|
| 1 | +name: Mirror Upstream PRs |
| 2 | +on: |
| 3 | + schedule: |
| 4 | + - cron: '0 1-3,5-7,9-11,13-15,17-19,21-23 * * *' # every hour, but skipping main hours → runs at +1h, +2h, +3h after each main |
| 5 | + workflow_dispatch: {} |
| 6 | + |
| 7 | +permissions: |
| 8 | + actions: write |
| 9 | + contents: write |
| 10 | + pull-requests: write |
| 11 | + |
| 12 | +concurrency: |
| 13 | + group: sync-upstream-prs |
| 14 | + cancel-in-progress: true |
| 15 | + |
| 16 | +jobs: |
| 17 | + sync-prs: |
| 18 | + runs-on: ubuntu-latest |
| 19 | + |
| 20 | + env: |
| 21 | + GH_TOKEN: ${{ secrets.MIRROR_REPOS_WRITE_PAT }} # use PAT for gh API calls against the mirror |
| 22 | + UPSTREAM_REPO: '${{ vars.UPSTREAM_REPO }}' |
| 23 | + UPSTREAM_REMOTE: "upstream" |
| 24 | + ORIGIN_BASE_BRANCH: "main" |
| 25 | + UPSTREAM_BASELINE_TAG: "upstream-baseline" |
| 26 | + MAX_UPSTREAM_PRS: '${{ vars.MIRROR_MAX_UPSTREAM_PRS }}' # maximum number of upstream PRs to mirror |
| 27 | + UPSTREAM_PR_LOOKBACK_DAYS: '${{ vars.MIRROR_UPSTREAM_PR_LOOKBACK_DAYS }}' # consider PRs opened/updated in the last N days |
| 28 | + CANCEL_UPSTREAM_WORKFLOWS: 'false' # whether to cancel unexpected workflows on mirrored PR branches |
| 29 | + |
| 30 | + steps: |
| 31 | + - uses: actions/checkout@v4 |
| 32 | + with: |
| 33 | + fetch-depth: 0 |
| 34 | + token: ${{ env.GH_TOKEN }} |
| 35 | + |
| 36 | + - name: Resolve upstream default branch and its latest commit (baseline tag) |
| 37 | + id: resolver |
| 38 | + shell: bash -euo pipefail {0} |
| 39 | + run: | |
| 40 | + echo "::group::Resolve ${UPSTREAM_BASELINE_TAG} tag and write to output" |
| 41 | + if ! git rev-parse --verify --quiet ${UPSTREAM_BASELINE_TAG} >/dev/null; then |
| 42 | + echo "> Tag ${UPSTREAM_BASELINE_TAG} not found yet (first run before Sync) → exit early" |
| 43 | + echo "proceed=no" >> "$GITHUB_OUTPUT" |
| 44 | + echo "::endgroup::" |
| 45 | + exit 0 |
| 46 | + fi |
| 47 | +
|
| 48 | + base=$(git rev-parse ${UPSTREAM_BASELINE_TAG}) |
| 49 | + echo "base=${base}" >> "$GITHUB_OUTPUT" |
| 50 | + echo "> ${UPSTREAM_BASELINE_TAG} tag exists at ${base}" |
| 51 | + echo "::endgroup::" |
| 52 | +
|
| 53 | + def=$(gh api "repos/${UPSTREAM_REPO}" --jq .default_branch) |
| 54 | + echo "def=${def}" >> "$GITHUB_OUTPUT" |
| 55 | + echo "> Upstream default branch is ${def}" |
| 56 | +
|
| 57 | + - name: Guard ~ check if upstream moved since last sync |
| 58 | + if: steps.resolver.outputs.base != '' |
| 59 | + id: guard |
| 60 | + shell: bash -euo pipefail {0} |
| 61 | + run: | |
| 62 | + def="${{ steps.resolver.outputs.def }}" |
| 63 | + base=${{ steps.resolver.outputs.base }} |
| 64 | +
|
| 65 | + sha=$(gh api "repos/${UPSTREAM_REPO}/commits/${def}" --jq .sha) |
| 66 | + echo "> Latest commit on ${UPSTREAM_REMOTE}/${def} is ${sha}. Tagged base is at: ${base}" |
| 67 | +
|
| 68 | + if [ "$sha" != "${base}" ]; then |
| 69 | + echo "> Upstream moved since last sync, but Sync hasn’t rebuilt main yet. Do nothing now to avoid opening PRs against an outdated base." |
| 70 | + echo "proceed=no" >> "$GITHUB_OUTPUT" |
| 71 | + else |
| 72 | + echo "> Upstream is at the base commit, proceed with fetching PRs and mirroring them." |
| 73 | + echo "proceed=yes" >> "$GITHUB_OUTPUT" |
| 74 | + fi |
| 75 | +
|
| 76 | + - name: Refresh upstream and fetch only changed/new PR refs |
| 77 | + if: steps.guard.outputs.proceed == 'yes' |
| 78 | + id: refresh |
| 79 | + shell: bash -euo pipefail {0} |
| 80 | + run: | |
| 81 | + echo "> Remove current upstream remote" |
| 82 | + git remote remove ${UPSTREAM_REMOTE} 2>/dev/null || true |
| 83 | + |
| 84 | + echo "> Add upstream remote" |
| 85 | + # upstream is assumed public — add unauthenticated upstream remote |
| 86 | + git remote add ${UPSTREAM_REMOTE} "https://github.com/${UPSTREAM_REPO}.git" |
| 87 | + |
| 88 | + def="${{ steps.resolver.outputs.def }}" |
| 89 | + base="${{ steps.resolver.outputs.base }}" |
| 90 | +
|
| 91 | + # only consider PRs opened or updated within the last N days |
| 92 | + lookback_days="${{ env.UPSTREAM_PR_LOOKBACK_DAYS }}" |
| 93 | + cutoff=$(date -u -d "${lookback_days} days ago" +%Y-%m-%dT%H:%M:%SZ) |
| 94 | +
|
| 95 | + echo "> List upstream PRs targeting ${def} at base ${base} and updated/created since ${cutoff}." |
| 96 | + gh api "repos/${UPSTREAM_REPO}/pulls?state=open&per_page=100" --paginate \ |
| 97 | + | jq --arg def "$def" --arg cutoff "$cutoff" --arg base "$base" -c '.[] | select(.base.ref == $def and .base.sha == $base and (.updated_at >= $cutoff or .created_at >= $cutoff)) | {n:.number, sha:.head.sha, title:.title, body:(.body // ""), owner:.head.repo.owner.login, head_ref:.head.ref, head_repo_full:.head.repo.full_name, head_repo_clone:.head.repo.clone_url, head_repo_private:.head.repo.private, updated_at:.updated_at, created_at:.created_at}' \ |
| 98 | + > all_upstream_pulls.ndjson |
| 99 | +
|
| 100 | + > all_pulls_to_sync.ndjson |
| 101 | + while read -r line; do |
| 102 | + [ -z "$line" ] && continue |
| 103 | + num=$(jq -r .n <<<"$line") |
| 104 | + sha=$(jq -r .sha <<<"$line") |
| 105 | + owner=$(jq -r .owner <<<"$line") |
| 106 | + upstream_branch=$(jq -r .head_ref <<<"$line") |
| 107 | + origin_branch="${UPSTREAM_REMOTE}-PR${num}-branch_${owner}-${upstream_branch}" |
| 108 | + |
| 109 | + # compute origin_sha once and embed into the JSON line |
| 110 | + origin_sha=$(git ls-remote --heads origin "refs/heads/${origin_branch}" | cut -f1 || true) |
| 111 | + origin_sha=$(echo -n "${origin_sha}") |
| 112 | + |
| 113 | + echo "> Origin commit for branch ${origin_branch} is: ${origin_sha}. PR head commit is: ${sha}" |
| 114 | +
|
| 115 | + if [ -z "${origin_sha}" ] || [ "${origin_sha}" != "${sha}" ]; then |
| 116 | + # include the mirror branch name so later steps don't need to recalculate it |
| 117 | + jq --arg origin_sha "$origin_sha" --arg origin_branch "$origin_branch" '. + {origin_sha:$origin_sha, origin_branch:$origin_branch}' <<<"$line" >> all_pulls_to_sync.ndjson |
| 118 | + fi |
| 119 | + done < all_upstream_pulls.ndjson |
| 120 | +
|
| 121 | + if [ ! -s all_pulls_to_sync.ndjson ]; then |
| 122 | + echo "> No new/updated upstream PRs to sync" |
| 123 | + > selected_pulls_to_sync.ndjson |
| 124 | + echo "prs_to_sync=no" >> "$GITHUB_OUTPUT" |
| 125 | + exit 0 |
| 126 | + fi |
| 127 | +
|
| 128 | + jq -s 'sort_by(.updated_at) | reverse | .[:'"$MAX_UPSTREAM_PRS"']' all_pulls_to_sync.ndjson > all_pulls_to_sync.array.json |
| 129 | + jq -c '.[]' all_pulls_to_sync.array.json > selected_pulls_to_sync.json |
| 130 | +
|
| 131 | + echo "::group::Fetch selected upstream PR refs" |
| 132 | + while read -r line; do |
| 133 | + num=$(jq -r .n <<<"$line") |
| 134 | + echo "> fetching PR #${num}" |
| 135 | + git fetch ${UPSTREAM_REMOTE} "refs/pull/${num}/head:refs/remotes/${UPSTREAM_REMOTE}/pr/${num}" 2>/dev/null || \ |
| 136 | + git fetch ${UPSTREAM_REMOTE} "$(jq -r .sha <<<"$line"):refs/remotes/${UPSTREAM_REMOTE}/pr/${num}" 2>/dev/null || true |
| 137 | + done < selected_pulls_to_sync.json |
| 138 | + echo "::endgroup::" |
| 139 | +
|
| 140 | + echo "prs_to_sync=yes" >> "$GITHUB_OUTPUT" |
| 141 | + jq -c . selected_pulls_to_sync.json > selected_pulls_to_sync.ndjson |
| 142 | + echo "> Selected upstream PRs to process (limited to ${MAX_UPSTREAM_PRS}): $(wc -l < selected_pulls_to_sync.ndjson)" |
| 143 | +
|
| 144 | +
|
| 145 | + - name: Upsert mirror branches & PRs |
| 146 | + if: steps.guard.outputs.proceed == 'yes' && steps.refresh.outputs.prs_to_sync == 'yes' |
| 147 | + shell: bash -euo pipefail {0} |
| 148 | + run: | |
| 149 | + origin_base="${{ env.ORIGIN_BASE_BRANCH }}" |
| 150 | + while read -r line; do |
| 151 | + [ -z "$line" ] && continue |
| 152 | + |
| 153 | + num=$(jq -r .n <<<"$line") |
| 154 | + title=$(jq -r .title <<<"$line") |
| 155 | + owner=$(jq -r .owner <<<"$line") |
| 156 | + body=$(jq -r .body <<<"$line") |
| 157 | + upstream_branch=$(jq -r .head_ref <<<"$line") |
| 158 | + |
| 159 | + head_sha=$(jq -r .sha <<<"$line") |
| 160 | + head_clone=$(jq -r .head_repo_clone <<<"$line") |
| 161 | + head_repo_full=$(jq -r .head_repo_full <<<"$line") |
| 162 | + head_repo_private=$(jq -r .head_repo_private <<<"$line") |
| 163 | + |
| 164 | + origin_sha=$(jq -r .origin_sha <<<"$line") |
| 165 | + origin_branch=$(jq -r .origin_branch <<<"$line") |
| 166 | +
|
| 167 | + echo "::group::Ensure origin branch ${origin_branch} matches upstream PR #${num} (${head_sha})" |
| 168 | + echo "> Upstream PR metadata: owner=${owner}, upstream_branch=${upstream_branch}, head_repo=${head_repo_full}, head_clone=${head_clone}, head_repo_private=${head_repo_private}" |
| 169 | +
|
| 170 | + if [ -z "${origin_sha}" ] || [ "${origin_sha}" != "${head_sha}" ]; then |
| 171 | + echo "> Updating origin/${origin_branch} to ${head_sha}, was: ${origin_sha}" |
| 172 | +
|
| 173 | + if git show-ref --verify --quiet "refs/remotes/${UPSTREAM_REMOTE}/pr/${num}"; then |
| 174 | + echo "> Upstream PR ref found; updating local branch from upstream PR ref" |
| 175 | + git branch --no-track -f "${origin_branch}" "refs/remotes/${UPSTREAM_REMOTE}/pr/${num}" |
| 176 | + else |
| 177 | + echo "> Upstream PR ref not found; attempting direct fetch from fork or upstream by SHA" |
| 178 | + git fetch ${UPSTREAM_ORIGIN} "refs/pull/${num}/head:refs/heads/${origin_branch}" || \ |
| 179 | + git fetch ${UPSTREAM_ORIGIN} "${head_sha}:refs/heads/${origin_branch}" |
| 180 | + fi |
| 181 | + git push origin "refs/heads/${origin_branch}:refs/heads/${origin_branch}" --force |
| 182 | + # ensure local branch tracks origin/<branch> |
| 183 | + git branch --set-upstream-to=origin/${origin_branch} ${origin_branch} >/dev/null 2>&1 || true |
| 184 | + else |
| 185 | + echo "> Branch ${origin_branch} already at ${head_sha} — no update" |
| 186 | + fi |
| 187 | + echo "::endgroup::" |
| 188 | +
|
| 189 | + # detect existing PR (match head + base) |
| 190 | + existing=$(gh pr list --repo "$GITHUB_REPOSITORY" --state open --json number,headRefName,baseRefName 2>/dev/null \ |
| 191 | + | jq -r --arg head "$origin_branch" --arg base "$origin_base" '.[] | select(.headRefName==$head and .baseRefName==$base) | .number' | head -n1 || true) |
| 192 | + existing=$(echo -n "$existing" | tr -d '\r\n') |
| 193 | + if [ -n "${existing}" ] && [ "${existing}" != "null" ]; then |
| 194 | + echo "> Mirrored PR #${existing} already exists — branch tip ensured, skipping metadata edit" |
| 195 | + else |
| 196 | + echo "> Creating mirrored PR from ${origin_branch} -> ${origin_base}" |
| 197 | + PR_BODY=$(printf 'Mirrored from %s#%s\n\n%s' "$UPSTREAM_REPO" "$num" "$body") |
| 198 | + gh pr create --repo "$GITHUB_REPOSITORY" --head "${origin_branch}" --base "${origin_base}" \ |
| 199 | + --title "UPSTREAM PR #${num}: ${title}" \ |
| 200 | + --body "$PR_BODY" |
| 201 | + fi |
| 202 | + done < selected_pulls_to_sync.ndjson |
| 203 | +
|
| 204 | +
|
| 205 | + - name: Close mirrored PRs that closed upstream |
| 206 | + if: steps.guard.outputs.proceed == 'yes' |
| 207 | + shell: bash -euo pipefail {0} |
| 208 | + run: | |
| 209 | + def="${{ steps.resolver.outputs.def }}" |
| 210 | + echo "> Upstream default branch: ${def}" |
| 211 | + gh api "repos/${UPSTREAM_REPO}/pulls?state=open&per_page=100" --paginate \ |
| 212 | + | jq --arg def "$def" -r '.[] | select(.base.ref == $def) | .number' | sort -u > open_upstream.txt |
| 213 | +
|
| 214 | + gh pr list --state open --json number,title,headRefName \ |
| 215 | + --jq '.[] | select(.title|startswith("UPSTREAM PR #")) | {n:.number, t:.title, h:.headRefName}' > locals.json |
| 216 | +
|
| 217 | + jq -c . locals.json | while read -r line; do |
| 218 | + title=$(jq -r .t <<<"$line") |
| 219 | + num_local=$(jq -r .n <<<"$line") |
| 220 | + prnum=$(sed -n 's/^UPSTREAM PR #\([0-9]\+\):.*/\1/p' <<<"$title") |
| 221 | + if ! grep -qx "$prnum" open_upstream.txt; then |
| 222 | + echo "> Closing local mirrored PR #${num_local} (upstream #${prnum} no longer open/targets ${def})" |
| 223 | + gh pr close "$num_local" --delete-branch |
| 224 | + fi |
| 225 | + done |
| 226 | +
|
| 227 | +
|
| 228 | + - name: Wait for other workflows to start |
| 229 | + run: sleep 15 |
| 230 | + |
| 231 | + |
| 232 | + - name: Cancel unexpected workflows on mirrored branch |
| 233 | + if: env.CANCEL_UPSTREAM_WORKFLOWS == 'true' |
| 234 | + env: |
| 235 | + GH_TOKEN: ${{ github.token }} |
| 236 | + run: | |
| 237 | +
|
| 238 | + while read -r line; do |
| 239 | + [ -z "$line" ] && continue |
| 240 | + origin_branch=$(jq -r .origin_branch <<<"$line") |
| 241 | + gh run list --repo "$GITHUB_REPOSITORY" --branch "$origin_branch" --json databaseId,status,workflowDatabaseId | \ |
| 242 | + jq -r '.[] | select(.status == "in_progress" or .status == "queued") | "\(.databaseId) \(.workflowDatabaseId)"' | \ |
| 243 | + while read -r run_id workflow_id; do |
| 244 | + path=$(gh api "/repos/$GITHUB_REPOSITORY/actions/workflows/$workflow_id" --jq '.path') |
| 245 | +
|
| 246 | + case "$path" in |
| 247 | + ".github/workflows/loci-analysis.yml" | \ |
| 248 | + ".github/workflows/sync-upstream.yml" | \ |
| 249 | + ".github/workflows/sync-upstream-prs.yml") |
| 250 | + # Skipped workflows |
| 251 | + ;; |
| 252 | + *) |
| 253 | + echo "> Canceling run $run_id (file: $path)" |
| 254 | + gh run cancel "$run_id" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1 || true |
| 255 | + ;; |
| 256 | + esac |
| 257 | + done |
| 258 | + done < selected_pulls_to_sync.ndjson |
| 259 | +
|
| 260 | +
|
0 commit comments