-
Notifications
You must be signed in to change notification settings - Fork 24
130 lines (117 loc) · 5.28 KB
/
rollout.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
name: Add rollouts
on:
workflow_dispatch:
inputs:
start:
description: "Rollout start time"
default: "2 PM UTC tomorrow"
stable_hours:
description: "stable: rollout duration (hours, 0 to skip)"
default: "48"
testing_hours:
description: "testing: rollout duration (hours, 0 to skip)"
default: "48"
next_hours:
description: "next: rollout duration (hours, 0 to skip)"
default: "48"
permissions:
# none at all
contents: none
# This workflow could almost use the default GITHUB_TOKEN, if we were to
# push the branch into this repo. However, GitHub Actions has recursion
# avoidance that would prevent CI from running on the PR:
#
# https://github.com/peter-evans/create-pull-request/blob/28fa4848947e/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
#
# So we create the PR using a separate Personal Access Token in
# COREOSBOT_RELENG_TOKEN, belonging to a machine account. That allows CI to
# run when the PR is first created. However, it's also possible to rerun
# the workflow and have it force-push the branch, reusing the same PR. In
# that case the push also cannot come from GITHUB_TOKEN, or CI will not
# rerun. Thus we also do the push using COREOSBOT_RELENG_TOKEN. Since we
# don't want to give the machine account privileges to this repo, we push
# to a forked repo owned by the machine account.
jobs:
rollout:
name: "Add rollouts"
runs-on: ubuntu-latest
steps:
- name: Install dependencies
run: pip install python-dateutil dateparser
- name: Check out repository
uses: actions/checkout@v3
with:
# We need an unbroken commit chain when pushing to the fork. Don't
# make assumptions about which commits are already available there.
fetch-depth: 0
- name: Check out fedora-coreos-stream-generator
uses: actions/checkout@v3
with:
repository: coreos/fedora-coreos-stream-generator
path: generator
# We need Git tags for the metadata.generator field
fetch-depth: 0
- name: Build fedora-coreos-stream-generator
working-directory: generator
run: make
- name: Update metadata
env:
START: ${{ github.event.inputs.start }}
stable_HOURS: ${{ github.event.inputs.stable_hours }}
testing_HOURS: ${{ github.event.inputs.testing_hours }}
next_HOURS: ${{ github.event.inputs.next_hours }}
run: |
set -euxo pipefail
RED="\e[31m"
YELLOW="\e[33m"
GREEN="\e[32m"
RESET="\e[0m"
git config --global user.name "CoreOS Bot"
git config --global user.email "[email protected]"
rollout_desc=
branch_name=rollout
for stream in stable testing next; do
# skip this stream if requested
stream_hours="${stream}_HOURS"
if [ "${!stream_hours}" -eq 0 ]; then
echo -e "${YELLOW}${stream} rollout duration set to 0; skipping${RESET}"
continue
fi
# update stream metadata
old_version=$(jq -r .architectures.x86_64.artifacts.qemu.release < "streams/${stream}.json")
generator/fedora-coreos-stream-generator -releases="https://fcos-builds.s3.amazonaws.com/prod/streams/${stream}/releases.json" -output-file="streams/${stream}.json" -pretty-print
version=$(jq -r .architectures.x86_64.artifacts.qemu.release < "streams/${stream}.json")
if [ "${old_version}" = "${version}" ]; then
echo -e "${YELLOW}${stream} unchanged at version ${version}; skipping${RESET}"
continue
fi
# add rollout
echo -e "${GREEN}${stream} updating from ${old_version} to ${version}${RESET}"
./rollout.py add "${stream}" "${version}" "${START}" "${!stream_hours}"
# commit
git add "streams/${stream}.json" "updates/${stream}.json"
git commit -m "Roll out ${stream} ${version}"
# update state
rollout_desc="${rollout_desc}${rollout_desc:+, }${stream} ${version}"
branch_name="${branch_name}-${version}"
done
if [ -z "${rollout_desc}" ]; then
echo -e "${RED}Nothing to update?${RESET}"
exit 1
fi
rm -rf generator
# ensure create-pull-request doesn't commit stream metadata
# timestamp bumps for unchanged streams
git reset --hard
echo "BRANCH_NAME=${branch_name}" >> ${GITHUB_ENV}
echo "ROLLOUT_DESC=${rollout_desc}" >> ${GITHUB_ENV}
- name: Open pull request
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.COREOSBOT_RELENG_TOKEN }}
branch: ${{ env.BRANCH_NAME }}
push-to-fork: coreosbot-releng/fedora-coreos-streams
title: "Roll out ${{ env.ROLLOUT_DESC }}"
body: "Requested by @${{ github.actor }} via [GitHub workflow](${{ github.server_url }}/${{ github.repository }}/actions/workflows/rollout.yml) ([source](${{ github.server_url }}/${{ github.repository }}/blob/main/.github/workflows/rollout.yml))."
delete-branch: true