Skip to content

Feature/azuredevops #57

Feature/azuredevops

Feature/azuredevops #57

name: Bootstrack Pack from PR
on:
issue_comment:
types: created
# make sure these secrets are defined:
# NEW_PACK_REPOS_TOKEN: bot PAT w/ scopes: repo, admin:org
# PACK_SLACK_WEBHOOK_URL
permissions:
pull-requests: write # comments, reactions
contents: read
env:
GH_TOKEN: ${{ github.token }}
jobs:
# This job is very helpful in debugging why conditions don't match.
# To debug, uncomment this to inspect the event payload.
#debug:
# name: Debug event
# runs-on: ubuntu-latest
# steps:
# - name: print github.event
# shell: bash
# env:
# GITHUB_EVENT: ${{ toJSON(github.event) }}
# run: |
# echo "${GITHUB_EVENT}"
permissions_check:
name: Check Comment Author Permissions
# "!bootstrap pack" comment on pull requests
if: >-
github.event.issue.pull_request
&& github.event.comment.body == '!bootstrap pack'
# Warning: github.event.comment.author_association
# cannot be used to check permissions
# because it is NONE for some TSC members.
runs-on: ubuntu-latest
steps:
- name: Ensure the commentor is an active TSC member
# ie: Validate commentor can commit to incubator
shell: bash
env:
VALID_ROLES: "admin maintain write"
# the space before/after ROLE ensures we match the whole word
run: |
export COMMENTOR_ROLE=$(
gh api -X GET \
'/repos/${{ github.repository }}/collaborators/${{ github.event.comment.user.login }}/permission' \
--jq '.role_name'
)
echo "COMMENTOR_ROLE=${COMMENTOR_ROLE}"
if [[ " ${VALID_ROLES} " =~ " ${COMMENTOR_ROLE} " ]]; then
echo "Commentor may bootstrap packs."
else
echo "Commentor may NOT bootstrap packs. '${COMMENTOR_ROLE}' is not one of: ${VALID_ROLES}"
echo "(ie the Commentor must have write access to ${{ github.repository }})."
exit 2
fi
- name: Add eyes emoji reaction to say inspecting PR
shell: bash
run: |
gh api -X POST -f content=eyes \
'/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions'
ready_to_merge_check:
name: Check for Merge Readiness
needs: [permissions_check]
runs-on: ubuntu-latest
steps:
- name: Make sure incubator PR is approved
shell: bash
# reviewDecision is a PullRequestReviewDecision enum: APPROVED, CHANGES_REQUESTED, REVIEW_REQUIRED
# see https://docs.github.com/en/graphql/reference/enums#pullrequestreviewdecision
run: |
export REVIEW_DECISION=$(
gh api graphql \
-F owner=${{ github.repository_owner }} \
-F repo=${{ github.event.repository.name }} \
-F pull_number=${{ github.event.issue.number }} \
-f query='query($owner: String!, $repo: String!, $pull_number: Int!) {
repository(owner: $owner, name:$repo) {
pullRequest(number:$pull_number) {
reviewDecision
}
}
}' \
--jq '.data.repository.pullRequest.reviewDecision'
)
echo "REVIEW_DECISION=${REVIEW_DECISION}"
if [[ "${REVIEW_DECISION}" == "APPROVED" ]]; then
echo "Pack PR has been approved. Bootstrapping may continue."
else
echo "Pack PR has NOT been approved. Halting pack bootstrap!"
exit 3
fi
- name: Make sure CI workflow is passing for PR
shell: bash
run: |
export CIRESULT=$(
gh api graphql \
-F owner=${{ github.repository_owner }} \
-F repo=${{ github.event.repository.name }} \
-F pull_number=${{ github.event.issue.number }} \
-f query='query($owner: String!, $repo: String!, $pull_number: Int!) {
repository(owner: $owner, name:$repo) {
pullRequest(number:$pull_number) {
commits(last: 1) {
nodes {
commit {
statusCheckRollup {
state
}
}
}
}
}
}
}' \
--jq '.data.repository.pullRequest.commits.nodes.[].commit.statusCheckRollup.state'
)
echo "CIRESULT=${CIRESULT}"
if [[ "${CIRESULT}" == "SUCCESS" ]]; then
echo "Pack CI has succeeded. Bootstrapping may continue."
else
echo "Pack CI has NOT succeeded. Halting pack bootstrap!"
exit 4
fi
- name: Mark running with rocket reaction and label
shell: bash
run: |
gh api -X POST -f content=rocket \
'/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions'
jq -n '{"labels": ["bootstrap:in-progress"]}' | \
gh api -X POST \
'/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels' \
--input -
- name: Publish status in incubator PR comment
shell: bash
env:
COMMENT: |
:rocket: Hold onto your hats! Now bootstrapping a new pack repo...
Bootstrapping will:
(1) extract details about the new pack;
(2) create the pack repo and repo metadata;
(3) copy this PR into the `transfer` branch in the new repo;
(4) use `transfer` branch for the pack's first PR.
Details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
gh pr comment '${{ github.event.issue.html_url }}' --body "${COMMENT}"
extract_pack_details:
name: New Pack / Extract Details
needs: [permissions_check, ready_to_merge_check]
runs-on: ubuntu-latest
steps:
- name: Extract Pack Details
id: pack-details
uses: StackStorm-Exchange/ci/.github/actions/extract-pack-meta@master
with:
pack-directory: incubator
repository: ${{ github.repository }}
# expects an issue_comment event
ref: refs/pull/${{ github.event.issue.number }}/head
fetch-depth: 0
outputs:
pack_name: ${{ steps.pack-details.outputs.pack_name }}
pack_ref: ${{ steps.pack-details.outputs.pack_ref }}
pack_description: ${{ steps.pack-details.outputs.pack_description }}
pack_path: ${{ steps.pack-details.outputs.pack_path }}
in_submodule: ${{ steps.pack-details.outputs.in_submodule }}
in_subdir: ${{ steps.pack-details.outputs.in_subdir }}
bootstrap_pack_repo:
needs: [extract_pack_details]
name: New Pack # / Bootstrap Repo
uses: StackStorm-Exchange/ci/.github/workflows/pack-bootstrap_repo.yaml@master
secrets: # available contexts: github, needs, secrets
admin_token: ${{ secrets.NEW_PACK_REPOS_TOKEN }} # min scopes: admin:org, repo
slack_webhook_url: ${{ secrets.PACK_SLACK_WEBHOOK_URL }}
with: # available contexts: github, needs
# TODO: validate that this || works if pack_ref is empty
pack_name: ${{ needs.extract_pack_details.outputs.pack_ref || needs.extract_pack_details.outputs.pack_name }}
pack_description: ${{ needs.extract_pack_details.outputs.pack_description }}
# we are using defaults for these.
#homepage: "https://exchange.stackstorm.com/#${PACK_NAME}"
#pack_org: StackStorm-Exchange
#pack_repo_prefix: stackstorm
#pack_repo_template: StackStorm-Exchange/ci-pack-template
#tsc_team: TSC
# based on
# https://github.com/StackStorm-Exchange/exchange-incubator/issues/7#issuecomment-923614663
# https://github.com/StackStorm-Exchange/exchange-incubator/issues/7#issuecomment-281247786
create_pack_pr:
name: New Pack / Create First PR
needs: [extract_pack_details, bootstrap_pack_repo]
runs-on: ubuntu-latest
steps:
- name: Setup environment
shell: bash
env:
# Should we make this configurable somehow? (repository secrets, ...)
BOT_USER: stackstorm-neptr
BOT_EMAIL: [email protected]
run: |
mkdir -p ${HOME}/.local/bin
echo "$HOME/.local/bin" >> $GITHUB_PATH
git config --global user.name "${BOT_USER}"
git config --global user.email "${BOT_EMAIL}"
- name: Install git-filter-branch
if: needs.extract_pack_details.outputs.in_submodule == 'false'
# yes, this is only one python file. instructions say to put it on the PATH.
shell: bash
run: |
curl https://raw.githubusercontent.com/newren/git-filter-repo/v2.34.0/git-filter-repo -o ${HOME}/.local/bin/git-filter-repo
chmod +x ${HOME}/.local/bin/git-filter-repo
- name: Checkout pack repo
uses: actions/checkout@v2
with:
repository: ${{ needs.bootstrap_pack_repo.outputs.pack_repo }}
path: pack
fetch-depth: 0
persist-credentials: false
- name: Checkout incubator
uses: actions/checkout@v2
with:
path: incubator
fetch-depth: 0
- name: Checkout Incubator PR
working-directory: incubator
shell: bash
run: |
git fetch origin pull/${{ github.event.issue.number }}/head:pr
git checkout pr
git submodule init
git submodule update --remote
# for git-filter-repo usage see:
# https://www.mankier.com/1/git-filter-repo
- name: Move pack to root of repo
if: needs.extract_pack_details.outputs.in_submodule == 'false'
working-directory: incubator
shell: bash
run: |
PACK_DIR=$(
realpath --relative-to="${PWD}" '${{ needs.extract_pack_details.outputs.pack_path }}'
)
git-filter-repo --subdirectory-filter "${PACK_DIR}" --force
- name: Add incubator as git remote
if: needs.extract_pack_details.outputs.in_submodule == 'false'
working-directory: pack
shell: bash
run: |
git remote add source ../incubator
git fetch source
- name: Add git remote for source repo in incubator submodule
if: needs.extract_pack_details.outputs.in_submodule == 'true'
working-directory: pack
shell: bash
run: |
git remote add source ${{ needs.extract_pack_details.outputs.pack_path }}
git fetch source
- name: Create branch for initial pack content
working-directory: pack
shell: bash
run: |
git checkout -b transfer
- name: Pull source history into pack repo
working-directory: pack
shell: bash
# ort strategy replaces recursive strategy on git 2.33+
# ours => Fix merge conflicts by preferring exchange-provided files
# (which should be a minimal required set of files).
# Update the PR before merging if needed.
run: |
git merge source/pr --allow-unrelated-histories -s ort -X ours \
-m 'Merge ${{ github.event.issue.html_url }}'
- name: Create initial content PR on pack repo
working-directory: pack
shell: bash
env:
GH_TOKEN: ${{ secrets.NEW_PACK_REPOS_TOKEN }} # min scopes: public_repo (included in repo)
PR_TITLE: 'Transfer ${{ needs.extract_pack_details.outputs.pack_name }} pack from Incubator'
PR_BODY: |
Pack: ${{ needs.extract_pack_details.outputs.pack_name }}
Description: ${{ needs.extract_pack_details.outputs.pack_description }}
Incubator PR: ${{ github.event.issue.html_url }}
run: |
git config remote.origin.gh-resolved base
git config remote.origin.pushurl "https://${GH_TOKEN}@github.com/${{ needs.bootstrap_pack_repo.outputs.pack_repo }}.git"
git push -u origin transfer
gh pr create --title "${PR_TITLE}" --body "${PR_BODY}"
- name: Mark running with hooray reaction and label
shell: bash
run: |
gh api -X DELETE \
'/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/bootstrap:in-progress'
gh api -X POST -f content=hooray \
'/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions'
jq -n '{"labels": ["bootstrap:complete"]}' |\
gh api -X POST \
'/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels' \
--input -
- name: Publish status in incubator PR comment
shell: bash
env:
COMMENT: |
:tada: Hoooray! Here is the pack's first PR: https://github.com/${{ needs.bootstrap_pack_repo.outputs.pack_repo }}/pull/1
Please do the following:
(1) make sure everything looks correct in the PR;
(2) merge it!
(3) make sure a TSC Senior Maintainer has setup group and user access;
(4) wait for the next exchange index update (monitor updates [here](https://github.com/StackStorm-Exchange/index/actions))
(5) once the index has updated, check out:
${{ needs.bootstrap_pack_repo.outputs.homepage }}
(6) Close WITHOUT merging this PR. DO NOT MERGE THIS PR.
run: |
gh pr comment '${{ github.event.issue.html_url }}' --body "${COMMENT}"