }}" \
106104
--base "${{ steps.define-branch.outputs.branch }}" \
107-
--head "${{ steps.define-temp-branch.outputs.branch }}" \
105+
--head "${{ steps.define-temp-branch.outputs.temp-branch }}" \
108106
--label "tag: dependencies" \
109107
--label "tag: no release notes" \
110108
--body "This PR pins the system-tests reference for the release branch."

0 commit comments

Comments
 (0)