forked from google/osv-scanner-action
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate-script.py
More file actions
executable file
·121 lines (90 loc) · 4.11 KB
/
update-script.py
File metadata and controls
executable file
·121 lines (90 loc) · 4.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/usr/bin/env python3
"""
Performs the three git commit required to do a release. See help output for more details.
"""
import subprocess
import re
import sys
def cmd(command: list[str]) -> str:
print('$ ' + ' '.join(command))
process = subprocess.run(command, capture_output=True, text=True)
if process.returncode != 0:
print('failed to run above command, got exit code: %d', process.returncode)
print('stderr: ' + process.stderr.strip())
exit(process.returncode)
output = process.stdout.strip()
print('# ' + output)
return output
def find_and_replace_regex_in_file(file_path: str, find_regex: str,
replace: str):
print(f'Performing find and replace on "{file_path}": s/{find_regex}/{replace}')
# Read in the file
with open(file_path, 'r') as file:
filedata = file.read()
filedata = re.sub(find_regex, replace, filedata)
# Write the file out again
with open(file_path, 'w') as file:
file.write(filedata)
def print_help():
print('''update-script.py <target-tag> <optional:previous-tag>
Performs a series of git merges to update all references of the previous version to the specified tag of osv-scanner. This script expects upstream remote to be named `upstream`
1. Fetch upstream main branch
2. Create new branch on the most recent version tag (the last release commit)
3. Update references to the old osv-scanner tag to the new tag, and make the first commit
4. Update references to the old .github/workflows/osv-scanner-reusable.yml version to the newly made commit in the last step. Make the second commit.
5. Finally update the unified workflow to point to the commit made in step 4, perform the third commit.
After this script is complete, push the new branch and create a PR. This PR must be merged via a normal git merge commit, NOT a squash commit.
Then create the new release tag on this merged PR commit.''')
if len(sys.argv) != 2 and len(sys.argv) != 3:
print_help()
exit()
target_tag = sys.argv[1]
if not target_tag.startswith('v'):
print_help()
print('Target tag needs to begin with v')
exit()
cmd(['git', 'fetch', 'upstream'])
print("fetched and checkout upstream/main")
if len(sys.argv) == 3:
latest_tag = sys.argv[2]
else:
latest_tag = cmd(['git', 'describe', '--tags', '--abbrev=0'])
branch_name = cmd(['git', 'branch', '--show-current'])
cmd(['git', 'checkout', '-b', 'update-to-' + target_tag, 'upstream/main'])
find_and_replace_regex_in_file('osv-reporter-action/action.yml',
re.escape(latest_tag), target_tag)
find_and_replace_regex_in_file('osv-scanner-action/action.yml',
re.escape(latest_tag), target_tag)
find_and_replace_regex_in_file('README.md', re.escape(latest_tag), target_tag)
cmd([
'git', 'commit', '-a', '-m',
f'"Update actions to use {target_tag} osv-scanner image"'
])
first_commit_hash = cmd(['git', 'rev-parse', 'HEAD'])
print('First commit hash: ' + first_commit_hash)
find_and_replace_regex_in_file(
'.github/workflows/osv-scanner-reusable.yml',
'uses: google/osv-scanner-action/osv-(.*?)-action@.*? # .*',
f'uses: google/osv-scanner-action/osv-\\1-action@{first_commit_hash} # {target_tag}'
)
find_and_replace_regex_in_file(
'.github/workflows/osv-scanner-reusable-pr.yml',
'uses: google/osv-scanner-action/osv-(.*?)-action@.*? # .*',
f'uses: google/osv-scanner-action/osv-\\1-action@{first_commit_hash} # {target_tag}'
)
cmd([
'git', 'commit', '-a', '-m',
f'Update reusable workflows to point to {target_tag} actions'
])
second_commit_hash = cmd(['git', 'rev-parse', 'HEAD'])
print('Second commit hash: ' + second_commit_hash)
find_and_replace_regex_in_file(
'.github/workflows/osv-scanner-unified-workflow.yml',
'uses: "google/osv-scanner-action/\\.github/workflows/osv-scanner-reusable(.*?)@.*?" # .*',
f'uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable\\1@{second_commit_hash}" # {target_tag}'
)
cmd([
'git', 'commit', '-a', '-m',
f'Update unified workflow example to point to {target_tag} reusable workflows'
])
print('Success!')