From 9d2c57d3d922386fd8a39eb3f2097959ed59e794 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Tue, 5 Nov 2024 11:48:03 -0500 Subject: [PATCH] BRE-344 - Add Repository Management workflow (#11855) --- ...ion-bump.yml => repository-management.yml} | 415 ++++++------------ .github/workflows/version-auto-bump.yml | 64 ++- 2 files changed, 189 insertions(+), 290 deletions(-) rename .github/workflows/{version-bump.yml => repository-management.yml} (55%) diff --git a/.github/workflows/version-bump.yml b/.github/workflows/repository-management.yml similarity index 55% rename from .github/workflows/version-bump.yml rename to .github/workflows/repository-management.yml index d0be0373e6..21de47f13b 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/repository-management.yml @@ -1,124 +1,130 @@ -name: Version Bump +name: Repository management on: workflow_dispatch: inputs: + task: + default: "Version Bump" + description: "Task to execute" + options: + - "Version Bump" + - "Version Bump and Cut rc" + required: true + type: choice bump_browser: - description: "Bump Browser?" + description: "Bump Browser version?" type: boolean default: false bump_cli: - description: "Bump CLI?" + description: "Bump CLI version?" type: boolean default: false bump_desktop: - description: "Bump Desktop?" + description: "Bump Desktop version?" type: boolean default: false bump_web: - description: "Bump Web?" + description: "Bump Web version?" type: boolean default: false + target_ref: + default: "main" + description: "Branch/Tag to target for cut" + required: true + type: string version_number_override: description: "New version override (leave blank for automatic calculation, example: '2024.1.0')" required: false type: string - cut_rc_branch: - description: "Cut RC branch?" - default: true - type: boolean - enable_slack_notification: - description: "Enable Slack notifications for upcoming release?" - default: false - type: boolean + jobs: + setup: + name: Setup + runs-on: ubuntu-24.04 + outputs: + branch: ${{ steps.set-branch.outputs.branch }} + token: ${{ steps.app-token.outputs.token }} + steps: + - name: Set branch + id: set-branch + env: + TASK: ${{ inputs.task }} + run: | + if [[ "$TASK" == "Version Bump" ]]; then + BRANCH="none" + elif [[ "$TASK" == "Version Bump and Cut rc" ]]; then + BRANCH="rc" + fi + + echo "branch=$BRANCH" >> $GITHUB_OUTPUT + + - name: Generate GH App token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + id: app-token + with: + app-id: ${{ secrets.BW_GHAPP_ID }} + private-key: ${{ secrets.BW_GHAPP_KEY }} + + + cut_branch: + name: Cut branch + if: ${{ needs.setup.outputs.branch == 'rc' }} + needs: setup + runs-on: ubuntu-24.04 + steps: + - name: Check out target ref + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ inputs.target_ref }} + token: ${{ needs.setup.outputs.token }} + + - name: Check if ${{ needs.setup.outputs.branch }} branch exists + env: + BRANCH_NAME: ${{ needs.setup.outputs.branch }} + run: | + if [[ $(git ls-remote --heads origin $BRANCH_NAME) ]]; then + echo "$BRANCH_NAME already exists! Please delete $BRANCH_NAME before running again." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + - name: Cut branch + env: + BRANCH_NAME: ${{ needs.setup.outputs.branch }} + run: | + git switch --quiet --create $BRANCH_NAME + git push --quiet --set-upstream origin $BRANCH_NAME + + bump_version: name: Bump Version - runs-on: ubuntu-22.04 + if: ${{ always() }} + runs-on: ubuntu-24.04 + needs: + - cut_branch + - setup outputs: version_browser: ${{ steps.set-final-version-output.outputs.version_browser }} version_cli: ${{ steps.set-final-version-output.outputs.version_cli }} version_desktop: ${{ steps.set-final-version-output.outputs.version_desktop }} version_web: ${{ steps.set-final-version-output.outputs.version_web }} steps: - - name: Validate version input + - name: Validate version input format if: ${{ inputs.version_number_override != '' }} uses: bitwarden/gh-actions/version-check@main with: version: ${{ inputs.version_number_override }} - - name: Slack Notification Check - run: | - if [[ "${{ inputs.enable_slack_notification }}" == true ]]; then - echo "Slack notifications enabled." - else - echo "Slack notifications disabled." - fi - - - name: Checkout Branch + - name: Check out branch uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: main + token: ${{ needs.setup.outputs.token }} - - name: Check if RC branch exists - if: ${{ inputs.cut_rc_branch == true }} + - name: Configure Git run: | - remote_rc_branch_check=$(git ls-remote --heads origin rc | wc -l) - if [[ "${remote_rc_branch_check}" -gt 0 ]]; then - echo "Remote RC branch exists." - echo "Please delete current RC branch before running again." - exit 1 - fi - - - name: Login to Azure - CI Subscription - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "github-gpg-private-key, - github-gpg-private-key-passphrase" - - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 - with: - gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} - passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} - git_user_signingkey: true - git_commit_gpgsign: true - - - name: Setup git - run: | - git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" - git config --local user.name "bitwarden-devops-bot" - - - name: Create Version Branch - id: create-branch - run: | - CLIENTS=() - if [[ ${{ inputs.bump_browser }} == true ]]; then - CLIENTS+=("browser") - fi - if [[ ${{ inputs.bump_cli }} == true ]]; then - CLIENTS+=("cli") - fi - if [[ ${{ inputs.bump_desktop }} == true ]]; then - CLIENTS+=("desktop") - fi - if [[ ${{ inputs.bump_web }} == true ]]; then - CLIENTS+=("web") - fi - printf -v joined '%s,' "${CLIENTS[@]}" - echo "client=${joined%,}" >> $GITHUB_OUTPUT - - NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d") - git switch -c $NAME - echo "name=$NAME" >> $GITHUB_OUTPUT + git config --local user.email "actions@github.com" + git config --local user.name "Github Actions" ######################## # VERSION BUMP SECTION # @@ -165,7 +171,9 @@ jobs: - name: Bump Browser Version - Version Override if: ${{ inputs.bump_browser == true && inputs.version_number_override != '' }} id: bump-browser-version-override - run: npm version --workspace=@bitwarden/browser ${{ inputs.version_number_override }} + env: + VERSION: ${{ inputs.version_number_override }} + run: npm version --workspace=@bitwarden/browser $VERSION - name: Bump Browser Version - Automatic Calculation if: ${{ inputs.bump_browser == true && inputs.version_number_override == '' }} @@ -250,7 +258,9 @@ jobs: - name: Bump CLI Version - Version Override if: ${{ inputs.bump_cli == true && inputs.version_number_override != '' }} id: bump-cli-version-override - run: npm version --workspace=@bitwarden/cli ${{ inputs.version_number_override }} + env: + VERSION: ${{ inputs.version_number_override }} + run: npm version --workspace=@bitwarden/cli $VERSION - name: Bump CLI Version - Automatic Calculation if: ${{ inputs.bump_cli == true && inputs.version_number_override == '' }} @@ -300,7 +310,9 @@ jobs: - name: Bump Desktop Version - Root - Version Override if: ${{ inputs.bump_desktop == true && inputs.version_number_override != '' }} id: bump-desktop-version-override - run: npm version --workspace=@bitwarden/desktop ${{ inputs.version_number_override }} + env: + VERSION: ${{ inputs.version_number_override }} + run: npm version --workspace=@bitwarden/desktop $VERSION - name: Bump Desktop Version - Root - Automatic Calculation if: ${{ inputs.bump_desktop == true && inputs.version_number_override == '' }} @@ -311,7 +323,9 @@ jobs: - name: Bump Desktop Version - App - Version Override if: ${{ inputs.bump_desktop == true && inputs.version_number_override != '' }} - run: npm version ${{ inputs.version_number_override }} + env: + VERSION: ${{ inputs.version_number_override }} + run: npm version $VERSION working-directory: "apps/desktop/src" - name: Bump Desktop Version - App - Automatic Calculation @@ -362,7 +376,9 @@ jobs: - name: Bump Web Version - Version Override if: ${{ inputs.bump_web == true && inputs.version_number_override != '' }} id: bump-web-version-override - run: npm version --workspace=@bitwarden/web-vault ${{ inputs.version_number_override }} + env: + VERSION: ${{ inputs.version_number_override }} + run: npm version --workspace=@bitwarden/web-vault $VERSION - name: Bump Web Version - Automatic Calculation if: ${{ inputs.bump_web == true && inputs.version_number_override == '' }} @@ -375,27 +391,29 @@ jobs: - name: Set final version output id: set-final-version-output + env: + VERSION: ${{ inputs.version_number_override }} run: | if [[ "${{ steps.bump-browser-version-override.outcome }}" = "success" ]]; then - echo "version_browser=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT + echo "version_browser=$VERSION" >> $GITHUB_OUTPUT elif [[ "${{ steps.bump-browser-version-automatic.outcome }}" = "success" ]]; then echo "version_browser=${{ steps.calculate-next-browser-version.outputs.version }}" >> $GITHUB_OUTPUT fi if [[ "${{ steps.bump-cli-version-override.outcome }}" = "success" ]]; then - echo "version_cli=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT + echo "version_cli=$VERSION" >> $GITHUB_OUTPUT elif [[ "${{ steps.bump-cli-version-automatic.outcome }}" = "success" ]]; then echo "version_cli=${{ steps.calculate-next-cli-version.outputs.version }}" >> $GITHUB_OUTPUT fi if [[ "${{ steps.bump-desktop-version-override.outcome }}" = "success" ]]; then - echo "version_desktop=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT + echo "version_desktop=$VERSION" >> $GITHUB_OUTPUT elif [[ "${{ steps.bump-desktop-version-automatic.outcome }}" = "success" ]]; then echo "version_desktop=${{ steps.calculate-next-desktop-version.outputs.version }}" >> $GITHUB_OUTPUT fi if [[ "${{ steps.bump-web-version-override.outcome }}" = "success" ]]; then - echo "version_web=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT + echo "version_web=$VERSION" >> $GITHUB_OUTPUT elif [[ "${{ steps.bump-web-version-automatic.outcome }}" = "success" ]]; then echo "version_web=${{ steps.calculate-next-web-version.outputs.version }}" >> $GITHUB_OUTPUT fi @@ -416,199 +434,52 @@ jobs: - name: Push changes if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - env: - PR_BRANCH: ${{ steps.create-branch.outputs.name }} - run: git push -u origin $PR_BRANCH + run: git push - - name: Generate PR message - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - id: pr-message - run: | - MESSAGE="" - if [[ "${{ inputs.bump_browser }}" == "true" ]]; then - MESSAGE+=$' Browser version bump to ${{ steps.set-final-version-output.outputs.version_browser }}\n' - fi - if [[ "${{ inputs.bump_cli }}" == "true" ]]; then - MESSAGE+=$' CLI version bump to ${{ steps.set-final-version-output.outputs.version_cli }}\n' - fi - - if [[ "${{ inputs.bump_desktop }}" == "true" ]]; then - MESSAGE+=$' Desktop version bump to ${{ steps.set-final-version-output.outputs.version_desktop }}\n' - fi - - if [[ "${{ inputs.bump_web }}" == "true" ]]; then - MESSAGE+=$' Web version bump to ${{ steps.set-final-version-output.outputs.version_web }}\n' - fi - - echo "MESSAGE<> $GITHUB_ENV - echo "$MESSAGE" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - - name: Generate GH App token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - id: app-token - with: - app-id: ${{ secrets.BW_GHAPP_ID }} - private-key: ${{ secrets.BW_GHAPP_KEY }} - owner: ${{ github.repository_owner }} - - - name: Create Version PR - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - id: create-pr - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - PR_BRANCH: ${{ steps.create-branch.outputs.name }} - TITLE: "Bump client(s) version" - run: | - PR_URL=$(gh pr create --title "$TITLE" \ - --base "main" \ - --head "$PR_BRANCH" \ - --label "version update" \ - --label "automated pr" \ - --body " - ## Type of change - - [ ] Bug fix - - [ ] New feature development - - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - - [ ] Build/deploy pipeline (DevOps) - - [X] Other - - ## Objective - $MESSAGE") - - echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT - - - name: Approve PR - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }} - run: gh pr review $PR_NUMBER --approve - - - name: Merge PR - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }} - run: gh pr merge $PR_NUMBER --squash --auto --delete-branch - - - name: Report upcoming browser release version to Slack - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && steps.set-final-version-output.outputs.version_browser != '' && inputs.enable_slack_notification == true }} - uses: bitwarden/gh-actions/report-upcoming-release-version@main - with: - version: ${{ steps.set-final-version-output.outputs.version_browser }} - project: browser - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Report upcoming cli release version to Slack - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && steps.set-final-version-output.outputs.version_cli != '' && inputs.enable_slack_notification == true }} - uses: bitwarden/gh-actions/report-upcoming-release-version@main - with: - version: ${{ steps.set-final-version-output.outputs.version_cli }} - project: cli - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Report upcoming desktop release version to Slack - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && steps.set-final-version-output.outputs.version_desktop != '' && inputs.enable_slack_notification == true }} - uses: bitwarden/gh-actions/report-upcoming-release-version@main - with: - version: ${{ steps.set-final-version-output.outputs.version_desktop }} - project: desktop - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Report upcoming web release version to Slack - if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && steps.set-final-version-output.outputs.version_web != '' && inputs.enable_slack_notification == true }} - uses: bitwarden/gh-actions/report-upcoming-release-version@main - with: - version: ${{ steps.set-final-version-output.outputs.version_web }} - project: web - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - cut_rc: - name: Cut RC branch - if: ${{ inputs.cut_rc_branch == true }} - needs: bump_version - runs-on: ubuntu-22.04 + cherry_pick: + name: Cherry-Pick Commit(s) + if: ${{ needs.setup.outputs.branch == 'rc' }} + runs-on: ubuntu-24.04 + needs: + - bump_version + - setup steps: - - name: Checkout Branch + - name: Check out main branch uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: main + token: ${{ needs.setup.outputs.token }} - ### Browser - - name: Browser - Verify version has been updated - if: ${{ inputs.bump_browser == true }} - env: - NEW_VERSION: ${{ needs.bump_version.outputs.version_browser }} + - name: Configure Git run: | - # Wait for version to change. - while : ; do - echo "Waiting for version to be updated..." - git pull --force - CURRENT_VERSION=$(cat package.json | jq -r '.version') + git config --local user.email "actions@github.com" + git config --local user.name "Github Actions" - # If the versions don't match we continue the loop, otherwise we break out of the loop. - [[ "$NEW_VERSION" != "$CURRENT_VERSION" ]] || break - sleep 10 - done - working-directory: apps/browser - - ### CLI - - name: CLI - Verify version has been updated - if: ${{ inputs.bump_cli == true }} - env: - NEW_VERSION: ${{ needs.bump_version.outputs.version_cli }} + - name: Perform cherry-pick(s) run: | - # Wait for version to change. - while : ; do - echo "Waiting for version to be updated..." - git pull --force - CURRENT_VERSION=$(cat package.json | jq -r '.version') + # Function for cherry-picking + cherry_pick () { + local package_path="apps/$1/package.json" + local source_branch=$2 + local destination_branch=$3 - # If the versions don't match we continue the loop, otherwise we break out of the loop. - [[ "$NEW_VERSION" != "$CURRENT_VERSION" ]] || break - sleep 10 - done - working-directory: apps/cli + # Get project commit/version from source branch + git switch $source_branch + SOURCE_COMMIT=$(git log --reverse --pretty=format:"%H" --max-count=1 $package_path) + SOURCE_VERSION=$(cat $package_path | jq -r '.version') - ### Desktop - - name: Desktop - Verify version has been updated - if: ${{ inputs.bump_desktop == true }} - env: - NEW_VERSION: ${{ needs.bump_version.outputs.version_desktop }} - run: | - # Wait for version to change. - while : ; do - echo "Waiting for version to be updated..." - git pull --force - CURRENT_VERSION=$(cat package.json | jq -r '.version') + # Get project commit/version from destination branch + git switch $destination_branch + DESTINATION_VERSION=$(cat $package_path | jq -r '.version') - # If the versions don't match we continue the loop, otherwise we break out of the loop. - [[ "$NEW_VERSION" != "$CURRENT_VERSION" ]] || break - sleep 10 - done - working-directory: apps/desktop + if [[ "$DESTINATION_VERSION" != "$SOURCE_VERSION" ]]; then + git cherry-pick --strategy-option=theirs -x $SOURCE_COMMIT + git push -u origin $destination_branch + fi - ### Web - - name: Web - Verify version has been updated - if: ${{ inputs.bump_web == true }} - env: - NEW_VERSION: ${{ needs.bump_version.outputs.version_web }} - run: | - # Wait for version to change. - while : ; do - echo "Waiting for version to be updated..." - git pull --force - CURRENT_VERSION=$(cat package.json | jq -r '.version') - - # If the versions don't match we continue the loop, otherwise we break out of the loop. - [[ "$NEW_VERSION" != "$CURRENT_VERSION" ]] || break - sleep 10 - done - working-directory: apps/web - - - name: Cut RC branch - run: | - git switch --quiet --create rc - git push --quiet --set-upstream origin rc + # Cherry-pick from 'main' into 'rc' + cherry_pick browser main rc + cherry_pick cli main rc + cherry_pick desktop main rc + cherry_pick web main rc diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml index cc6feeba02..f41261cb39 100644 --- a/.github/workflows/version-auto-bump.yml +++ b/.github/workflows/version-auto-bump.yml @@ -8,27 +8,55 @@ on: jobs: bump-version: name: Bump Desktop Version - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - - name: Login to Azure - CI Subscription - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + - name: Generate GH App token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + id: app-token with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + app-id: ${{ secrets.BW_GHAPP_ID }} + private-key: ${{ secrets.BW_GHAPP_KEY }} - - name: Retrieve bot secrets - id: retrieve-bot-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main + - name: Check out target ref + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - keyvault: bitwarden-ci - secrets: "github-pat-bitwarden-devops-bot-repo-scope" + ref: main + token: ${{ steps.app-token.outputs.token }} - - name: Trigger Version Bump workflow - env: - GH_TOKEN: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + - name: Configure Git run: | - echo '{"cut_rc_branch": "false", - "bump_browser": "false", - "bump_cli": "false", - "bump_desktop": "true", - "bump_web": "false"}' | \ - gh workflow run version-bump.yml --json --repo bitwarden/clients + git config --local user.email "actions@github.com" + git config --local user.name "Github Actions" + + - name: Get current Desktop version + id: current-desktop-version + run: | + CURRENT_VERSION=$(cat package.json | jq -r '.version') + echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT + working-directory: apps/desktop + + - name: Calculate next Desktop release version + id: calculate-next-desktop-version + uses: bitwarden/gh-actions/version-next@main + with: + version: ${{ steps.current-desktop-version.outputs.version }} + + - name: Bump Desktop Version - Root - Automatic Calculation + id: bump-desktop-version-automatic + env: + VERSION: ${{ steps.calculate-next-desktop-version.outputs.version }} + run: npm version --workspace=@bitwarden/desktop $VERSION + + - name: Bump Desktop Version - App - Automatic Calculation + env: + VERSION: ${{ steps.calculate-next-desktop-version.outputs.version }} + run: npm version $VERSION + working-directory: "apps/desktop/src" + + - name: Commit files + env: + VERSION: ${{ steps.calculate-next-desktop-version.outputs.version }} + run: git commit -m "Bumped Desktop client to $VERSION" -a + + - name: Push changes + run: git push