From 8646625c9d3c7ca83be2e44d2df5a7a0a80afe98 Mon Sep 17 00:00:00 2001
From: Victor Martinez <victormartinezrubio@gmail.com>
Date: Thu, 12 Jun 2025 13:30:50 +0200
Subject: [PATCH] updatecli: create PRs per active branch and refactor slack
 notifications (#8359)

(cherry picked from commit aa2d9005350c4152f95fb5413f5d15b538921410)
---
 .ci/updatecli/updatecli-bump-vm-images.yml |  9 ++--
 .github/workflows/bump-vm-images.yml       | 48 ++++++++++++----------
 .mergify.yml                               | 20 +++++++++
 3 files changed, 53 insertions(+), 24 deletions(-)

diff --git a/.ci/updatecli/updatecli-bump-vm-images.yml b/.ci/updatecli/updatecli-bump-vm-images.yml
index d2846ffcbde..1c8409a85f3 100644
--- a/.ci/updatecli/updatecli-bump-vm-images.yml
+++ b/.ci/updatecli/updatecli-bump-vm-images.yml
@@ -1,6 +1,7 @@
 # update-cli configuration for automated VM image version bumping
 ---
 name: Bump vm-images to latest version
+pipelineid: 'updatecli-update-vm-images-{{ requiredEnv "BRANCH_NAME" }}'
 
 scms:
   githubConfig:
@@ -12,7 +13,7 @@ scms:
       repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       commitusingapi: true
-      branch: '{{ .scm.branch }}'
+      branch: '{{ requiredEnv "BRANCH_NAME" }}'
       force: false
 
 actions:
@@ -24,8 +25,8 @@ actions:
       automerge: false
       labels:
         - dependencies
-        - backport-active-all
-      title: '[Automation] Bump VM Image version to {{ source "latestVersion" }}'
+        - backport-skip
+      title: '[{{ requiredEnv "BRANCH_NAME" }}][Automation] Bump VM Image version to {{ source "latestVersion" }}'
 
 sources:
   latestVersion:
@@ -43,6 +44,8 @@ conditions:
     spec:
       command: 'grep -q -v {{ source "latestVersion" }} .buildkite/pipeline.yml #'
 
+# NOTE: if you add a new target file, please update the .mergify.yml file
+#       to include the new file for the approval and automatic merge
 targets:
   update-buildkite-pipeline:
     name: "Update .buildkite/pipeline.yml"
diff --git a/.github/workflows/bump-vm-images.yml b/.github/workflows/bump-vm-images.yml
index 38a3efee659..7f3b76c1b89 100644
--- a/.github/workflows/bump-vm-images.yml
+++ b/.github/workflows/bump-vm-images.yml
@@ -4,7 +4,10 @@ name: bump-vm-images
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 10 * * 0"
+    # Since the CI Agent images are produced weekly on Saturday at 0am UTC
+    # and we can only bump the version after the images are available
+    # let's try on Saturday at 12:00 UTC.
+    - cron: "0 12 * * 6"
 
 permissions:
   contents: read
@@ -13,11 +16,29 @@ env:
   JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
 
 jobs:
+  filter:
+    runs-on: ubuntu-latest
+    timeout-minutes: 1
+    outputs:
+      matrix: ${{ steps.generator.outputs.matrix }}
+    permissions:
+      contents: read
+    steps:
+    - id: generator
+      uses: elastic/oblt-actions/elastic/active-branches@v1
+      with:
+        filter-branches: true
+
   bump:
     permissions:
       contents: write
       pull-requests: write
     runs-on: ubuntu-latest
+    needs:
+      - filter
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.filter.outputs.matrix) }}
     steps:
       - uses: actions/checkout@v4
 
@@ -26,26 +47,11 @@ jobs:
           command: apply --config .ci/updatecli/updatecli-bump-vm-images.yml --values .ci/updatecli/values.d/scm.yml
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BRANCH_NAME: ${{ matrix.branch }}
 
       - if: ${{ failure()  }}
-        uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
+        uses: elastic/oblt-actions/slack/send@v1
         with:
-          method: chat.postMessage
-          token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload: |
-            {
-              "channel": "#ingest-notifications",
-              "text": "${{ env.SLACK_MESSAGE }}",
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "${{ env.SLACK_MESSAGE }}"
-                  }
-                }
-              ]
-            }
-        env:
-          #SLACK_MESSAGE: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@agent-team` please look what's going on <${{ env.JOB_URL }}|here>"
-          SLACK_MESSAGE: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`"
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: "#ingest-notifications"
+          message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <${{ env.JOB_URL }}|here>"
diff --git a/.mergify.yml b/.mergify.yml
index 5c258a265ca..f807cf689c3 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -3,6 +3,26 @@ queue_rules:
     conditions:
       - check-success=fleet-ci/pr-merge
 pull_request_rules:
+  - name: automatic approval for updatecli pull requests with changes in .buildkite
+    conditions:
+      - author=github-actions[bot]
+      - check-success=buildkite/elastic-agent
+      - files~=^.buildkite/(pipeline.yml|bk.integration.pipeline.yml)$
+      - head~=^updatecli_.*
+    actions:
+      review:
+        type: APPROVE
+        message: Automatically approving mergify
+  - name: automatic squash and merge with success checks and the files matching the regex .buildkite is modified.
+    conditions:
+      - author=github-actions[bot]
+      - check-success=buildkite/elastic-agent
+      - files~=^.buildkite/(pipeline.yml|bk.integration.pipeline.yml)$
+      - head~=^updatecli_.*
+      - "#approved-reviews-by>=1"
+    actions:
+      queue:
+        name: default
   - name: self-assign PRs
     conditions:
       - -merged