Mansi/rate limiter #3994
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) HashiCorp, Inc. | |
| # SPDX-License-Identifier: MPL-2.0 | |
| name: Trigger Community Edition to Enterprise Merge | |
| on: | |
| pull_request_target: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| - release/** | |
| jobs: | |
| check-conditions: | |
| # run this only on merge events in CE repo | |
| if: ${{ github.event.pull_request.merged && github.repository == 'hashicorp/consul' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| active: ${{ steps.active.outputs.active }} | |
| env: | |
| BRANCH: ${{ github.event.pull_request.base.ref }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Fetch active releases | |
| id: active | |
| run: | | |
| if [[ "$BRANCH" == "main" ]]; then | |
| IS_ACTIVE=1 | |
| else | |
| IS_ACTIVE=1 | |
| if [[ -f ./.release/versions.hcl ]]; then | |
| ACTIVE=$(awk '/version "[0-9]+\.[0-9]+"/{ver=$2} /ce_active = true/{print ver}' ./.release/versions.hcl | tr -d '"') | |
| echo "Active versions: $ACTIVE" | |
| IS_ACTIVE=0 | |
| for v in $ACTIVE; do | |
| if [[ "$BRANCH" == "release/$v"* ]]; then IS_ACTIVE=1; fi | |
| done | |
| else | |
| echo ".release/versions.hcl not found, defaulting active=1" | |
| fi | |
| fi | |
| echo "active=$IS_ACTIVE" >> $GITHUB_OUTPUT | |
| trigger-ce-merge: | |
| needs: check-conditions | |
| if: needs.check-conditions.outputs.active == '1' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get Latest Merge Commit | |
| id: merge_commit | |
| run: | | |
| # Try the event payload first | |
| MERGE_SHA="${{ github.event.pull_request.merge_commit_sha }}" | |
| echo "Initial merge SHA from event: $MERGE_SHA" | |
| # If null or empty, fetch from API with retry | |
| if [[ -z "$MERGE_SHA" || "$MERGE_SHA" == "null" ]]; then | |
| echo "Event merge_commit_sha is null/empty, fetching from API..." | |
| MAX_ATTEMPTS=10 | |
| for i in $(seq 1 $MAX_ATTEMPTS); do | |
| echo "Attempt $i: Fetching merge commit from API..." | |
| MERGE_SHA=$(curl -s -H "Authorization: token ${{ secrets.ELEVATED_GITHUB_TOKEN }}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" | \ | |
| jq -r '.merge_commit_sha // empty') | |
| if [[ -n "$MERGE_SHA" && "$MERGE_SHA" != "null" ]]; then | |
| echo "✅ Found merge commit: $MERGE_SHA" | |
| break | |
| fi | |
| echo "⏳ Merge commit not ready (got: '$MERGE_SHA'), waiting 3 seconds..." | |
| sleep 3 | |
| done | |
| # Final fallback - if still no merge commit, fail the workflow | |
| if [[ -z "$MERGE_SHA" || "$MERGE_SHA" == "null" ]]; then | |
| echo "❌ Failed to get merge commit after $MAX_ATTEMPTS attempts" | |
| echo "Cannot proceed without a valid merge commit SHA" | |
| exit 1 | |
| fi | |
| else | |
| echo "✅ Using merge commit from event payload: $MERGE_SHA" | |
| fi | |
| echo "Final merge SHA: $MERGE_SHA" | |
| echo "merge_sha=$MERGE_SHA" >> $GITHUB_OUTPUT | |
| - name: Get Approving Reviewers | |
| id: reviewers | |
| continue-on-error: true | |
| env: | |
| GH_PAT: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| reviewers=$(curl -s -H "Authorization: token $GH_PAT" \ | |
| "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER/reviews" | \ | |
| jq -c '[.[] | select(.state=="APPROVED") | .user.login] | unique') | |
| echo "approved_reviewers=$reviewers" >> $GITHUB_OUTPUT | |
| echo "Approved reviewers: $reviewers" | |
| - name: Trigger Merge | |
| env: | |
| GIT_REF: ${{ github.event.pull_request.base.ref }} | |
| GIT_SHA: ${{ steps.merge_commit.outputs.merge_sha }} | |
| GH_PAT: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
| GIT_ACTOR: ${{ github.actor }} | |
| PR_TITLE: ${{ github.event.pull_request.title }} | |
| PR_BODY: ${{ github.event.pull_request.body }} | |
| PR_APPROVERS: ${{ steps.reviewers.outputs.approved_reviewers }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| run: | | |
| # Create the JSON payload using jq for safe escaping | |
| payload=$(jq -n \ | |
| --arg event_type "oss-merge" \ | |
| --arg git_ref "$GIT_REF" \ | |
| --arg git_sha "$GIT_SHA" \ | |
| --arg git_actor "$GIT_ACTOR" \ | |
| --arg pr_title "$PR_TITLE" \ | |
| --arg pr_body "$PR_BODY" \ | |
| --argjson pr_approvers "$PR_APPROVERS" \ | |
| --arg pr_number "$PR_NUMBER" \ | |
| '{ | |
| event_type: $event_type, | |
| client_payload: { | |
| "git-ref": $git_ref, | |
| "git-sha": $git_sha, | |
| "git-actor": $git_actor, | |
| "title": $pr_title, | |
| "description": $pr_body, | |
| "pr_approvers": $pr_approvers, | |
| "pr_number": $pr_number | |
| } | |
| }' | |
| ) | |
| curl -v -X POST \ | |
| -H "Authorization: token $GH_PAT" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Content-Type: application/json" \ | |
| -d "$payload" \ | |
| "https://api.github.com/repos/hashicorp/consul-enterprise/dispatches" |