Replace automerge + updateStaging + updateProduction with updateProte…

…ctedBranch
Expensify · May 11, 2021 · 59b1edb · 59b1edb
1 parent a3b404d
commit 59b1edb
Show file tree

Hide file tree

Showing 8 changed files with 124 additions and 188 deletions.
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml
@@ -35,6 +35,7 @@ jobs:
         run: |
           git checkout -b version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}
           git push --set-upstream origin version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}
+          echo "VERSION_BRANCH=version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}" >> $GITHUB_ENV
 
       - name: Generate version
         id: bumpVersion
@@ -52,24 +53,14 @@ jobs:
             ./ios/ExpensifyCash/Info.plist \
             ./ios/ExpensifyCashTests/Info.plist
           git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"
+          git push origin ${{ env.VERSION_BRANCH }}
 
-      - name: Create Pull Request (main)
-        id: createPullRequest
-        uses: peter-evans/create-pull-request@09b9ac155b0d5ad7d8d157ed32158c1b73689109
-        with:
-          token: ${{ secrets.OS_BOTIFY_TOKEN }}
-          author: OSBotify <[email protected]>
-          base: main
-          branch: version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}
-          title: Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }} on main
-          body: Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}
-
-      - name: Automerge the version-bump PR to update main
+      - name: Update main branch
         uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          WORKFLOW: automerge.yml
-          INPUTS: '{ "PULL_REQUEST_NUMBER": "${{ steps.createPullRequest.outputs.pull-request-number }}" }'
+          WORKFLOW: updateProtectedBranch.yml
+          INPUTS: '{ "TARGET_BRANCH": "main", "SOURCE_BRANCH": "${{ env.VERSION_BRANCH }}" }'
 
       # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all
       # the other workflows with the same change

diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml
@@ -48,7 +48,8 @@ jobs:
         uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          WORKFLOW: updateProduction.yml
+          WORKFLOW: updateProtectedBranch.yml
+          INPUTS: '{ "TARGET_BRANCH": "production" }'
 
   # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle.
   createNewStagingDeployCash:

diff --git a/.github/workflows/lockDeploys.yml b/.github/workflows/lockDeploys.yml
@@ -33,7 +33,8 @@ jobs:
         uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          WORKFLOW: updateStaging.yml
+          WORKFLOW: updateProtectedBranch.yml
+          INPUTS: '{ "TARGET_BRANCH": "staging" }'
 
       # Note: we need to create this tag but not push it, because of how GitUtils.getPullRequestsMergedBetween works
       - name: Tag version

diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml
@@ -80,7 +80,8 @@ jobs:
         uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          WORKFLOW: updateStaging.yml
+          WORKFLOW: updateProtectedBranch.yml
+          INPUTS: '{ "TARGET_BRANCH": "staging" }'
 
       # Note: we need to create this tag but not push it, because of how GitUtils.getPullRequestsMergedBetween works
       - name: Tag version

diff --git a/.github/workflows/updateProduction.yml b/.github/workflows/updateProduction.yml
diff --git a/.github/workflows/updateProtectedBranch.yml b/.github/workflows/updateProtectedBranch.yml
@@ -0,0 +1,113 @@
+# This is a utility workflow to create, approve, and merge a pull request against a protected branch.
+name: Update Protected Branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      TARGET_BRANCH:
+        description: The target branch to update. This becomes the base branch of the pull request.
+        required: true
+      SOURCE_BRANCH:
+        description: If updating main, you must also provide a head branch to update main with.
+        required: false
+        default: ''
+
+jobs:
+  updateBranch:
+    if: github.actor == 'OSBotify'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate target branch
+        if: !contains(['main', 'staging', 'production'], github.event.inputs.TARGET_BRANCH)
+        run: |
+          echo "Target branch must be one of ['main', 'staging', 'production']"
+          exit 1
+
+      # If updating main, SOURCE_BRANCH must not be empty
+      - name: Validate source branch
+        if: github.event.inputs.TARGET_BRANCH == 'main' && github.event.inputs.SOURCE_BRANCH == ''
+        run: |
+          echo "Cannot update main branch without specifying a source branch"
+          exit 1
+
+      # If updating staging, the head branch will always be main
+      # If updating production, the head branch will always be staging
+      - name: Set source branch
+        run: |
+          if [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'staging' ]]; then
+            echo "HEAD_BRANCH=main" >> $GITHUB_ENV
+          elif [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'production' ]]; then
+            echo "HEAD_BRANCH=staging" >> $GITHUB_ENV
+          else
+            echo "HEAD_BRANCH=${{ github.event.inputs.SOURCE_BRANCH }}" >> $GITHUB_ENV
+          fi
+
+      # Version: 2.3.4
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.OS_BOTIFY_TOKEN }}
+
+      - name: Checkout head branch
+        run: git checkout ${{ env.HEAD_BRANCH }}
+
+      - name: Set New Version
+        run: echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV
+
+      - name: Create Pull Request
+        id: createPullRequest
+        # Version: 2.4.3
+        uses: repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d
+        with:
+          source_branch: ${{ env.HEAD_BRANCH }}
+          destination_branch: ${{ github.event.inputs.TARGET_BRANCH }}
+          github_token: ${{ secrets.OS_BOTIFY_TOKEN }}
+          pr_title: Update version to ${{ env.NEW_VERSION }} on ${{ github.event.inputs.TARGET_BRANCH }}
+          pr_body: Update version to ${{ env.NEW_VERSION }}
+
+      - name: Check if pull request is mergeable
+        id: isPullRequestMergeable
+        uses: Expensify/Expensify.cash/.github/actions/isPullRequestMergeable@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PULL_REQUEST_NUMBER: ${{ steps.createPullRequest.outputs.pr_number }}
+
+      - name: Fail workflow if PR is not mergeable
+        if: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE == 'false' }}
+        run: exit 1
+
+      # TODO: Once https://github.com/hmarr/auto-approve-action/pull/186 is merged, point back at the non-forked repo
+      - name: Check for an auto approve
+        # Version: 2.0.0
+        uses: roryabraham/auto-approve-action@1d9eaca19e005b39bc4495c51fc7439734b2753d
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ steps.createPullRequest.outputs.pr_number }}
+
+      - name: Check for an auto merge
+        # Version: 0.12.0
+        uses: pascalgn/automerge-action@39d831e1bb389bd242626bc25d4060064a97181c
+        env:
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
+          PULL_REQUEST_NUMBER: ${{ steps.createPullRequest.outputs.pr_number }}
+
+      # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all
+      # the other workflows with the same change
+      - uses: 8398a7/action-slack@v3
+        name: Job failed Slack notification
+        if: ${{ failure() }}
+        with:
+          status: custom
+          fields: workflow, repo
+          custom_payload: |
+            {
+              channel: '#announce',
+              attachments: [{
+                color: "#DB4545",
+                pretext: `<!here>`,
+                text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`,
+              }]
+            }
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/updateStaging.yml b/.github/workflows/updateStaging.yml