Merge pull request #28885 from Luap99/v5.8

[v5.8] some more CI related backports
This commit is contained in:
Tom Sweeney
2026-06-10 15:51:11 -04:00
committed by GitHub
12 changed files with 302 additions and 171 deletions

View File

@@ -46,6 +46,8 @@ jobs:
validate-source:
name: Validate source code changes
runs-on: cncf-ubuntu-8-32-x86
permissions:
pull-requests: read # For hack/ci/pr-should-include-tests to query PR labels.
env:
# Base commit of this PR; used by the Makefile and the helper scripts to
# compute the commit range (git merge-base $DEST_BRANCH HEAD).
@@ -126,8 +128,9 @@ jobs:
run: make swagger
- name: Check that the PR includes tests
# The 'No New Tests' label lets maintainers override this check.
if: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'No New Tests') }}
env:
# For hack/ci/pr-should-include-tests to query PR labels.
GITHUB_TOKEN: ${{ github.token }}
run: make tests-included
- name: Validate renovate config
@@ -154,9 +157,8 @@ jobs:
# limit enforced by hack/ci/make-and-check-size.sh.
if: ${{ github.event_name == 'pull_request' }}
env:
# The 'bloat_approved' label lets a repo admin override the binary
# size growth check in hack/ci/make-and-check-size.sh.
BLOAT_APPROVED: ${{ contains(github.event.pull_request.labels.*.name, 'bloat_approved') }}
# For hack/ci/make-and-check-size.sh to query PR labels.
GITHUB_TOKEN: ${{ github.token }}
run: |
# git rebase rewrites commits, so it needs a committer identity.
git config user.name "CI"

View File

@@ -15,8 +15,7 @@ jobs:
- name: Bump
id: bump
run: |
ref=${{ github.ref_name }}
version=${ref#v}
version=${GITHUB_REF_NAME#v}
if [[ $version == *-rc* ]]; then
devbump="${version%-*}-dev"
echo "::notice:: is a rc - bumping z down to $devbump"
@@ -27,53 +26,56 @@ jobs:
echo "::notice:: bumping z up to $devbump"
fi
sed -i "s/const RawVersion = ".*"/const RawVersion = \"${devbump}\"/g" version/rawversion/version.go
sed --sandbox -i -e "s/const RawVersion = \".*\"/const RawVersion = \"${devbump}\"/g" version/rawversion/version.go
echo "devbump=$devbump" >> $GITHUB_OUTPUT
- name: Push
env:
DEVBUMP: ${{ steps.bump.outputs.devbump }}
run: |
# Make committer the user who triggered the action, either through cutting a release or manual trigger
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
git config --local user.name ${{ github.actor }}
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
bumpbranch="bump-${{ steps.bump.outputs.devbump }}"
git config --local user.name "${GITHUB_ACTOR}"
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
bumpbranch="bump-${DEVBUMP}"
git checkout -b $bumpbranch
git add version/rawversion/version.go
git commit --signoff -m "Bump Podman to v${{ steps.bump.outputs.devbump }}"
git commit --signoff -m "Bump Podman to v${DEVBUMP}"
git remote add podmanbot https://github.com/podmanbot/podman
git push -f podmanbot "$bumpbranch"
- name: Check open PRs
id: checkpr
env:
DEVBUMP: ${{ steps.bump.outputs.devbump }}
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
run: |
prs=$(gh pr list \
--repo ${{ github.repository }} \
--head bump-${{ steps.bump.outputs.devbump }} \
--repo "${GITHUB_REPOSITORY}" \
--head "bump-${DEVBUMP}" \
--state open \
--json title \
--jq 'length')
if ((prs > 0)); then
echo "SKIPPING: PR already exists to update from ${{ github.ref_name }}."
echo "SKIPPING: PR already exists to update from ${GITHUB_REF_NAME}."
else
echo "prexists=false" >> "$GITHUB_OUTPUT"
fi
- name: Open PR
if: steps.checkpr.outputs.prexists == 'false'
id: pr
env:
DEVBUMP: ${{ steps.bump.outputs.devbump }}
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
run: |
bumpbranch="bump-${{ steps.bump.outputs.devbump }}"
ref=${{ github.ref_name }}
base=${ref%.*}
bumpbranch="bump-${DEVBUMP}"
base=${GITHUB_REF_NAME%.*}
body=$(printf '```release-note\nNone\n```\n')
gh pr create \
--title "Bump Podman to v${{ steps.bump.outputs.devbump }}" \
--title "Bump Podman to v${DEVBUMP}" \
--body "$body" \
--head "podmanbot:$bumpbranch" \
--base "$base" \
--repo ${{ github.repository }}
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
--repo "${GITHUB_REPOSITORY}"
mainbump:
name: Bump on main
runs-on: ubuntu-latest
@@ -88,8 +90,7 @@ jobs:
id: check
run: |
mainvers=`grep -P '(?<=const RawVersion = ")(\d.\d)' -o version/rawversion/version.go`
ref=${{ github.ref_name }}
releasevers=${ref#v}
releasevers=${GITHUB_REF_NAME#v}
if echo "${mainvers},${releasevers}" | tr ',' '\n' | sort -V -C
then
echo "bump=true" >> $GITHUB_OUTPUT
@@ -101,8 +102,7 @@ jobs:
id: bump
if: steps.check.outputs.bump == 'true'
run: |
ref=${{ github.ref_name }}
releasevers=${ref#v}
releasevers=${GITHUB_REF_NAME#v}
arr=($(echo "$releasevers" | tr . '\n'))
arr[1]=$((${arr[1]}+1))
@@ -110,49 +110,53 @@ jobs:
devbump="$(IFS=. ; echo "${arr[*]}")-dev"
echo "::notice:: Bumping main to: $devbump"
sed -i "s/const RawVersion = \".*\"/const RawVersion = \"$devbump\"/g" version/rawversion/version.go
sed --sandbox -i -e "s/const RawVersion = \".*\"/const RawVersion = \"${devbump}\"/g" version/rawversion/version.go
echo "devbump=$devbump" >> $GITHUB_OUTPUT
- name: Push
if: steps.check.outputs.bump == 'true'
env:
DEVBUMP: ${{ steps.bump.outputs.devbump }}
run: |
# Make committer the user who triggered the action, either through cutting a release or manual trigger
# GitHub gisves everyone a noreply email associated with their account, use that email for the sign-off
git config --local user.name ${{ github.actor }}
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
bumpbranch="bump-main-${{ steps.bump.outputs.devbump }}"
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
git config --local user.name "${GITHUB_ACTOR}"
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
bumpbranch="bump-main-${DEVBUMP}"
git checkout -b $bumpbranch
git add version/rawversion/version.go
git commit --signoff -m "Bump main to v${{ steps.bump.outputs.devbump }}"
git commit --signoff -m "Bump main to v${DEVBUMP}"
git remote add podmanbot https://github.com/podmanbot/podman
git push -f podmanbot "$bumpbranch"
- name: Check open PRs
id: checkpr
if: steps.check.outputs.bump == 'true'
env:
DEVBUMP: ${{ steps.bump.outputs.devbump }}
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
run: |
prs=$(gh pr list \
--repo ${{ github.repository }} \
--head bump-main-${{ steps.bump.outputs.devbump }} \
--repo "${GITHUB_REPOSITORY}" \
--head "bump-main-${DEVBUMP}" \
--state open \
--json title \
--jq 'length')
if ((prs > 0)); then
echo "SKIPPING: PR already exists to update to ${{ steps.bump.outputs.devbump }}."
echo "SKIPPING: PR already exists to update to ${DEVBUMP}."
else
echo "prexists=false" >> "$GITHUB_OUTPUT"
fi
- name: Open PR
if: steps.check.outputs.bump == 'true' && steps.checkpr.outputs.prexists == 'false'
env:
DEVBUMP: ${{ steps.bump.outputs.devbump }}
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
run: |
bumpbranch="bump-main-${{ steps.bump.outputs.devbump }}"
bumpbranch="bump-main-${DEVBUMP}"
body=$(printf '```release-note\nNone\n```\n')
gh pr create \
--title "Bump main to v${{ steps.bump.outputs.devbump }}" \
--title "Bump main to v${DEVBUMP}" \
--body "$body" \
--head "podmanbot:$bumpbranch" \
--base "main" \
--repo ${{ github.repository }}
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
--repo "${GITHUB_REPOSITORY}"

View File

@@ -64,15 +64,16 @@ jobs:
# Step 3: Update the HTML file locally
- name: Update HTML file
if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
env:
CONTRIBUTOR_NAME: ${{ github.event.inputs.contributor_username || github.event.pull_request.user.login }}
PR_NUMBER: ${{ github.event.inputs.pr_number || github.event.pull_request.number }}
run: |
HTML_FILE="automation-repo/certificate-generator/certificate_generator.html"
CONTRIBUTOR_NAME="${{ github.event.inputs.contributor_username || github.event.pull_request.user.login }}"
PR_NUMBER="${{ github.event.inputs.pr_number || github.event.pull_request.number }}"
MERGE_DATE=$(date -u +"%B %d, %Y")
sed -i "/id=\"contributorName\"/s/value=\"[^\"]*\"/value=\"${CONTRIBUTOR_NAME}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update contributor name."; exit 1; }
sed -i "/id=\"prNumber\"/s/value=\"[^\"]*\"/value=\"#${PR_NUMBER}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update PR number."; exit 1; }
sed -i "/id=\"mergeDate\"/s/value=\"[^\"]*\"/value=\"${MERGE_DATE}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update merge date."; exit 1; }
sed --sandbox -i -e "/id=\"contributorName\"/s/value=\"[^\"]*\"/value=\"${CONTRIBUTOR_NAME}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update contributor name."; exit 1; }
sed --sandbox -i -e "/id=\"prNumber\"/s/value=\"[^\"]*\"/value=\"#${PR_NUMBER}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update PR number."; exit 1; }
sed --sandbox -i -e "/id=\"mergeDate\"/s/value=\"[^\"]*\"/value=\"${MERGE_DATE}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update merge date."; exit 1; }
# Step 4: Setup Node.js environment
- name: Setup Node.js
@@ -119,6 +120,10 @@ jobs:
- name: Upload certificate to separate repository
if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
uses: actions/github-script@v8
env:
CONTRIBUTOR_USERNAME: ${{ github.event.inputs.contributor_username }}
USER_LOGIN: ${{ github.event.pull_request.user.login }}
PR_NUMBER: ${{ github.event.inputs.pr_number }}
with:
github-token: ${{ secrets.CERTIFICATES_REPO_TOKEN }}
script: |
@@ -156,10 +161,10 @@ jobs:
// Create a unique filename with timestamp
const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
const contributorName = context.eventName === 'workflow_dispatch'
? '${{ github.event.inputs.contributor_username }}'
: '${{ github.event.pull_request.user.login }}';
? process.env.CONTRIBUTOR_USERNAME
: process.env.USER_LOGIN;
const prNumber = context.eventName === 'workflow_dispatch'
? '${{ github.event.inputs.pr_number }}'
? process.env.PR_NUMBER
: context.issue.number;
const filename = `certificates/${contributorName}-${prNumber}-${timestamp}.png`;
@@ -218,6 +223,10 @@ jobs:
- name: Comment with embedded certificate image
if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
uses: actions/github-script@v8
env:
CONTRIBUTOR_USERNAME: ${{ github.event.inputs.contributor_username }}
USER_LOGIN: ${{ github.event.pull_request.user.login }}
PR_NUMBER: ${{ github.event.inputs.pr_number }}
with:
script: |
try {
@@ -239,17 +248,17 @@ jobs:
if (context.eventName === 'workflow_dispatch') {
// Manual trigger case
const contributorName = '${{ github.event.inputs.contributor_username }}';
const prNumber = '${{ github.event.inputs.pr_number }}';
const contributorName = process.env.CONTRIBUTOR_USERNAME;
const prNumber = process.env.PR_NUMBER;
body = `📜 Certificate preview generated for @${contributorName} (PR #${prNumber}):\n\n${body}`;
} else {
// Auto trigger case for first-time contributors
const username = '${{ github.event.pull_request.user.login }}';
const username = process.env.USER_LOGIN;
body = `🎉 Congratulations on your first merged pull request, @${username}! Thank you for your contribution.\n\nHere's a preview of your certificate:\n\n${body}`;
}
const issueNumber = context.eventName === 'workflow_dispatch' ?
parseInt('${{ github.event.inputs.pr_number }}') :
parseInt(process.env.PR_NUMBER) :
context.issue.number;
await github.rest.issues.createComment({

View File

@@ -36,33 +36,42 @@ jobs:
steps:
- name: Consolidate dryrun setting to always be true or false
id: actual_dryrun
env:
INPUT_DRYRUN: ${{ inputs.dryrun }}
run: |
# The 'release' trigger will not have a 'dryrun' input set. Handle
# this case in a readable/maintainable way.
if [[ -z "${{ inputs.dryrun }}" ]]
if [[ -z "${INPUT_DRYRUN}" ]]
then
echo "dryrun=false" >> $GITHUB_OUTPUT
else
echo "dryrun=${{ inputs.dryrun }}" >> $GITHUB_OUTPUT
echo "dryrun=${INPUT_DRYRUN}" >> $GITHUB_OUTPUT
fi
- name: Dry Run Status
env:
DRYRUN: ${{ steps.actual_dryrun.outputs.dryrun }}
run: |
echo "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
echo "::notice::This workflow execution will be a dry-run: ${DRYRUN}"
- name: Determine Version
id: getversion
env:
INPUT_VERSION: ${{ inputs.version }}
TAG_NAME: ${{ github.event.release.tag_name }}
run: |
if [[ -z "${{ inputs.version }}" ]]
if [[ -z "${INPUT_VERSION}" ]]
then
VERSION=${{ github.event.release.tag_name }}
VERSION=${TAG_NAME}
else
VERSION=${{ inputs.version }}
VERSION=${INPUT_VERSION}
fi
echo
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Check uploads
id: check
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
URI="https://github.com/containers/podman/releases/download/${{steps.getversion.outputs.version}}"
URI="https://github.com/containers/podman/releases/download/${VERSION}"
ARM_FILE="podman-installer-macos-arm64.pkg"
AMD_FILE="podman-installer-macos-amd64.pkg"
UNIVERSAL_FILE="podman-installer-macos-universal.pkg"
@@ -165,8 +174,9 @@ jobs:
steps.check.outputs.builduniversal == 'true' )
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
(gh release download ${{steps.getversion.outputs.version}} -p "shasums" || exit 0)
(gh release download "${VERSION}" -p "shasums" || exit 0)
cat contrib/pkginstaller/out/shasums >> shasums
gh release upload ${{steps.getversion.outputs.version}} contrib/pkginstaller/out/podman-installer-macos-*.pkg
gh release upload ${{steps.getversion.outputs.version}} --clobber shasums
gh release upload "${VERSION}" contrib/pkginstaller/out/podman-installer-macos-*.pkg
gh release upload "${VERSION}" --clobber shasums

View File

@@ -20,8 +20,8 @@ jobs:
pull-requests: write
env:
SHA: ${{github.event.pull_request.head.sha}}
UPSTREAM_MACHINE_OS: "containers/podman-machine-os"
PODMAN_REPO: "containers/podman"
UPSTREAM_MACHINE_OS: "podman-container-tools/podman-machine-os"
PODMAN_REPO: "podman-container-tools/podman"
steps:
- name: Get version
@@ -34,9 +34,9 @@ jobs:
exit 1
elif [[ $VERSION == *-dev ]] ; then
echo "::warning:: SKIPPING: dev bump"
elif [[ ${{github.base_ref}} == "main" ]] ; then
elif [[ "${GITHUB_BASE_REF}" == "main" ]] ; then
echo "::warning:: SKIPPING: main branch"
elif [[ ${{github.base_ref}} == *-rhel ]] ; then
elif [[ "${GITHUB_BASE_REF}" == *-rhel ]] ; then
echo "::warning:: SKIPPING: rhel branch"
else
echo "update=true" >> "$GITHUB_OUTPUT"
@@ -46,7 +46,7 @@ jobs:
- name: Check machine-os-branch
if: steps.getversion.outputs.update == 'true'
run: |
if ! (curl -s https://api.github.com/repos/$UPSTREAM_MACHINE_OS/branches| jq -e --arg branch "${{github.base_ref}}" '.[] | select(.name==$branch)') ; then
if ! curl -s "https://api.github.com/repos/$UPSTREAM_MACHINE_OS/branches" | jq -e --arg branch "${GITHUB_BASE_REF}" '.[] | select(.name==$branch)'; then
echo "::error:: Release branch does not exist."
echo "::error:: Please push $branch to $UPSTREAM_MACHINE_OS, then re-run this task."
exit 1
@@ -57,8 +57,9 @@ jobs:
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
EVENT_NUMBER: ${{ github.event.number }}
run: |
gh pr edit --add-label do-not-merge/wait-machine-os-build ${{github.event.number}}
gh pr edit --add-label do-not-merge/wait-machine-os-build "${EVENT_NUMBER}"
- name: Install wait-for-copr
if: steps.getversion.outputs.update == 'true'
@@ -69,51 +70,60 @@ jobs:
if: steps.getversion.outputs.update == 'true'
id: checkout
with:
repository: containers/podman-machine-os
repository: podman-container-tools/podman-machine-os
ref: ${{github.base_ref}}
token: ${{secrets.PODMANBOT_TOKEN}}
- name: Bump version
if: steps.getversion.outputs.update == 'true'
env:
EVENT_NUMBER: ${{ github.event.number }}
VERS: ${{steps.getversion.outputs.version}}
run: |
update=$(printf 's/export PODMAN_VERSION=".*"/export PODMAN_VERSION="%s"/g\n' "$VERS")
sed -i "$update" podman-rpm-info-vars.sh
sed -i 's/export PODMAN_PR_NUM=".*"/export PODMAN_PR_NUM="${{github.event.number}}"/g' podman-rpm-info-vars.sh
sed --sandbox -i -e "$update" podman-rpm-info-vars.sh
sed --sandbox -i -e "s/export PODMAN_PR_NUM=\".*\"/export PODMAN_PR_NUM=\"${EVENT_NUMBER}\"/g" podman-rpm-info-vars.sh
echo "Updated file:"
cat podman-rpm-info-vars.sh
- name: Wait for COPR build
if: steps.getversion.outputs.update == 'true'
env:
EVENT_NUMBER: ${{ github.event.number }}
run: |
wait-for-copr \
--owner packit \
--project containers-podman-${{github.event.number}} \
--project "podman-container-tools-podman-${EVENT_NUMBER}" \
podman \
${SHA::9}
- name: Push
if: steps.getversion.outputs.update == 'true'
env:
EVENT_NUMBER: ${{ github.event.number }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
# Make committer the user who triggered the action, either through cutting a release or manual trigger
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
git config --local user.name ${{ github.actor }}
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
bumpbranch="pr${{github.event.number}}"
git checkout -b $bumpbranch
git config --local user.name "${GITHUB_ACTOR}"
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
bumpbranch="pr${EVENT_NUMBER}"
git checkout -b "$bumpbranch"
git add podman-rpm-info-vars.sh
git commit --signoff -m "Bump Podman to v${{ steps.getversion.outputs.version }}"
git commit --signoff -m "Bump Podman to v${VERSION}"
git remote add podmanbot https://github.com/podmanbot/podman-machine-os
git push -f podmanbot "$bumpbranch"
- name: Check open PRs
id: checkpr
if: steps.getversion.outputs.update == 'true'
env:
EVENT_NUMBER: ${{ github.event.number }}
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
run: |
prs=$(gh pr list \
--repo $UPSTREAM_MACHINE_OS \
--head "pr${{github.event.number}}" \
--repo "$UPSTREAM_MACHINE_OS" \
--head "pr${EVENT_NUMBER}" \
--state open \
--json title \
--jq 'length')
@@ -122,25 +132,25 @@ jobs:
else
echo "openpr=true" >> "$GITHUB_OUTPUT"
fi
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
- name: Open PR
if: steps.getversion.outputs.update == 'true' && steps.checkpr.outputs.openpr == 'true'
id: pr
env:
EVENT_NUMBER: ${{ github.event.number }}
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
bumpbranch="pr${{github.event.number}}"
bumpbranch="pr${EVENT_NUMBER}"
body=$(printf 'Triggered by https://github.com/%s/pull/%s\n\n```release-note\nRelease v%s\n```\n' \
"$PODMAN_REPO" "${{github.event.number}}" "${{ steps.getversion.outputs.version }}")
"$PODMAN_REPO" "${EVENT_NUMBER}" "${VERSION}")
uri=`gh pr create \
--title "Bump Podman to v${{ steps.getversion.outputs.version }}" \
--title "Bump Podman to v${VERSION}" \
--body "$body" \
--head "podmanbot:$bumpbranch" \
--base "${{github.base_ref}}" \
--repo $UPSTREAM_MACHINE_OS`
--base "${GITHUB_BASE_REF}" \
--repo "$UPSTREAM_MACHINE_OS"`
echo "uri=$uri" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
- name: Comment PR link
if: steps.getversion.outputs.update == 'true' && steps.checkpr.outputs.openpr == 'true'

View File

@@ -27,17 +27,20 @@ jobs:
- name: Provide github event JSON for examination
run: |
echo "::group::Event JSON"
jq --color-output "." "${{ github.event_path }}"
jq --color-output "." "${GITHUB_EVENT_PATH}"
echo "::endgroup::"
- name: Determine Version
id: getversion
env:
INPUT_VERSION: ${{ inputs.version }}
TAG_NAME: ${{ github.event.release.tag_name }}
run: |
if [[ -z "${{ inputs.version }}" ]]
if [[ -z "${INPUT_VERSION}" ]]
then
VERSION=${{ github.event.release.tag_name }}
VERSION=${TAG_NAME}
else
VERSION=${{ inputs.version }}
VERSION=${INPUT_VERSION}
fi
if ! grep -Eq 'v[0-9]+(\.[0-9]+(\.[0-9]+(-.+)?)?)?$' <<<"$VERSION"
@@ -57,24 +60,30 @@ jobs:
- name: Consolidate dryrun setting to always be true or false
id: actual_dryrun
env:
INPUT_DRYRUN: ${{ inputs.dryrun }}
run: |
# The 'release' trigger will not have a 'dryrun' input set. Handle
# this case in a readable/maintainable way.
if [[ -z "${{ inputs.dryrun }}" ]]
if [[ -z "${INPUT_DRYRUN}" ]]
then
echo "dryrun=false" >> $GITHUB_OUTPUT
else
echo "dryrun=${{ inputs.dryrun }}" >> $GITHUB_OUTPUT
echo "dryrun=${INPUT_DRYRUN}" >> $GITHUB_OUTPUT
fi
- name: Dry Run Status
env:
DRYRUN: ${{ steps.actual_dryrun.outputs.dryrun }}
run: |
echo "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
echo "::notice::This workflow execution will be a dry-run: ${DRYRUN}"
- name: Check uploads
id: check
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
URI="https://github.com/containers/podman/releases/download/${{steps.getversion.outputs.version}}"
URI="https://github.com/containers/podman/releases/download/${VERSION}"
for artifact in "podman-remote-release-darwin_amd64.zip darwin_amd" \
'podman-remote-release-darwin_arm64.zip darwin_arm' \
'podman-remote-release-windows_amd64.zip windows_amd' \
@@ -186,11 +195,12 @@ jobs:
steps.actual_dryrun.outputs.dryrun == 'false'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
(gh release download ${{steps.getversion.outputs.version}} -p "shasums" || exit 0)
(gh release download "${VERSION}" -p "shasums" || exit 0)
cat release/shasums >> shasums
gh release upload ${{steps.getversion.outputs.version}} release/*.zip release/*.tar.gz
gh release upload ${{steps.getversion.outputs.version}} --clobber shasums
gh release upload "${VERSION}" release/*.zip release/*.tar.gz
gh release upload "${VERSION}" --clobber shasums
# WARNING: This should only be set when 'notification' job should be triggered
echo "complete=true" >> $GITHUB_OUTPUT
@@ -206,6 +216,7 @@ jobs:
- name: Format release email
id: format
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.build.outputs.version }}
run: |
if grep -Eq '.+-rc' <<<"$VERSION"
@@ -215,19 +226,19 @@ jobs:
echo "mail_subj=Podman ${RC_PREFIX}${VERSION} Released" >> $GITHUB_OUTPUT
cat <<EOF>email_body.txt
cat <<EOF > email_body.txt
Hi all,
Podman ${RC_PREFIX}${VERSION} is now available. You may view the full details at
https://github.com/${{ github.repository }}/releases/tag/$VERSION
https://github.com/${GITHUB_REPOSITORY}/releases/tag/$VERSION
Release ${RC_PREFIX}Notes:
--------------
EOF
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
gh release view $VERSION \
--repo ${{ github.repository }} --json=body --jq '.body' >> email_body.txt
echo "${GITHUB_TOKEN}" | gh auth login --with-token
gh release view "$VERSION" \
--repo "${GITHUB_REPOSITORY}" --json=body --jq '.body' >> email_body.txt
# If job fails, permit operator to observe contents in case helpful.
- name: Provide release e-mail contents for examination

View File

@@ -23,12 +23,14 @@ jobs:
steps:
- name: Determine Version
id: getversion
env:
INPUT_VERSION: ${{ inputs.version }}
run: |
if [[ -z "${{ inputs.version }}" ]]
if [[ -z "${INPUT_VERSION}" ]]
then
VERSION=${{ github.ref_name }}
VERSION=${GITHUB_REF_NAME}
else
VERSION=${{ inputs.version }}
VERSION=${INPUT_VERSION}
fi
if ! grep -Eq 'v[0-9]+(\.[0-9]+(\.[0-9]+(-.+)?)?)?$' <<<"$VERSION"
then
@@ -45,14 +47,16 @@ jobs:
echo "::notice::Building $VERSION"
- name: Determine release
id: buildonly
env:
INPUT_BUILDONLY: ${{ inputs.buildonly }}
run: |
# The 'tag' trigger will not have a 'buildonly' input set. Handle
# this case in a readable/maintainable way.
if [[ -z "${{ inputs.buildonly }}" ]]
if [[ -z "${INPUT_BUILDONLY}" ]]
then
BUILDONLY=false
else
BUILDONLY=${{ inputs.buildonly }}
BUILDONLY=${INPUT_BUILDONLY}
fi
echo "buildonly=$BUILDONLY" >> $GITHUB_OUTPUT
echo "::notice::This will be build-only: $BUILDONLY"
@@ -154,8 +158,10 @@ jobs:
steps:
- name: Determine version
id: getversion
env:
VERSION: ${{needs.check.outputs.version}}
run: |
$version = "${{ needs.check.outputs.version }}"
$version = "${env:VERSION}"
if ($version[0] -eq "v") {
$version = $version.Substring(1)
}
@@ -174,13 +180,19 @@ jobs:
- name: Set up WiX
run: dotnet tool install --global wix --version 5.0.2
- name: Setup Signature Tooling
env:
AZ_CERT_NAME: ${{ secrets.AZ_CERT_NAME }}
AZ_VAULT_ID: ${{ secrets.AZ_VAULT_ID }}
AZ_APP_ID: ${{ secrets.AZ_APP_ID }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
run: |
dotnet tool install --global AzureSignTool --version 3.0.0
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CERT_NAME=${env:AZ_CERT_NAME}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "VAULT_ID=${env:AZ_VAULT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "APP_ID=${env:AZ_APP_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "TENANT_ID=${env:AZ_TENANT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CLIENT_SECRET=${env:AZ_CLIENT_SECRET}" | Out-File -FilePath $env:GITHUB_ENV -Append
- name: Pandoc Setup
uses: r-lib/actions/setup-pandoc@v2
with:
@@ -193,17 +205,23 @@ jobs:
# to judge.
- name: Build the MSI
id: build
env:
PODMAN_ARCH: ${{ matrix.arch }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
contrib\win-installer\build.ps1 `
-Version ${{steps.getversion.outputs.version}} `
-LocalReleaseDirPath ${{ github.workspace }}\release-artifacts `
-Architecture ${{ matrix.arch }}
-Version "${env:VERSION}" `
-LocalReleaseDirPath "${env:GITHUB_WORKSPACE}\release-artifacts" `
-Architecture "${env:PODMAN_ARCH}"
Exit $LASTEXITCODE
- name: Build the bundle (legacy)
id: build-legacy
env:
PODMAN_ARCH: ${{ matrix.arch }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Push-Location contrib\win-installer-legacy
.\build.ps1 ${{steps.getversion.outputs.version}} prod ${{ github.workspace }}\release-artifacts
.\build.ps1 "${env:VERSION}" prod "${env:GITHUB_WORKSPACE}\release-artifacts"
$code = $LASTEXITCODE
if ($code -eq 2) {
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
@@ -212,8 +230,6 @@ jobs:
}
Pop-Location
Exit $code
env:
PODMAN_ARCH: ${{ matrix.arch }}
- name: Display structure of built files
run: |
Push-Location contrib\win-installer
@@ -223,14 +239,20 @@ jobs:
Get-ChildItem
Pop-Location
- name: Rename the MSI
env:
PODMAN_ARCH: ${{ matrix.arch }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Push-Location contrib\win-installer
Copy-Item -Path podman-${{steps.getversion.outputs.version}}.msi -Destination podman-installer-windows-${{ matrix.arch }}.msi
Copy-Item -Path "podman-${env:VERSION}.msi" -Destination "podman-installer-windows-${env:PODMAN_ARCH}.msi"
Pop-Location
- name: Rename the bundle (legacy)
env:
PODMAN_ARCH: ${{ matrix.arch }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Push-Location contrib\win-installer-legacy
Copy-Item -Path podman-${{steps.getversion.outputs.version}}-setup.exe -Destination podman-installer-windows-${{ matrix.arch }}.exe
Copy-Item -Path "podman-${env:VERSION}-setup.exe" -Destination "podman-installer-windows-${env:PODMAN_ARCH}.exe"
Pop-Location
- name: Upload the MSI
uses: actions/upload-artifact@v4
@@ -306,7 +328,7 @@ jobs:
title="${title/rc/"RC"}"
else
# check if this version should not be marked latest
prevrelease=$(curl --retry 3 --silent -m 10 --connect-timeout 5 "https://api.github.com/repos/${{ github.repository }}/releases/latest")
prevrelease=$(curl --retry 3 --silent -m 10 --connect-timeout 5 "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest")
prevvers=$(echo "$prevrelease" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed -e "s/^v//")
vers=${VERSION#"v"}
echo "${prevvers},${vers}"
@@ -334,6 +356,7 @@ jobs:
- name: Format release email
id: format
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.check.outputs.version }}
run: |
if grep -Eq '.+-rc' <<<"$VERSION"
@@ -347,15 +370,15 @@ jobs:
Hi all,
Podman ${RC_PREFIX}${VERSION} is now available. You may view the full details at
https://github.com/${{ github.repository }}/releases/tag/$VERSION
https://github.com/${GITHUB_REPOSITORY}/releases/tag/$VERSION
Release ${RC_PREFIX}Notes:
--------------
EOF
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
gh release view $VERSION \
--repo ${{ github.repository }} --json=body --jq '.body' >> email_body.txt
echo "${GITHUB_TOKEN}" | gh auth login --with-token
gh release view "$VERSION" \
--repo "${GITHUB_REPOSITORY}" --json=body --jq '.body' >> email_body.txt
# If job fails, permit operator to observe contents in case helpful.
- name: Provide release e-mail contents for examination

View File

@@ -25,13 +25,15 @@ jobs:
steps:
- name: Get version
id: getversion
env:
INPUT_VERSION: ${{ inputs.version }}
TAG_NAME: ${{ github.event.release.tag_name }}
run: |
if [[ -z "${{ inputs.version }}" ]]
if [[ -z "${INPUT_VERSION}" ]]
then
VERSION=${{ github.event.release.tag_name }}
VERSION=${TAG_NAME}
else
VERSION=${{ inputs.version }}
VERSION=${INPUT_VERSION}
fi
# strip out the prefix v if it's there
@@ -50,20 +52,21 @@ jobs:
- name: Check open PRs
if: steps.getversion.outputs.notRC == 'true'
id: checkpr
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
prs=$(gh pr list \
--repo containers/podman.io \
--head bump-podmanv${{ steps.getversion.outputs.version }} \
--head "bump-podmanv${VERSION}" \
--state open \
--json title \
--jq 'length')
if ((prs > 0)); then
echo "SKIPPING: PR already exists to update to v${{ steps.getversion.outputs.version }}."
echo "SKIPPING: PR already exists to update to v${VERSION}."
else
echo "prexists=false" >> "$GITHUB_OUTPUT"
fi
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
- uses: actions/checkout@v5
if: >-
@@ -79,13 +82,15 @@ jobs:
steps.getversion.outputs.notRC == 'true' &&
steps.checkpr.outputs.prexists == 'false'
id: checkversion
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
# Check if version is actually higher than one on podman.io
prevversion=`grep -P "(?<=export const LATEST_VERSION = ')(\d.\d.\d)" -o static/data/global.ts`
echo "Version currently on site: ${prevversion}"
echo "Version to update to: ${{ steps.getversion.outputs.version }}"
echo "Version to update to: ${VERSION}"
# sort -V -C returns 0 if args are ascending version order
if echo "${prevversion},${{ steps.getversion.outputs.version }}" | tr ',' '\n' | sort -V -C && [[ ${prevversion} != ${{ steps.getversion.outputs.version }} ]]
if echo "${prevversion},${VERSION}" | tr ',' '\n' | sort -V -C && [[ "${prevversion}" != "${version}" ]]
then
echo "needsUpdate=true" >> $GITHUB_OUTPUT
echo "This release is a higher version, so we need to update podman.io"
@@ -98,9 +103,11 @@ jobs:
steps.getversion.outputs.notRC == 'true' &&
steps.checkversion.outputs.needsUpdate == 'true' &&
steps.checkpr.outputs.prexists == 'false'
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
# Replace the version in static/data/global.ts file
sed -i "s/export const LATEST_VERSION = '.*';/export const LATEST_VERSION = '${{ steps.getversion.outputs.version }}';/g" static/data/global.ts
sed --sandbox -i -e "s/export const LATEST_VERSION = '.*';/export const LATEST_VERSION = '${VERSION}';/g" static/data/global.ts
echo "Updated file:"
cat static/data/global.ts
@@ -109,22 +116,23 @@ jobs:
steps.getversion.outputs.notRC == 'true' &&
steps.checkversion.outputs.needsUpdate == 'true' &&
steps.checkpr.outputs.prexists == 'false'
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
# Make committer the user who triggered the action, either through cutting a release or manual trigger
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
git config --local user.name ${{ github.actor }}
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
bumpbranch="bump-podmanv${{ steps.getversion.outputs.version }}"
git config --local user.name "${GITHUB_ACTOR}"
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
bumpbranch="bump-podmanv${VERSION}"
git checkout -b $bumpbranch
git add static/data/global.ts
git commit --signoff -m "Bump Podman to v${{ steps.getversion.outputs.version }}"
git commit --signoff -m "Bump Podman to v${VERSION}"
git remote -v
git remote add podmanbot https://github.com/podmanbot/podman.io
git push podmanbot "+$bumpbranch"
gh pr create \
--title "Bump Podman to v${{ steps.getversion.outputs.version }}" \
--body "Bump Podman to v${{ steps.getversion.outputs.version }}" \
--title "Bump Podman to v${VERSION}" \
--body "Bump Podman to v${VERSION}" \
--head "podmanbot:$bumpbranch" \
--base "main" -R "containers/podman.io"
env:
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}

View File

@@ -26,24 +26,31 @@ jobs:
steps:
- name: Consolidate dryrun setting to always be true or false
id: actual_dryrun
env:
INPUT_DRYRUN: ${{ inputs.dryrun }}
run: |
# The 'release' trigger will not have a 'dryrun' input set. Handle
# this case in a readable/maintainable way.
$inputs_dryrun = "${{ inputs.dryrun }}"
$inputs_dryrun = "${env:INPUT_DRYRUN}"
if ($inputs_dryrun.Length -lt 1) {
Write-Output "dryrun=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
} else {
Write-Output "dryrun=${{ inputs.dryrun }}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Write-Output "dryrun=${env:INPUT_DRYRUN}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
}
- name: Dry Run Status
env:
DRYRUN: ${{ steps.actual_dryrun.outputs.dryrun }}
run: |
Write-Output "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
Write-Output "::notice::This workflow execution will be a dry-run: ${env:DRYRUN}"
- name: Determine version
id: getversion
env:
INPUT_VERSION: ${{ inputs.version }}
TAG_NAME: ${{ github.event.release.tag_name }}
run: |
$version = "${{ inputs.version }}"
$version = "${env:INPUT_VERSION}"
if ($version.Length -lt 1) {
$version = "${{ github.event.release.tag_name }}"
$version = "${env:TAG_NAME}"
if ($version.Length -lt 1) {
Write-Host "::error::Could not determine version!"
Exit 1
@@ -63,16 +70,18 @@ jobs:
# to judge w/n (i.e. in some extreme case) it should be uploaded to the release page.
- name: Check
id: check
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Push-Location contrib\win-installer-legacy
.\check.ps1 ${{steps.getversion.outputs.version}}
.\check.ps1 "${env:VERSION}"
$code = $LASTEXITCODE
if ($code -eq 2) {
Write-Output "already-exists=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Pop-Location
Exit 0
}
Write-Output "upload_asset_name=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Write-Output "upload_asset_name=${env:UPLOAD_ASSET_NAME}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Pop-Location
Exit $code
# The podman release process requires a cross-compile of the windows binaries be uploaded to
@@ -80,8 +89,10 @@ jobs:
# non-obvious ways with a non-obvious error message. Address that here.
- name: Confirm upload_asset_name is non-empty
if: steps.check.outputs.upload_asset_name == ''
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${{steps.getversion.outputs.version}}."
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${env:VERSION}."
Exit 1
- name: Set up Go
uses: actions/setup-go@v6
@@ -93,13 +104,19 @@ jobs:
run: dotnet tool install --global wix
- name: Setup Signature Tooling
if: steps.Check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
env:
AZ_CERT_NAME: ${{ secrets.AZ_CERT_NAME }}
AZ_VAULT_ID: ${{ secrets.AZ_VAULT_ID }}
AZ_APP_ID: ${{ secrets.AZ_APP_ID }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
run: |
dotnet tool install --global AzureSignTool --version 3.0.0
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CERT_NAME=${env:AZ_CERT_NAME}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "VAULT_ID=${env:AZ_VAULT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "APP_ID=${env:AZ_APP_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "TENANT_ID=${env:AZ_TENANT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CLIENT_SECRET=${env:AZ_CLIENT_SECRET}" | Out-File -FilePath $env:GITHUB_ENV -Append
- name: Pandoc Setup
uses: r-lib/actions/setup-pandoc@v2
with:
@@ -107,9 +124,11 @@ jobs:
- name: Build
id: build
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
env:
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Push-Location contrib\win-installer-legacy
.\build.ps1 ${{steps.getversion.outputs.version}} prod
.\build.ps1 "${env:VERSION}" prod
$code = $LASTEXITCODE
if ($code -eq 2) {
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
@@ -132,14 +151,16 @@ jobs:
steps.check.outputs.already-exists != 'true' &&
steps.build.outputs.artifact-missing != 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UPLOAD_ASSET_NAME: ${{ steps.check.outputs.upload_asset_name }}
VERSION: ${{ steps.getversion.outputs.version }}
run: |
Push-Location contrib\win-installer-legacy
$version = "${{ steps.getversion.outputs.version }}"
$version = "${env:VERSION}"
if ($version[0] -ne "v") {
$version = "v$version"
}
gh release upload $version ${{ steps.check.outputs.upload_asset_name }}
gh release upload $version "${env:UPLOAD_ASSET_NAME}"
if ($LASTEXITCODE -ne 0) {
.\check.ps1 $version
if ($LASTEXITCODE -eq 2) {

View File

@@ -16,7 +16,7 @@ function Get-Podman-Setup-From-GitHub {
)
Write-Host "Downloading the $arch $version Podman windows setup from GitHub..."
$apiUrl = "https://api.github.com/repos/containers/podman/releases/$version"
$apiUrl = "https://api.github.com/repos/podman-container-tools/podman/releases/$version"
$headers = @{"User-Agent"="PowerShell"}
if ($env:GITHUB_TOKEN) {
$headers["Authorization"] = "Bearer $env:GITHUB_TOKEN"

View File

@@ -53,9 +53,21 @@ function bloat_approved() {
# requiring a MAX_BIN_GROWTH=nnn statement in github comments.
local actual_growth="$1"
# The validate-source GitHub Actions workflow sets BLOAT_APPROVED=true when
# the PR carries the '$OVERRIDE_LABEL' label.
[[ "$BLOAT_APPROVED" == "true" ]]
local var
for var in PR_NUMBER GITHUB_TOKEN GITHUB_REPOSITORY; do
if [[ -z "${!var}" ]]; then
echo "$ME: cannot query github: \$$var is undefined" >&2
return 1
fi
done
labels=$(curl --fail -s \
-H "Authorization: bearer $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/$PR_NUMBER" |
jq -r '.labels[].name')
grep -F -x -q "$OVERRIDE_LABEL" <<< "$labels"
}
# ACTUAL CODE BEGINS HERE

View File

@@ -46,9 +46,30 @@ if [[ -z "$filtered_changes" ]]; then
exit 0
fi
# This PR touches non-test files but adds no tests. Fail loudly.
# The '$OVERRIDE_LABEL' label can be used to override this check; that is
# handled by the CI workflow, not here.
# This PR touches non-test files but adds no tests. Only allow it if the
# '$OVERRIDE_LABEL' github label is set.
if [[ -n "$PR_NUMBER" ]]; then
for var in GITHUB_TOKEN GITHUB_REPOSITORY; do
if [[ -z "${!var}" ]]; then
echo "$ME: cannot query github: \$$var is undefined" >&2
return 1
fi
done
labels=$(curl --fail -s \
-H "Authorization: bearer $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/$PR_NUMBER" |
jq -r '.labels[].name')
if grep -F -x -q "$OVERRIDE_LABEL" <<< "$labels"; then
echo "$ME: \"$OVERRIDE_LABEL\" label found, ignoring test requirements"
exit 0
fi
fi
# This PR touches non-test files but adds no tests, and
# the '$OVERRIDE_LABEL' is not set. Fail loudly.
cat <<EOF
$ME: PR does not include changes in the 'tests' directory