element-hq · sandhose · Feb 6, 2025 · Feb 6, 2025 · Feb 6, 2025
diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml
@@ -0,0 +1,20 @@
+name: Build the frontend assets
+description: Installs Node.js and builds the frontend assets from the frontend directory
+
+runs:
+  using: composite
+  steps:
+    - name: Install Node
+      uses: actions/[email protected]
+      with:
+        node-version: '22'
+
+    - name: Install dependencies
+      run: npm ci
+      working-directory: ./frontend
+      shell: sh
+
+    - name: Build the frontend assets
+      run: npm run build
+      working-directory: ./frontend
+      shell: sh
diff --git a/.github/actions/build-policies/action.yml b/.github/actions/build-policies/action.yml
@@ -0,0 +1,15 @@
+name: Build the Open Policy Agent policies
+description: Installs OPA and builds the policies
+
+runs:
+  using: composite
+  steps:
+    - name: Install Open Policy Agent
+      uses: open-policy-agent/[email protected]
+      with:
+        version: 0.70.0
+
+    - name: Build the policies
+      run: make
+      working-directory: ./policies
+      shell: sh
diff --git a/.github/scripts/.gitignore b/.github/scripts/.gitignore
@@ -0,0 +1,2 @@
+node_modules/
+package-lock.json
diff --git a/.github/scripts/commit-and-tag.cjs b/.github/scripts/commit-and-tag.cjs
@@ -0,0 +1,71 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const fs = require("node:fs/promises");
+  const { owner, repo } = context.repo;
+  const version = process.env.VERSION;
+  const parent = context.sha;
+  if (!version) throw new Error("VERSION is not defined");
+
+  const files = [
+    "Cargo.toml",
+    "Cargo.lock",
+    "tools/syn2mas/package.json",
+    "tools/syn2mas/package-lock.json",
+  ];
+
+  /** @type {{path: string, mode: "100644", type: "blob", sha: string}[]} */
+  const tree = [];
+  for (const file of files) {
+    const content = await fs.readFile(file);
+    const blob = await github.rest.git.createBlob({
+      owner,
+      repo,
+      content: content.toString("base64"),
+      encoding: "base64",
+    });
+    console.log(`Created blob for ${file}:`, blob.data.url);
+
+    tree.push({
+      path: file,
+      mode: "100644",
+      type: "blob",
+      sha: blob.data.sha,
+    });
+  }
+
+  const treeObject = await github.rest.git.createTree({
+    owner,
+    repo,
+    tree,
+    base_tree: parent,
+  });
+  console.log("Created tree:", treeObject.data.url);
+
+  const commit = await github.rest.git.createCommit({
+    owner,
+    repo,
+    message: version,
+    parents: [parent],
+    tree: treeObject.data.sha,
+  });
+  console.log("Created commit:", commit.data.url);
+
+  const tag = await github.rest.git.createTag({
+    owner,
+    repo,
+    tag: `v${version}`,
+    message: version,
+    type: "commit",
+    object: commit.data.sha,
+  });
+  console.log("Created tag:", tag.data.url);
+
+  return { commit: commit.data.sha, tag: tag.data.sha };
+};
diff --git a/.github/scripts/create-release-branch.cjs b/.github/scripts/create-release-branch.cjs
@@ -0,0 +1,22 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const branch = process.env.BRANCH;
+  const sha = process.env.SHA;
+  if (!sha) throw new Error("SHA is not defined");
+
+  await github.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/heads/${branch}`,
+    sha,
+  });
+  console.log(`Created branch ${branch} from ${sha}`);
+};
diff --git a/.github/scripts/create-version-tag.cjs b/.github/scripts/create-version-tag.cjs
@@ -0,0 +1,24 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const version = process.env.VERSION;
+  const tagSha = process.env.TAG_SHA;
+
+  if (!version) throw new Error("VERSION is not defined");
+  if (!tagSha) throw new Error("TAG_SHA is not defined");
+
+  const tag = await github.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/tags/v${version}`,
+    sha: tagSha,
+  });
+  console.log("Created tag ref:", tag.data.url);
+};
diff --git a/.github/scripts/merge-back.cjs b/.github/scripts/merge-back.cjs
@@ -0,0 +1,60 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const sha = process.env.SHA;
+  const branch = `ref-merge/${sha}`;
+  if (!sha) throw new Error("SHA is not defined");
+
+  await github.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/heads/${branch}`,
+    sha,
+  });
+  console.log(`Created branch ${branch} to ${sha}`);
+
+  // Create a PR to merge the branch back to main
+  const pr = await github.rest.pulls.create({
+    owner,
+    repo,
+    head: branch,
+    base: "main",
+    title: "Automatic merge back to main",
+    body: "This pull request was automatically created by the release workflow. It merges the release branch back to main.",
+    maintainer_can_modify: true,
+  });
+  console.log(
+    `Created pull request #${pr.data.number} to merge the release branch back to main`,
+  );
+  console.log(`PR URL: ${pr.data.html_url}`);
+
+  // Add the `T-Task` label to the PR
+  await github.rest.issues.addLabels({
+    owner,
+    repo,
+    issue_number: pr.data.number,
+    labels: ["T-Task"],
+  });
+
+  // Enable auto-merge on the PR
+  await github.graphql(
+    `
+      mutation AutoMerge($id: ID!) {
+        enablePullRequestAutoMerge(input: {
+          pullRequestId: $id,
+          mergeMethod: MERGE,
+        }) {
+          clientMutationId
+        }
+      }
+    `,
+    { id: pr.data.node_id },
+  );
+};
diff --git a/.github/scripts/package.json b/.github/scripts/package.json
@@ -0,0 +1,7 @@
+{
+  "private": true,
+  "devDependencies": {
+    "@actions/github-script": "github:actions/github-script",
+    "typescript": "^5.7.3"
+  }
+}
diff --git a/.github/scripts/update-release-branch.cjs b/.github/scripts/update-release-branch.cjs
@@ -0,0 +1,22 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const branch = process.env.BRANCH;
+  const sha = process.env.SHA;
+  if (!sha) throw new Error("SHA is not defined");
+
+  await github.rest.git.updateRef({
+    owner,
+    repo,
+    ref: `heads/${branch}`,
+    sha,
+  });
+  console.log(`Updated branch ${branch} to ${sha}`);
+};
diff --git a/.github/scripts/update-unstable-tag.cjs b/.github/scripts/update-unstable-tag.cjs
@@ -0,0 +1,21 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const sha = context.sha;
+
+  const tag = await github.rest.git.updateRef({
+    owner,
+    repo,
+    force: true,
+    ref: "tags/unstable",
+    sha,
+  });
+  console.log("Updated tag ref:", tag.data.url);
+};
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -59,27 +59,8 @@ jobs:
       - name: Checkout the code
         uses: actions/[email protected]
 
-      - name: Setup OPA
-        uses: open-policy-agent/[email protected]
-        with:
-          version: 0.64.1
-
-      - name: Install frontend Node
-        uses: actions/[email protected]
-        with:
-          node-version: 20
-
-      - name: Install frontend Node dependencies
-        working-directory: ./frontend
-        run: npm ci
-
-      - name: Build frontend
-        working-directory: ./frontend
-        run: npm run build
-
-      - name: Build policies
-        working-directory: ./policies
-        run: make
+      - uses: ./.github/actions/build-frontend
+      - uses: ./.github/actions/build-policies
 
       - name: Prepare assets artifact
         run: |
@@ -463,21 +444,18 @@ jobs:
           path: artifacts
           merge-multiple: true
 
+      - name: Checkout the code
+        uses: actions/[email protected]
+        with:
+          sparse-checkout: |
+            .github/scripts
+
       - name: Update unstable git tag
         uses: actions/[email protected]
         with:
           script: |
-            const [owner, repo] = process.env.GITHUB_REPOSITORY.split("/");
-            const sha = process.env.GITHUB_SHA;
-
-            const tag = await github.rest.git.updateRef({
-              owner,
-              repo,
-              force: true,
-              ref: 'tags/unstable',
-              sha,
-            });
-            console.log("Updated tag ref:", tag.data.url);
+            const script = require('./.github/scripts/update-unstable-tag.cjs');
+            await script({ core, github, context });
 
       - name: Update unstable release
         uses: softprops/action-gh-release@v2