From fc3b385a4f1ec284f57fd8539eb90b7afb96add5 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 26 Jan 2021 17:48:46 +1000 Subject: [PATCH] .github/workflows/rebase.yml: rebase for multiple branches - Error if the commenter doesn't have write access or maintainers can't edit the PR branch. - Close and comment on PR after rebase so that actions are run when it's reopened. This doesn't happen currently as we're using the default github token which isn't allowed to trigger other actions. - Disallow unwanted rebases. e.g. invalid branches, redundant rebases or rebasing permanent branches onto permanent branches. --- .github/workflows/rebase-staging.yml | 60 ------------ .github/workflows/rebase.yml | 134 +++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 60 deletions(-) delete mode 100644 .github/workflows/rebase-staging.yml create mode 100644 .github/workflows/rebase.yml diff --git a/.github/workflows/rebase-staging.yml b/.github/workflows/rebase-staging.yml deleted file mode 100644 index 41b06f95668a..000000000000 --- a/.github/workflows/rebase-staging.yml +++ /dev/null @@ -1,60 +0,0 @@ -on: - issue_comment: - types: - - created - -# This action allows people with write access to the repo to rebase a PRs base branch from -# master to staging by commenting `/rebase-staging` on the PR while avoiding CODEOWNER notifications. - -jobs: - rebase: - runs-on: ubuntu-latest - if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase-staging') - steps: - - uses: peter-evans/create-or-update-comment@v1 - with: - comment-id: ${{ github.event.comment.id }} - reactions: eyes - - uses: scherermichael-oss/action-has-permission@1.0.6 - id: check-write-access - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: check base branch is master - if: steps.check-write-access.outputs.has-permission - run: | - if [ "$(curl https://api.github.com/repos/NixOS/nixpkgs/pulls/${{ github.event.issue.number }} | jq -r '.base.ref')" != "master" ]; then - echo "This action only works when the current base branch is master." - exit 1 - fi - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - if: steps.check-write-access.outputs.has-permission - - name: rebase pull request - if: steps.check-write-access.outputs.has-permission - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PULL_REQUEST: ${{ github.event.issue.number }} - run: | - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - git fetch origin - gh pr checkout "$PULL_REQUEST" - git rebase \ - --onto="$(git merge-base origin/master origin/staging)" \ - "HEAD~$(git rev-list --count HEAD ^master)" - git push --force - curl \ - -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_TOKEN" \ - -d '{ "base": "staging" }' \ - "https://api.github.com/repos/NixOS/nixpkgs/pulls/$PULL_REQUEST" - - uses: peter-evans/create-or-update-comment@v1 - if: ${{ failure() }} - with: - issue-number: ${{ github.event.issue.number }} - body: | - [Failed to rebase on `staging`](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}) diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml new file mode 100644 index 000000000000..50d066dd754f --- /dev/null +++ b/.github/workflows/rebase.yml @@ -0,0 +1,134 @@ +on: + issue_comment: + types: + - created + +# This action allows people with write access to the repo to rebase a PRs base branch +# by commenting `/rebase ${branch}` on the PR while avoiding CODEOWNER notifications. + +jobs: + rebase: + runs-on: ubuntu-latest + if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') + steps: + - uses: peter-evans/create-or-update-comment@v1 + with: + comment-id: ${{ github.event.comment.id }} + reactions: eyes + - uses: scherermichael-oss/action-has-permission@1.0.6 + id: check-write-access + with: + required-permission: write + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: check permissions + run: | + echo "Commenter doesn't have write access to the repo" + exit 1 + if: "! steps.check-write-access.outputs.has-permission" + - name: setup + run: | + curl "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}" 2>/dev/null >pr.json + cat <>"$GITHUB_ENV" + CAN_MODIFY=$(jq -r '.maintainer_can_modify' pr.json) + COMMITS=$(jq -r '.commits' pr.json) + CURRENT_BASE=$(jq -r '.base.ref' pr.json) + PR_BRANCH=$(jq -r '.head.ref' pr.json) + COMMENT_BRANCH=$(echo ${{ github.event.comment.body }} | awk "/^\/rebase / {print \$2}") + PULL_REQUEST=${{ github.event.issue.number }} + EOF + rm pr.json + - name: check branch + env: + PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging" + VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|staging|staging-20.09|staging-next" + run: | + message() { + cat <