From 07ccedacecb5010406449357f3d47f9e41b3ea08 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 5 Jun 2025 10:09:16 -0300 Subject: [PATCH] Updated bumped workflow --- .github/workflows/4_bumper_repository.yml | 129 ++++++++++++++++++++++ tools/repository_bumper.sh | 5 +- 2 files changed, 132 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/4_bumper_repository.yml diff --git a/.github/workflows/4_bumper_repository.yml b/.github/workflows/4_bumper_repository.yml new file mode 100644 index 00000000..44cc8138 --- /dev/null +++ b/.github/workflows/4_bumper_repository.yml @@ -0,0 +1,129 @@ +name: Repository bumper +run-name: Bump ${{ github.ref_name }} (${{ inputs.id }}) + +on: + workflow_dispatch: + inputs: + version: + description: 'Target version (e.g. 4.13.0)' + default: '' + required: false + type: string + stage: + description: 'Version stage (e.g. alpha0)' + default: '' + required: false + type: string + issue-link: + description: 'Issue link in format https://github.com/wazuh//issues/' + required: true + type: string + id: + description: 'Optional identifier for the run' + required: false + type: string + push: + +jobs: + bump: + name: Repository bumper + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + env: + CI_COMMIT_AUTHOR: wazuhci + CI_COMMIT_EMAIL: 22834044+wazuhci@users.noreply.github.com + CI_GPG_PRIVATE_KEY: ${{ secrets.CI_WAZUHCI_GPG_PRIVATE }} + GH_TOKEN: ${{ secrets.CI_WAZUHCI_BUMPER_TOKEN }} + BUMP_SCRIPT_PATH: tools/repository_bumper.sh + BUMP_LOG_PATH: tools + + steps: + - name: Dump event payload + run: | + cat $GITHUB_EVENT_PATH | jq '.inputs' + + - name: Set up GPG key + id: signing_setup + run: | + echo "${{ env.CI_GPG_PRIVATE_KEY }}" | gpg --batch --import + KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/ {print $5; exit}') + echo "gpg_key_id=$KEY_ID" >> $GITHUB_OUTPUT + + - name: Set up git + run: | + git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}" + git config --global user.email "${{ env.CI_COMMIT_EMAIL }}" + git config --global commit.gpgsign true + git config --global user.signingkey "${{ steps.signing_setup.outputs.gpg_key_id }}" + echo "use-agent" >> ~/.gnupg/gpg.conf + echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf + echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf + echo RELOADAGENT | gpg-connect-agent + export DEBIAN_FRONTEND=noninteractive + export GPG_TTY=$(tty) + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Determine branch name + id: vars + env: + VERSION: ${{ inputs.version }} + STAGE: ${{ inputs.stage }} + run: | + script_params="" + version=${{ env.VERSION }} + stage=${{ env.STAGE }} + # Both version and stage provided + if [[ -n "$version" && -n "$stage" ]]; then + script_params="--version ${version} --stage ${stage}" + elif [[ -z "$version" && -n "$stage" ]]; then + script_params="--stage ${stage}" + fi + issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}') + BRANCH_NAME="enhancement/docker${issue_number}-bump-${{ github.ref_name }}" + echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT + echo "script_params=${script_params}" >> $GITHUB_OUTPUT + + - name: Create and switch to bump branch + run: | + git checkout -b ${{ steps.vars.outputs.branch_name }} + + - name: Make version bump changes + run: | + echo "Running bump script" + bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }} + + - name: Commit and push changes + run: | + git add . + git commit -m "feat: bump ${{ github.ref_name }}" + git push origin ${{ steps.vars.outputs.branch_name }} + + - name: Create pull request + id: create_pr + run: | + gh auth setup-git + PR_URL=$(gh pr create \ + --title "Bump ${{ github.ref_name }} branch" \ + --body "Issue: ${{ inputs.issue-link }}" \ + --base ${{ github.ref_name }} \ + --head ${{ steps.vars.outputs.branch_name }}) + echo "Pull request created: ${PR_URL}" + echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT + + - name: Merge pull request + run: | + # Any checks for the PR are bypassed since the branch is expected to be functional (i.e. the bump process does not introduce any bugs) + gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge + + - name: Show logs + run: | + echo "Bump complete." + echo "Branch: ${{ steps.vars.outputs.branch_name }}" + echo "PR: https://github.com/${{ github.repository }}/pull/${{ steps.create_pr.outputs.pull_request_number }}" + echo "Bumper scripts logs:" + cat ${BUMP_LOG_PATH}/repository_bumper*log diff --git a/tools/repository_bumper.sh b/tools/repository_bumper.sh index 8223e54b..6a1c747f 100644 --- a/tools/repository_bumper.sh +++ b/tools/repository_bumper.sh @@ -5,11 +5,12 @@ # Usage: ./repository_bumper.sh # Global variables -DIR=$(dirname "$(pwd)") +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" LOG_FILE="${DIR}/tools/repository_bumper_$(date +"%Y-%m-%d_%H-%M-%S-%3N").log" VERSION="" STAGE="" FILES_EDITED=() +FILES_EXCLUDED='--exclude="repository_bumper_*.log" --exclude="CHANGELOG.md" --exclude="repository_bumper.sh" --exclude="4_bumper_repository.yml"' get_old_version_and_stage() { local VERSION_FILE="${DIR}/VERSION.json" @@ -24,7 +25,7 @@ grep_command() { # This function is used to search for a specific string in the specified directory. # It takes two arguments: the string to search for and the directory to search in. # Usage: grep_command - eval grep -Rl "${1}" "${2}" --exclude-dir=".git" --exclude="repository_bumper_*.log" --exclude="CHANGELOG.md" "${3}" + eval grep -Rl "${1}" "${2}" --exclude-dir=".git" $FILES_EXCLUDED "${3}" } update_version_in_files() {