Skip to content

Commit 43061c8

Browse files
adityamaruadityamaru
committed
Add alternative workflow that skips workflow file changes
This alternative workflow avoids PAT requirements by: - Detecting commits that modify .github/workflows files - Skipping those commits during cherry-pick - Using default GITHUB_TOKEN which works for non-workflow files - Reporting skipped patches in the output This provides a working solution without needing PAT configuration.
1 parent ae3dbfd commit 43061c8

File tree

1 file changed

+331
-0
lines changed

1 file changed

+331
-0
lines changed

.github/workflows/release-patched-version-alt.yml

Lines changed: 331 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,331 @@
1+
name: Release Patched Version (Alternative)
2+
3+
# This alternative workflow avoids PAT requirements by:
4+
# 1. Excluding workflow files from patches
5+
# 2. Using default GITHUB_TOKEN which works for non-workflow files
6+
7+
on:
8+
workflow_dispatch:
9+
inputs:
10+
upstream_version:
11+
description: 'Upstream version to patch (e.g., v0.17.0)'
12+
required: true
13+
type: string
14+
release_suffix:
15+
description: 'Suffix for release (default: blacksmith)'
16+
required: false
17+
type: string
18+
default: 'blacksmith'
19+
20+
permissions:
21+
contents: write
22+
23+
jobs:
24+
create-patched-release:
25+
runs-on: ubuntu-latest
26+
outputs:
27+
release_tag: ${{ steps.create-release-branch.outputs.release_tag }}
28+
patch_count: ${{ steps.create-release-branch.outputs.patch_count }}
29+
patch_list: ${{ steps.create-release-branch.outputs.patch_list }}
30+
steps:
31+
- name: Checkout repository
32+
uses: actions/checkout@v4
33+
with:
34+
fetch-depth: 0
35+
# Use default GITHUB_TOKEN
36+
37+
- name: Setup git
38+
run: |
39+
git config user.name "GitHub Actions"
40+
git config user.email "actions@github.com"
41+
42+
- name: Add and fetch upstream
43+
run: |
44+
git remote add upstream https://github.com/moby/buildkit.git || true
45+
git fetch upstream master --tags
46+
git fetch origin master
47+
48+
- name: Verify upstream version exists
49+
run: |
50+
if ! git rev-parse "refs/tags/${{ github.event.inputs.upstream_version }}" >/dev/null 2>&1; then
51+
echo "❌ Upstream version ${{ github.event.inputs.upstream_version }} not found"
52+
echo ""
53+
echo "Available recent versions:"
54+
git tag -l 'v*.*.*' | grep -v '\-' | sort -rV | head -20
55+
exit 1
56+
fi
57+
echo "✅ Found upstream version ${{ github.event.inputs.upstream_version }}"
58+
59+
- name: Create patched release branch
60+
id: create-release-branch
61+
run: |
62+
VERSION="${{ github.event.inputs.upstream_version }}"
63+
SUFFIX="${{ github.event.inputs.release_suffix }}"
64+
RELEASE_TAG="${VERSION}-${SUFFIX}"
65+
RELEASE_BRANCH="${VERSION}-${SUFFIX}"
66+
67+
# Check if already exists
68+
if git rev-parse "refs/tags/$RELEASE_TAG" >/dev/null 2>&1; then
69+
echo "❌ Release $RELEASE_TAG already exists"
70+
echo ""
71+
echo "To recreate it, first delete the existing tag:"
72+
echo " git push origin --delete $RELEASE_TAG"
73+
echo " git push origin --delete $RELEASE_BRANCH"
74+
exit 1
75+
fi
76+
77+
# Checkout upstream version
78+
echo "Creating release branch from $VERSION..."
79+
git checkout -b "$RELEASE_BRANCH" "$VERSION"
80+
81+
# Find all commits that are in origin/master but not in upstream/master
82+
# EXCLUDE commits that modify workflow files
83+
echo ""
84+
echo "Finding patches to apply (excluding workflow changes)..."
85+
PATCHES=$(git rev-list upstream/master..origin/master --reverse --no-merges)
86+
87+
if [ -z "$PATCHES" ]; then
88+
echo "⚠️ No patches found. Your master branch has no commits ahead of upstream."
89+
exit 1
90+
fi
91+
92+
# Apply patches and collect results
93+
APPLIED_PATCHES=""
94+
FAILED_PATCHES=""
95+
SKIPPED_PATCHES=""
96+
SUCCESS_COUNT=0
97+
SKIP_COUNT=0
98+
99+
for COMMIT in $PATCHES; do
100+
COMMIT_MSG=$(git log -1 --pretty=format:"%h: %s" "$COMMIT")
101+
FULL_MSG=$(git log -1 --pretty=format:"%s" "$COMMIT")
102+
103+
# Check if commit modifies workflow files
104+
WORKFLOW_CHANGES=$(git diff-tree --no-commit-id --name-only -r "$COMMIT" | grep "^.github/workflows/" || true)
105+
106+
if [ -n "$WORKFLOW_CHANGES" ]; then
107+
echo "⏭️ Skipping $COMMIT_MSG (modifies workflow files)"
108+
if [ -n "$SKIPPED_PATCHES" ]; then
109+
SKIPPED_PATCHES=$(printf "%s\n- %s (workflow changes)" "$SKIPPED_PATCHES" "$FULL_MSG")
110+
else
111+
SKIPPED_PATCHES="- $FULL_MSG (workflow changes)"
112+
fi
113+
SKIP_COUNT=$((SKIP_COUNT + 1))
114+
continue
115+
fi
116+
117+
echo "Applying $COMMIT_MSG..."
118+
if git cherry-pick "$COMMIT" >/dev/null 2>&1; then
119+
echo " ✅ Success"
120+
if [ -n "$APPLIED_PATCHES" ]; then
121+
APPLIED_PATCHES=$(printf "%s\n- %s" "$APPLIED_PATCHES" "$FULL_MSG")
122+
else
123+
APPLIED_PATCHES="- $FULL_MSG"
124+
fi
125+
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
126+
else
127+
echo " ❌ Failed (conflicts with this version)"
128+
if [ -n "$FAILED_PATCHES" ]; then
129+
FAILED_PATCHES=$(printf "%s\n- %s" "$FAILED_PATCHES" "$FULL_MSG")
130+
else
131+
FAILED_PATCHES="- $FULL_MSG"
132+
fi
133+
git cherry-pick --abort || true
134+
fi
135+
done
136+
137+
echo ""
138+
echo "========================================="
139+
TOTAL_COUNT=$(echo "$PATCHES" | wc -l | tr -d ' ')
140+
echo "Processed $TOTAL_COUNT patches:"
141+
echo " Applied: $SUCCESS_COUNT"
142+
echo " Skipped: $SKIP_COUNT (workflow changes)"
143+
echo " Failed: $((TOTAL_COUNT - SUCCESS_COUNT - SKIP_COUNT))"
144+
145+
if [ -n "$APPLIED_PATCHES" ]; then
146+
echo ""
147+
echo "✅ Successfully applied:"
148+
echo "$APPLIED_PATCHES"
149+
fi
150+
151+
if [ -n "$SKIPPED_PATCHES" ]; then
152+
echo ""
153+
echo "⏭️ Skipped (workflow changes):"
154+
echo "$SKIPPED_PATCHES"
155+
fi
156+
157+
if [ -n "$FAILED_PATCHES" ]; then
158+
echo ""
159+
echo "⚠️ Failed to apply:"
160+
echo "$FAILED_PATCHES"
161+
fi
162+
163+
if [ "$SUCCESS_COUNT" -eq 0 ]; then
164+
echo ""
165+
echo "❌ No patches could be applied to $VERSION"
166+
exit 1
167+
fi
168+
169+
# Push branch and tag
170+
echo ""
171+
echo "Pushing branch and tag..."
172+
if ! git push origin "$RELEASE_BRANCH"; then
173+
echo "❌ Failed to push release branch $RELEASE_BRANCH"
174+
exit 1
175+
fi
176+
177+
# Create annotated tag with patch list
178+
TAG_MSG=$(printf "Release %s with %s patches\n\nPatches applied:\n%s" "$VERSION" "$SUCCESS_COUNT" "$APPLIED_PATCHES")
179+
if [ -n "$SKIPPED_PATCHES" ]; then
180+
TAG_MSG=$(printf "%s\n\nSkipped (workflow changes):\n%s" "$TAG_MSG" "$SKIPPED_PATCHES")
181+
fi
182+
183+
git tag -a "$RELEASE_TAG" -m "$TAG_MSG"
184+
185+
if ! git push origin "$RELEASE_TAG"; then
186+
echo "❌ Failed to push release tag $RELEASE_TAG"
187+
echo "Note: Release branch $RELEASE_BRANCH was already pushed"
188+
exit 1
189+
fi
190+
191+
echo "release_tag=$RELEASE_TAG" >> $GITHUB_OUTPUT
192+
echo "patch_count=$SUCCESS_COUNT" >> $GITHUB_OUTPUT
193+
echo "patch_list<<EOF" >> $GITHUB_OUTPUT
194+
echo "$APPLIED_PATCHES" >> $GITHUB_OUTPUT
195+
echo "EOF" >> $GITHUB_OUTPUT
196+
197+
# Build and release jobs remain the same...
198+
build-binaries:
199+
needs: create-patched-release
200+
runs-on: ${{ matrix.os }}
201+
strategy:
202+
fail-fast: false
203+
matrix:
204+
include:
205+
- os: ubuntu-latest
206+
goos: linux
207+
goarch: amd64
208+
suffix: linux-amd64
209+
- os: ubuntu-latest
210+
goos: linux
211+
goarch: arm64
212+
suffix: linux-arm64
213+
- os: macos-latest
214+
goos: darwin
215+
goarch: amd64
216+
suffix: darwin-amd64
217+
- os: macos-latest
218+
goos: darwin
219+
goarch: arm64
220+
suffix: darwin-arm64
221+
222+
steps:
223+
- name: Checkout patched release
224+
uses: actions/checkout@v4
225+
with:
226+
ref: ${{ needs.create-patched-release.outputs.release_tag }}
227+
228+
- name: Setup Go
229+
uses: actions/setup-go@v5
230+
with:
231+
go-version-file: go.mod
232+
233+
- name: Build binaries
234+
env:
235+
GOOS: ${{ matrix.goos }}
236+
GOARCH: ${{ matrix.goarch }}
237+
CGO_ENABLED: 0
238+
run: |
239+
echo "Building ${{ matrix.goos }}/${{ matrix.goarch }}..."
240+
241+
# Create bin directory
242+
mkdir -p bin
243+
244+
if [ "${{ matrix.goos }}" = "linux" ]; then
245+
go build -o bin/buildkitd ./cmd/buildkitd
246+
go build -o bin/buildctl ./cmd/buildctl
247+
else
248+
# macOS only has buildctl
249+
go build -o bin/buildctl ./cmd/buildctl
250+
fi
251+
252+
# Create tarball
253+
tar -czf buildkit-${{ needs.create-patched-release.outputs.release_tag }}-${{ matrix.suffix }}.tar.gz -C bin .
254+
255+
- name: Upload binary artifact
256+
uses: actions/upload-artifact@v4
257+
with:
258+
name: binary-${{ matrix.suffix }}
259+
path: buildkit-*.tar.gz
260+
261+
create-github-release:
262+
needs: [create-patched-release, build-binaries]
263+
runs-on: ubuntu-latest
264+
steps:
265+
- name: Download all binaries
266+
uses: actions/download-artifact@v4
267+
with:
268+
pattern: binary-*
269+
merge-multiple: true
270+
path: release-files
271+
272+
- name: Generate checksums
273+
run: |
274+
cd release-files
275+
sha256sum *.tar.gz > SHA256SUMS
276+
echo "Checksums:"
277+
cat SHA256SUMS
278+
279+
- name: Create release
280+
uses: softprops/action-gh-release@v2
281+
with:
282+
tag_name: ${{ needs.create-patched-release.outputs.release_tag }}
283+
name: BuildKit ${{ github.event.inputs.upstream_version }} (Patched)
284+
body: |
285+
# BuildKit ${{ github.event.inputs.upstream_version }} - Patched Release
286+
287+
This release includes upstream BuildKit ${{ github.event.inputs.upstream_version }} with ${{ needs.create-patched-release.outputs.patch_count }} production patches automatically applied from our master branch.
288+
289+
**Note**: Patches that modify workflow files were excluded from this release.
290+
291+
## Patches Included
292+
${{ needs.create-patched-release.outputs.patch_list }}
293+
294+
## Installation
295+
296+
### Linux (AMD64)
297+
```bash
298+
curl -L https://github.com/${{ github.repository }}/releases/download/${{ needs.create-patched-release.outputs.release_tag }}/buildkit-${{ needs.create-patched-release.outputs.release_tag }}-linux-amd64.tar.gz | tar xz
299+
sudo mv buildkitd buildctl /usr/local/bin/
300+
```
301+
302+
### Linux (ARM64)
303+
```bash
304+
curl -L https://github.com/${{ github.repository }}/releases/download/${{ needs.create-patched-release.outputs.release_tag }}/buildkit-${{ needs.create-patched-release.outputs.release_tag }}-linux-arm64.tar.gz | tar xz
305+
sudo mv buildkitd buildctl /usr/local/bin/
306+
```
307+
308+
### macOS (Intel)
309+
```bash
310+
curl -L https://github.com/${{ github.repository }}/releases/download/${{ needs.create-patched-release.outputs.release_tag }}/buildkit-${{ needs.create-patched-release.outputs.release_tag }}-darwin-amd64.tar.gz | tar xz
311+
sudo mv buildctl /usr/local/bin/
312+
```
313+
314+
### macOS (Apple Silicon)
315+
```bash
316+
curl -L https://github.com/${{ github.repository }}/releases/download/${{ needs.create-patched-release.outputs.release_tag }}/buildkit-${{ needs.create-patched-release.outputs.release_tag }}-darwin-arm64.tar.gz | tar xz
317+
sudo mv buildctl /usr/local/bin/
318+
```
319+
320+
## Source
321+
322+
- **Base version**: [BuildKit ${{ github.event.inputs.upstream_version }}](https://github.com/moby/buildkit/releases/tag/${{ github.event.inputs.upstream_version }})
323+
- **Patches from**: [`master`](https://github.com/${{ github.repository }}/tree/master) branch
324+
- **Release tag**: [`${{ needs.create-patched-release.outputs.release_tag }}`](https://github.com/${{ github.repository }}/tree/${{ needs.create-patched-release.outputs.release_tag }})
325+
326+
---
327+
*This release was automatically generated. Workflow file changes are excluded to avoid authentication issues.*
328+
files: |
329+
release-files/*
330+
draft: false
331+
prerelease: false

0 commit comments

Comments
 (0)