Skip to content
Create release branches in plugins

1.39.x release branch #47

Sign in to view logs

1.39.x release branch

1.39.x release branch #47

Workflow file for this run

.github/workflows/create-branches.yaml at 0dc31af
name: Create release branches in plugins
run-name: ${{ inputs.version }} release branch
on:
workflow_dispatch:
inputs:
version:
description: 'Release branch version to create with *NO* "v", e.g., 1.19.x'
required: true
type: string
plugin_branch_shas:
description: 'Optional: Specify git SHAs to fork from. Format: "plugin1-name:sha1,plugin2-name:sha2,etc" (comma-separated). Plugin names must match plugins.yaml keys exactly. Default behavior will fork from main.'
required: false
type: string
jobs:
create-release-branches:
name: Create release branches
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.PRATHIC_GH_TOKEN }}
steps:
- name: Checkout current repository
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
token: ${{ secrets.PRATHIC_GH_TOKEN }}
- name: Validate version
shell: bash
run: |
version="${{ inputs.version }}"
regex='^[0-9]+\.[0-9]+\.([0-9]+|x)([^\ ]+)?$'
if ! [[ "${version}" =~ ${regex} ]]; then
echo "::error::Version '${version}' is invalid, must match the pattern '${regex}'"
exit 1
fi
- name: Validate plugin_branch_shas input
shell: bash
run: |
plugin_shas="${{ inputs.plugin_branch_shas }}"
if [[ -n "$plugin_shas" ]]; then
# Regex: no spaces before/after key or value but spaces are allowed in the plugin name if needed
regex='^([^:, ]+):[^:, ]+(,([^:, ]+):[^:, ]+)*$'
if ! [[ "$plugin_shas" =~ $regex ]]; then
echo "::error::Invalid format. Expected: 'key1:value1,key2:value2'"
echo "::error::Received: '$plugin_shas'"
exit 1
fi
# Confirm plugin name exists in plugins.yaml (case-insensitive)
valid_plugins=$(yq eval 'keys | .[]' plugins.yaml | awk '{print tolower($0)}')
IFS=',' read -ra PAIRS <<< "$plugin_shas"
for pair in "${PAIRS[@]}"; do
key="${pair%%:*}"
key_lc=$(echo "$key" | awk '{print tolower($0)}')
if ! echo "$valid_plugins" | grep -qx "$key_lc"; then
echo "::error::Plugin '$key' does not exist in plugins.yaml (case-insensitive check)"
echo "::error::Valid plugins are:"
echo "$valid_plugins" | sed 's/^/::error:: - /'
exit 1
fi
done
fi
- name: Configure Git
run: git config --global url."https://${{ secrets.PRATHIC_GH_TOKEN }}:@github.com".insteadOf "https://github.com"
- name: Install yq
run: |
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Create release branch
run: |
git config user.name prathic-hashicorp
git config user.email prathic.sundararajan@hashicorp.com
pbranch="release/vault-${{ inputs.version }}"
plabel="backport/vault-${{ inputs.version }}"
# Parse input key-value pairs for plugin-specific git SHAs (lowercase keys)
declare -A plugin_shas
if [[ -n "${{ inputs.plugin_branch_shas }}" ]]; then
IFS=',' read -ra PAIRS <<< "${{ inputs.plugin_branch_shas }}"
for pair in "${PAIRS[@]}"; do
key="${pair%%:*}"
value="${pair#*:}"
key_lc=$(echo "$key" | awk '{print tolower($0)}')
plugin_shas["$key_lc"]="$value"
echo "::notice::Plugin $key_lc will use SHA: $value"
done
fi
# Go through all the plugins from plugins.yaml (lowercase keys)
plugins=$(yq eval 'keys | .[]' plugins.yaml | awk '{print tolower($0)}')
for plugin in $plugins; do
if [[ -z "$plugin" ]]; then
continue
fi
echo "::debug::Processing plugin: $plugin"
repo=$(yq eval "to_entries | map(select(.key | downcase == \"$plugin\")) | .[0].value.repository" plugins.yaml)
# If repository is not specified or is null, use the plugin name as fallback
if [[ "$repo" == "null" ]] || [[ -z "$repo" ]]; then
repo="prathic-hashicorp/$plugin"
else
repo="prathic-hashicorp/$repo"
fi
echo "::debug::Using repository: $repo"
temp_dir="temp_$(basename $repo)"
rm -rf "$temp_dir"
echo "::debug::Cloning $repo repository"
git clone --depth 1 "https://github.com/$repo.git" "$temp_dir"
cd "$temp_dir"
# Pulling specific sha if specified
if [[ -n "${plugin_shas[$plugin]}" ]]; then
target_sha="${plugin_shas[$plugin]}"
echo "::notice::Checking out specific SHA $target_sha for $plugin"
# Fetch the specific commit to ensure the SHA is reachable
git fetch origin "$target_sha"
git checkout "$target_sha"
else
echo "::debug::Checking out default branch for $plugin"
git checkout main || git checkout master
git pull
fi
# Create label in the repository
echo "::notice::Creating label $plabel in $repo"
# Check if label already exists
if gh label list --repo "$repo" --search "$plabel" | grep -q "$plabel"; then
echo "::notice::Label $plabel already exists in $repo, skipping creation"
else
# Create the label using gh CLI
if gh label create "$plabel" --repo "$repo" --description "Backport label for vault ${{ inputs.version }}" --color "0e8a16"; then
echo "::notice::Successfully created label $plabel in $repo"
else
echo "::warning::Failed to create label $plabel in $repo"
fi
fi
# Check if branch already exists in the remote repository
if git ls-remote --exit-code --heads "https://github.com/$repo.git" "$pbranch" > /dev/null 2>&1; then
echo "::notice::Branch $pbranch already exists in $repo, skipping creation"
cd ..
rm -rf "$temp_dir"
continue
fi
echo "::notice::Creating branch $pbranch for $plugin (repo: $repo)"
git checkout -b "$pbranch"
git push origin "$pbranch"
cd ..
rm -rf "$temp_dir"
echo "::notice::Successfully created branch $pbranch in $repo"
done