From 1a3e71df793504341123619e9fa778815b8a5dbf Mon Sep 17 00:00:00 2001 From: Yosef Alsuhaibani Date: Mon, 5 Aug 2024 12:07:16 -0400 Subject: [PATCH] Commit via workflow not via script --- .github/workflows/bump-version.yml | 84 ++++++++++++++++++++++++++++++ scripts/bump-version.sh | 8 --- 2 files changed, 84 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/bump-version.yml diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml new file mode 100644 index 0000000..97e27ce --- /dev/null +++ b/.github/workflows/bump-version.yml @@ -0,0 +1,84 @@ +jobs: + bump-version: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + pull-requests: write + checks: write + env: + NEW_SEMGREP_VERSION: ${{ github.event.inputs.version }} + steps: + - id: jwt + env: + EXPIRATION: 600 + ISSUER: ${{ secrets.SEMGREP_CI_APP_ID }} + PRIVATE_KEY: ${{ secrets.SEMGREP_CI_APP_KEY }} + name: Get JWT for semgrep-ci GitHub App + uses: docker://public.ecr.aws/y9k7q4m1/devops/cicd:latest + - id: token + name: Get token for semgrep-ci GitHub App + run: | + TOKEN="$(curl -X POST \ + -H "Authorization: Bearer ${{ steps.jwt.outputs.jwt }}" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/app/installations/${{ secrets.SEMGREP_CI_APP_INSTALLATION_ID }}/access_tokens" | \ + jq -r .token)" + echo "::add-mask::$TOKEN" + echo "token=$TOKEN" >> $GITHUB_OUTPUT + + - uses: actions/checkout@v3 + with: + token: ${{ steps.token.outputs.token }} + + - name: Bump version in this repo + run: scripts/bump-version.sh "$NEW_SEMGREP_VERSION" + + - name: Commit and push + id: commit + env: + BRANCH: "gha/bump-version-${NEW_SEMGREP_VERSION}-${{ github.run_id }}-${{ github.run_attempt }}" + SUBJECT: "Bump semgrep to ${NEW_SEMGREP_VERSION}" + run: | + git config user.name ${{ github.actor }} + git config user.email ${{ github.actor }}@users.noreply.github.com + git checkout -b $BRANCH + git add . + git commit -m "$SUBJECT" + git tag $NEW_SEMGREP_VERSION $(git rev-parse HEAD) + git push --set-upstream origin $BRANCH + echo "branch=$BRANCH" >> $GITHUB_OUTPUT + echo "subject=$SUBJECT" >> $GITHUB_OUTPUT + - name: Create PR + id: open-pr + env: + SOURCE: "${{ steps.commit.outputs.branch }}" + TARGET: "${{ github.event.repository.default_branch }}" + TITLE: "chore: Release Version ${{ inputs.version }}" + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + VERSION: "${{ inputs.version }}" + run: | + # check if the branch already has a pull request open + if gh pr list --head ${SOURCE} | grep -vq "no pull requests"; then + # pull request already open + echo "pull request from SOURCE ${SOURCE} to TARGET ${TARGET} is already open"; + echo "cancelling release" + exit 1 + fi + # open new pull request with the body of from the local template. + res=$(gh pr create --title "${TITLE}" --body "Bump Semgrep Version to ${VERSION}" \ + --base "${TARGET}" --head "${SOURCE}" --reviewer semgrep/cdx) + +# commit & tag & push code + +git tag $VERSION $(git rev-parse HEAD) +git push origin tag $VERSION + +name: bump-version +on: + workflow_dispatch: + inputs: + version: + description: "Version of semgrep to use" + required: true + type: string diff --git a/scripts/bump-version.sh b/scripts/bump-version.sh index 06c0678..1ac3feb 100755 --- a/scripts/bump-version.sh +++ b/scripts/bump-version.sh @@ -4,11 +4,3 @@ VERSION=$1 sed -ie "s/\(version\)=\"[0-9.]*\"\,/\1=\"$VERSION\"\,/" setup.py sed -ie "s/\(semgrep\)==[0-9.]*/\1==$VERSION/" setup.py sed -ie "s/\(rev\:*\) \'v[0-9.]*\'/\1 \'v$VERSION\'/" README.md - -# commit & tag & push code -git checkout -b bump-pre-commit-to-$VERSION -git add setup.py README.md -git commit -m "Bump to version $VERSION" - -git tag $VERSION $(git rev-parse HEAD) -git push origin tag $VERSION