forked from Expensify/App
-
Notifications
You must be signed in to change notification settings - Fork 0
145 lines (127 loc) · 6.07 KB
/
updateProtectedBranch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# This is a utility workflow to create, approve, and merge a pull request against a protected branch.
name: Update Protected Branch
on:
workflow_dispatch:
inputs:
TARGET_BRANCH:
description: The target branch to update. This becomes the base branch of the pull request.
required: true
SOURCE_BRANCH:
description: If updating main, you must also provide a head branch to update main with.
required: false
default: ''
jobs:
updateBranch:
if: github.actor == 'OSBotify'
runs-on: ubuntu-latest
steps:
- name: Validate target branch
if: ${{ !contains(fromJSON('["main", "staging", "production"]'), github.event.inputs.TARGET_BRANCH) }}
run: |
echo "Target branch must be one of ['main', 'staging', 'production']"
exit 1
# If updating main, SOURCE_BRANCH must not be empty
- name: Validate source branch
if: github.event.inputs.TARGET_BRANCH == 'main' && github.event.inputs.SOURCE_BRANCH == ''
run: |
echo "Cannot update main branch without specifying a source branch"
exit 1
# If updating staging, the source branch will always be main
# If updating production, the source branch will always be staging
- name: Set source branch
run: |
if [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'staging' ]]; then
echo "SOURCE_BRANCH=main" >> "$GITHUB_ENV"
elif [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'production' ]]; then
echo "SOURCE_BRANCH=staging" >> "$GITHUB_ENV"
else
echo "SOURCE_BRANCH=${{ github.event.inputs.SOURCE_BRANCH }}" >> "$GITHUB_ENV"
fi
# Version: 2.3.4
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
fetch-depth: 0
token: ${{ secrets.OS_BOTIFY_TOKEN }}
- name: Checkout source branch
run: git checkout ${{ env.SOURCE_BRANCH }}
- name: Set New Version
run: echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
- uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
with:
GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
- name: Create temporary branch to resolve conflicts
if: ${{ contains(fromJSON('["staging", "production"]'), github.event.inputs.TARGET_BRANCH) }}
run: |
git config user.name ${{ github.actor }}
git checkout ${{ github.event.inputs.TARGET_BRANCH }}
git checkout -b update-${{ github.event.inputs.TARGET_BRANCH }}-from-${{ env.SOURCE_BRANCH }}
git merge -Xtheirs ${{ env.SOURCE_BRANCH }}
git push --set-upstream origin update-${{ github.event.inputs.TARGET_BRANCH }}-from-${{ env.SOURCE_BRANCH }}
- name: Create Pull Request
id: createPullRequest
run: |
gh pr create \
--title "Update version to ${{ env.NEW_VERSION }} on ${{ github.event.inputs.TARGET_BRANCH }}" \
--body "Update version to ${{ env.NEW_VERSION }}" \
--label "automerge" \
--base ${{ github.event.inputs.TARGET_BRANCH }}
sleep 5
echo "::set-output name=PR_NUMBER::$(gh pr view --json 'number' --jq '.number')"
env:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
- name: Check changed files
if: ${{ github.event.inputs.TARGET_BRANCH == 'main' }}
id: changedFiles
# Version: 3.3.0
uses: umani/changed-files@1d252c611c64289d35243fc37ece7323ea5e93e1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
pr-number: ${{ steps.createPullRequest.outputs.PR_NUMBER }}
- name: Validate changed files
if: ${{ github.event.inputs.TARGET_BRANCH == 'main' && (steps.changedFiles.outputs.files_updated != 'android/app/build.gradle ios/NewExpensify/Info.plist ios/NewExpensifyTests/Info.plist package-lock.json package.json' || steps.changedFiles.outputs.files_created != '' || steps.changedFiles.outputs.files_deleted != '') }}
run: exit 1
- name: Auto-approve the PR
run: gh pr review --approve
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check if pull request is mergeable
id: isPullRequestMergeable
uses: Expensify/App/.github/actions/isPullRequestMergeable@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PULL_REQUEST_NUMBER: ${{ steps.createPullRequest.outputs.PR_NUMBER }}
- name: Leave comment if PR is not mergeable
if: ${{ !fromJSON(steps.isPullRequestMergeable.outputs.IS_MERGEABLE) }}
run: |
gh pr comment --body \
":bell: @Expensify/mobile-deployers :bell: - The Update Protected Branch workflow has failed because this PR was not mergable.
If you are the deployer this week, please resolve the error and merge this PR to continue the deploy process."
env:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
- name: Fail workflow if PR is not mergeable
if: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE == 'false' }}
run: exit 1
- name: Auto-merge the PR
run: gh pr merge ${{ steps.createPullRequest.outputs.PR_NUMBER }} --merge --delete-branch
env:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
# This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all
# the other workflows with the same change
- uses: 8398a7/action-slack@v3
name: Job failed Slack notification
if: ${{ failure() }}
with:
status: custom
fields: workflow, repo
custom_payload: |
{
channel: '#announce',
attachments: [{
color: "#DB4545",
pretext: `<!subteam^S4TJJ3PSL>`,
text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`,
}]
}
env:
GITHUB_TOKEN: ${{ github.token }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}