From bcd14bd095a581d32aee85161693bf1bdc44f823 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 09:59:15 +0200 Subject: [PATCH 01/10] Create release branch GitHub workflow --- .github/workflows/create_release_branch.yml | 57 +++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/create_release_branch.yml diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml new file mode 100644 index 000000000..7d31e21c2 --- /dev/null +++ b/.github/workflows/create_release_branch.yml @@ -0,0 +1,57 @@ +name: Create Release Branch Workflow +on: + workflow_dispatch: + inputs: + version: + description: "Release version" + required: true + type: string + branch_name: + description: "Release branch name" + required: true + type: string + commit_sha: + description: "Optional commit SHA to start release branch from. By default, it will use the latest commit on the main branch." + required: false + type: string + +jobs: + create-release-branch: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check if release branch already exists + id: check-branch + run: | + if git show-ref --verify --quiet refs/heads/${{ github.event.inputs.branch_name }}; then + echo "Release branch ${{ github.event.inputs.branch_name }} already exists." + git checkout ${{ github.event.inputs.branch_name }} + else + echo "create_new_branch=true" >> $GITHUB_ENV + fi + + - name: Create release branch + id: create-branch + if: env.create_new_branch == 'true' + run: | + echo "Release branch ${{ github.event.inputs.branch_name }} does not exist. Creating it." + if [ "${{ github.event.inputs.commit_sha }}" != "" ]; then + export "COMMIT_SHA=${{ github.event.inputs.commit_sha }}" + else + export "COMMIT_SHA=$(git rev-parse HEAD)" + fi + git checkout -b ${{ github.event.inputs.branch_name }} $COMMIT_SHA + git push origin ${{ github.event.inputs.branch_name }} + + - name: Replace version in release.json + id: replace-version + run: | + jq --arg version "${{ github.event.inputs.version }}" '.mongodbOperator=$version' release.json > tmp_release.json + mv tmp_release.json release.json + git add release.json + git commit -m "Update release.json with version ${{ github.event.inputs.version }}" + git push origin ${{ github.event.inputs.branch_name }} From cf9708cf689c936f0766b42c5837283f3c61ab5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 10:21:19 +0200 Subject: [PATCH 02/10] Add dummy pull_request trigger --- .github/workflows/create_release_branch.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 7d31e21c2..996366cd2 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -1,5 +1,6 @@ name: Create Release Branch Workflow on: + pull_request: workflow_dispatch: inputs: version: From 91413c75620e405370f38a40febd826c3c362f14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 11:43:59 +0200 Subject: [PATCH 03/10] Add `create-github-app-token` action --- .github/workflows/create_release_branch.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 996366cd2..ad6f0f78f 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -20,10 +20,22 @@ jobs: create-release-branch: runs-on: ubuntu-latest steps: + + - name: Create GitHub App Token + uses: actions/create-github-app-token@v2 + id: app-token + with: + app-id: ${{ vars.MONGODB_KUBERNETES_APP_ID }} + private-key: ${{ secrets.MONGODB_KUBERNETES_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ steps.app-token.outputs.token }} + ref: ${{ github.head_ref }} + persist-credentials: false - name: Check if release branch already exists id: check-branch From 803eda8f23dbf062eeeadc7b5f7b2b31a8040368 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 12:02:37 +0200 Subject: [PATCH 04/10] Additional changes --- .github/workflows/create_release_branch.yml | 23 +++++++++++---------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index ad6f0f78f..7cbadaac2 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -29,13 +29,20 @@ jobs: private-key: ${{ secrets.MONGODB_KUBERNETES_APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - - name: Checkout repository + - name: Checkout repository (master) + if: ${{ github.event.inputs.commit_sha == '' }} uses: actions/checkout@v4 with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} - ref: ${{ github.head_ref }} - persist-credentials: false + + - name: Checkout repository (${{ github.event.inputs.commit_sha }}) + if: ${{ github.event.inputs.commit_sha != '' }} + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ steps.app-token.outputs.token }} + ref: ${{ github.event.inputs.commit_sha }} - name: Check if release branch already exists id: check-branch @@ -51,14 +58,8 @@ jobs: id: create-branch if: env.create_new_branch == 'true' run: | - echo "Release branch ${{ github.event.inputs.branch_name }} does not exist. Creating it." - if [ "${{ github.event.inputs.commit_sha }}" != "" ]; then - export "COMMIT_SHA=${{ github.event.inputs.commit_sha }}" - else - export "COMMIT_SHA=$(git rev-parse HEAD)" - fi - git checkout -b ${{ github.event.inputs.branch_name }} $COMMIT_SHA - git push origin ${{ github.event.inputs.branch_name }} + git checkout -b ${{ github.event.inputs.branch_name }} + git push --set-upstream origin ${{ github.event.inputs.branch_name }} - name: Replace version in release.json id: replace-version From 384e7f2bab57312949b06524dade53b495859309 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 12:10:19 +0200 Subject: [PATCH 05/10] Additional changes 2 --- .github/workflows/create_release_branch.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 7cbadaac2..02b2f0dad 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -1,6 +1,5 @@ name: Create Release Branch Workflow on: - pull_request: workflow_dispatch: inputs: version: @@ -35,6 +34,8 @@ jobs: with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} + # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config + persist-credentials: false - name: Checkout repository (${{ github.event.inputs.commit_sha }}) if: ${{ github.event.inputs.commit_sha != '' }} @@ -43,6 +44,8 @@ jobs: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} ref: ${{ github.event.inputs.commit_sha }} + # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config + persist-credentials: false - name: Check if release branch already exists id: check-branch @@ -60,6 +63,8 @@ jobs: run: | git checkout -b ${{ github.event.inputs.branch_name }} git push --set-upstream origin ${{ github.event.inputs.branch_name }} + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Replace version in release.json id: replace-version @@ -69,3 +74,5 @@ jobs: git add release.json git commit -m "Update release.json with version ${{ github.event.inputs.version }}" git push origin ${{ github.event.inputs.branch_name }} + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} From 446780725329e2e408055bf5a03e87777a551bcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 12:16:47 +0200 Subject: [PATCH 06/10] remove owner --- .github/workflows/create_release_branch.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 02b2f0dad..6be82a9e5 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -26,7 +26,6 @@ jobs: with: app-id: ${{ vars.MONGODB_KUBERNETES_APP_ID }} private-key: ${{ secrets.MONGODB_KUBERNETES_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - name: Checkout repository (master) if: ${{ github.event.inputs.commit_sha == '' }} From 8cf882210933714392a19cbd4c2e8edb08460586 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 12:21:10 +0200 Subject: [PATCH 07/10] setup user --- .github/workflows/create_release_branch.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 6be82a9e5..8a4bcc8ec 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -36,7 +36,7 @@ jobs: # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config persist-credentials: false - - name: Checkout repository (${{ github.event.inputs.commit_sha }}) + - name: Checkout repository (commit SHA)) if: ${{ github.event.inputs.commit_sha != '' }} uses: actions/checkout@v4 with: @@ -46,6 +46,18 @@ jobs: # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config persist-credentials: false + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + + - name: Set up Git + id: setup-git + run: | + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + - name: Check if release branch already exists id: check-branch run: | From c50fed70726065a34258c1590fa143e1e5919681 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 12:22:20 +0200 Subject: [PATCH 08/10] remove `persist-credentials` --- .github/workflows/create_release_branch.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 8a4bcc8ec..73203b168 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -33,8 +33,7 @@ jobs: with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} - # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config - persist-credentials: false + ref: ${{ github.head_ref }} - name: Checkout repository (commit SHA)) if: ${{ github.event.inputs.commit_sha != '' }} @@ -43,8 +42,6 @@ jobs: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} ref: ${{ github.event.inputs.commit_sha }} - # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config - persist-credentials: false - name: Get GitHub App User ID id: get-user-id From c4bcb6504d703a3dd13b5af9e93c9b1c0b42ac3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 16:43:03 +0200 Subject: [PATCH 09/10] add commit signing --- .github/workflows/create_release_branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 73203b168..57aff6581 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -80,7 +80,7 @@ jobs: jq --arg version "${{ github.event.inputs.version }}" '.mongodbOperator=$version' release.json > tmp_release.json mv tmp_release.json release.json git add release.json - git commit -m "Update release.json with version ${{ github.event.inputs.version }}" + git commit -S -m "Update release.json with version ${{ github.event.inputs.version }}" git push origin ${{ github.event.inputs.branch_name }} env: GH_TOKEN: ${{ steps.app-token.outputs.token }} From a0311a2205f58da8530c9797aef9cc8e31423d61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Mon, 12 May 2025 16:59:18 +0200 Subject: [PATCH 10/10] use peter-evans/create-pull-request action --- .github/workflows/create_release_branch.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml index 57aff6581..5fbaffe76 100644 --- a/.github/workflows/create_release_branch.yml +++ b/.github/workflows/create_release_branch.yml @@ -80,7 +80,15 @@ jobs: jq --arg version "${{ github.event.inputs.version }}" '.mongodbOperator=$version' release.json > tmp_release.json mv tmp_release.json release.json git add release.json - git commit -S -m "Update release.json with version ${{ github.event.inputs.version }}" - git push origin ${{ github.event.inputs.branch_name }} - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v7 + with: + token: ${{ steps.app-token.outputs.token }} + sign-commits: true + commit-message: Release version `${{ github.event.inputs.version }}` + title: Release version `${{ github.event.inputs.version }}` + signoff: false + delete-branch: false + branch: bump-${{ github.event.inputs.version }}-version + draft: true