diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml deleted file mode 100644 index e77d712d0fc5..000000000000 --- a/.github/workflows/automerge.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: Automerge PR - -on: - workflow_dispatch: - inputs: - PULL_REQUEST_NUMBER: - description: The number of the pull request to automerge - required: true - -jobs: - automerge: - if: github.actor == 'OSBotify' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: main - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Check if pull request is mergeable - id: isPullRequestMergeable - uses: Expensify/Expensify.cash/.github/actions/isPullRequestMergeable@main - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PULL_REQUEST_NUMBER: ${{ github.event.inputs.PULL_REQUEST_NUMBER }} - - - name: Fail workflow if PR is not mergeable - if: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE == 'false' }} - run: exit 1 - - # TODO: Once https://github.com/hmarr/auto-approve-action/pull/186 is merged, point back at the non-forked repo - - name: Check for an auto approve - # Version: 2.0.0 - uses: roryabraham/auto-approve-action@1d9eaca19e005b39bc4495c51fc7439734b2753d - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - pull-request-number: ${{ github.event.inputs.PULL_REQUEST_NUMBER }} - - - name: Check for an auto merge - # Version: 0.12.0 - uses: pascalgn/automerge-action@39d831e1bb389bd242626bc25d4060064a97181c - env: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - PULL_REQUEST_NUMBER: ${{ github.event.inputs.PULL_REQUEST_NUMBER }} - - # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all - # the other workflows with the same change - - uses: 8398a7/action-slack@v3 - name: Job failed Slack notification - if: ${{ failure() }} - with: - status: custom - fields: workflow, repo - custom_payload: | - { - channel: '#announce', - attachments: [{ - color: "#DB4545", - pretext: ``, - text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`, - }] - } - env: - GITHUB_TOKEN: ${{ github.token }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 293b0a9756d4..9fb1f7100aa5 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -35,6 +35,7 @@ jobs: run: | git checkout -b version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }} git push --set-upstream origin version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }} + echo "VERSION_BRANCH=version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}" >> $GITHUB_ENV - name: Generate version id: bumpVersion @@ -52,24 +53,14 @@ jobs: ./ios/ExpensifyCash/Info.plist \ ./ios/ExpensifyCashTests/Info.plist git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}" + git push origin ${{ env.VERSION_BRANCH }} - - name: Create Pull Request (main) - id: createPullRequest - uses: peter-evans/create-pull-request@09b9ac155b0d5ad7d8d157ed32158c1b73689109 - with: - token: ${{ secrets.OS_BOTIFY_TOKEN }} - author: OSBotify - base: main - branch: version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }} - title: Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }} on main - body: Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }} - - - name: Automerge the version-bump PR to update main + - name: Update main branch uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: automerge.yml - INPUTS: '{ "PULL_REQUEST_NUMBER": "${{ steps.createPullRequest.outputs.pull-request-number }}" }' + WORKFLOW: updateProtectedBranch.yml + INPUTS: '{ "TARGET_BRANCH": "main", "SOURCE_BRANCH": "${{ env.VERSION_BRANCH }}" }' # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all # the other workflows with the same change diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 5b3214ed3d0b..90ef78d15cc6 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -48,7 +48,8 @@ jobs: uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: updateProduction.yml + WORKFLOW: updateProtectedBranch.yml + INPUTS: '{ "TARGET_BRANCH": "production" }' # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle. createNewStagingDeployCash: diff --git a/.github/workflows/lockDeploys.yml b/.github/workflows/lockDeploys.yml index db6f38ed69de..feb815db9c24 100644 --- a/.github/workflows/lockDeploys.yml +++ b/.github/workflows/lockDeploys.yml @@ -33,7 +33,8 @@ jobs: uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: updateStaging.yml + WORKFLOW: updateProtectedBranch.yml + INPUTS: '{ "TARGET_BRANCH": "staging" }' # Note: we need to create this tag but not push it, because of how GitUtils.getPullRequestsMergedBetween works - name: Tag version diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index d236bd828a72..b4d6a02a6e6c 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -80,7 +80,8 @@ jobs: uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: updateStaging.yml + WORKFLOW: updateProtectedBranch.yml + INPUTS: '{ "TARGET_BRANCH": "staging" }' # Note: we need to create this tag but not push it, because of how GitUtils.getPullRequestsMergedBetween works - name: Tag version diff --git a/.github/workflows/updateProduction.yml b/.github/workflows/updateProduction.yml deleted file mode 100644 index dc7add4cc9aa..000000000000 --- a/.github/workflows/updateProduction.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Update Production Branch -on: workflow_dispatch -jobs: - updateStaging: - runs-on: ubuntu-latest - steps: - - name: Checkout staging branch - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: staging - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - - name: Set Production Version - run: echo "PROD_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV - - - name: Create Pull Request (production) - id: createPullRequest - # Version: 2.4.3 - uses: repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d - with: - source_branch: staging - destination_branch: production - github_token: ${{ secrets.OS_BOTIFY_TOKEN }} - pr_title: Update version to ${{ env.PROD_VERSION }} on production - pr_body: Update version to ${{ env.PROD_VERSION }} - - - name: Automerge pull request to update production - uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main - with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: automerge.yml - INPUTS: '{ "PULL_REQUEST_NUMBER": "${{ steps.createPullRequest.outputs.pr_number }}" }' - - # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all - # the other workflows with the same change - - uses: 8398a7/action-slack@v3 - name: Job failed Slack notification - if: ${{ failure() }} - with: - status: custom - fields: workflow, repo - custom_payload: | - { - channel: '#announce', - attachments: [{ - color: "#DB4545", - pretext: ``, - text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`, - }] - } - env: - GITHUB_TOKEN: ${{ github.token }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/updateProtectedBranch.yml b/.github/workflows/updateProtectedBranch.yml new file mode 100644 index 000000000000..83a9dbc540e2 --- /dev/null +++ b/.github/workflows/updateProtectedBranch.yml @@ -0,0 +1,113 @@ +# This is a utility workflow to create, approve, and merge a pull request against a protected branch. +name: Update Protected Branch + +on: + workflow_dispatch: + inputs: + TARGET_BRANCH: + description: The target branch to update. This becomes the base branch of the pull request. + required: true + SOURCE_BRANCH: + description: If updating main, you must also provide a head branch to update main with. + required: false + default: '' + +jobs: + updateBranch: + if: github.actor == 'OSBotify' + runs-on: ubuntu-latest + steps: + - name: Validate target branch + if: !contains(['main', 'staging', 'production'], github.event.inputs.TARGET_BRANCH) + run: | + echo "Target branch must be one of ['main', 'staging', 'production']" + exit 1 + + # If updating main, SOURCE_BRANCH must not be empty + - name: Validate source branch + if: github.event.inputs.TARGET_BRANCH == 'main' && github.event.inputs.SOURCE_BRANCH == '' + run: | + echo "Cannot update main branch without specifying a source branch" + exit 1 + + # If updating staging, the head branch will always be main + # If updating production, the head branch will always be staging + - name: Set source branch + run: | + if [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'staging' ]]; then + echo "HEAD_BRANCH=main" >> $GITHUB_ENV + elif [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'production' ]]; then + echo "HEAD_BRANCH=staging" >> $GITHUB_ENV + else + echo "HEAD_BRANCH=${{ github.event.inputs.SOURCE_BRANCH }}" >> $GITHUB_ENV + fi + + # Version: 2.3.4 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + with: + fetch-depth: 0 + token: ${{ secrets.OS_BOTIFY_TOKEN }} + + - name: Checkout head branch + run: git checkout ${{ env.HEAD_BRANCH }} + + - name: Set New Version + run: echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV + + - name: Create Pull Request + id: createPullRequest + # Version: 2.4.3 + uses: repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d + with: + source_branch: ${{ env.HEAD_BRANCH }} + destination_branch: ${{ github.event.inputs.TARGET_BRANCH }} + github_token: ${{ secrets.OS_BOTIFY_TOKEN }} + pr_title: Update version to ${{ env.NEW_VERSION }} on ${{ github.event.inputs.TARGET_BRANCH }} + pr_body: Update version to ${{ env.NEW_VERSION }} + + - name: Check if pull request is mergeable + id: isPullRequestMergeable + uses: Expensify/Expensify.cash/.github/actions/isPullRequestMergeable@main + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PULL_REQUEST_NUMBER: ${{ steps.createPullRequest.outputs.pr_number }} + + - name: Fail workflow if PR is not mergeable + if: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE == 'false' }} + run: exit 1 + + # TODO: Once https://github.com/hmarr/auto-approve-action/pull/186 is merged, point back at the non-forked repo + - name: Check for an auto approve + # Version: 2.0.0 + uses: roryabraham/auto-approve-action@1d9eaca19e005b39bc4495c51fc7439734b2753d + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + pull-request-number: ${{ steps.createPullRequest.outputs.pr_number }} + + - name: Check for an auto merge + # Version: 0.12.0 + uses: pascalgn/automerge-action@39d831e1bb389bd242626bc25d4060064a97181c + env: + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + PULL_REQUEST_NUMBER: ${{ steps.createPullRequest.outputs.pr_number }} + + # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all + # the other workflows with the same change + - uses: 8398a7/action-slack@v3 + name: Job failed Slack notification + if: ${{ failure() }} + with: + status: custom + fields: workflow, repo + custom_payload: | + { + channel: '#announce', + attachments: [{ + color: "#DB4545", + pretext: ``, + text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`, + }] + } + env: + GITHUB_TOKEN: ${{ github.token }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/updateStaging.yml b/.github/workflows/updateStaging.yml deleted file mode 100644 index f1bf7a72cb77..000000000000 --- a/.github/workflows/updateStaging.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Update Staging Branch -on: workflow_dispatch -jobs: - updateStaging: - runs-on: ubuntu-latest - steps: - - name: Checkout main branch - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: main - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - - name: Set Staging Version - run: echo "STAGING_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV - - - name: Create Pull Request (staging) - id: createPullRequest - # Version: 2.4.3 - uses: repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d - with: - source_branch: main - destination_branch: staging - github_token: ${{ secrets.OS_BOTIFY_TOKEN }} - pr_title: Update version to ${{ env.STAGING_VERSION }} on staging - pr_body: Update version to ${{ env.STAGING_VERSION }} - - - name: Automerge pull request to update staging - uses: Expensify/Expensify.cash/.github/actions/triggerWorkflowAndWait@main - with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: automerge.yml - INPUTS: '{ "PULL_REQUEST_NUMBER": "${{ steps.createPullRequest.outputs.pr_number }}" }' - - # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all - # the other workflows with the same change - - uses: 8398a7/action-slack@v3 - name: Job failed Slack notification - if: ${{ failure() }} - with: - status: custom - fields: workflow, repo - custom_payload: | - { - channel: '#announce', - attachments: [{ - color: "#DB4545", - pretext: ``, - text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`, - }] - } - env: - GITHUB_TOKEN: ${{ github.token }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}