Skip to content

Commit e547a41

Browse files
committed
chore: remove pull_request_target
Signed-off-by: Derek Su <derek.su@suse.com> (cherry picked from commit c8c4e44)
1 parent 99b029e commit e547a41

1 file changed

Lines changed: 167 additions & 109 deletions

File tree

Lines changed: 167 additions & 109 deletions
Original file line numberDiff line numberDiff line change
@@ -1,121 +1,179 @@
11
name: Create Dependency Version Update PR in Longhorn Repo
22

33
on:
4-
pull_request_target:
5-
types: [closed]
4+
push:
65
branches:
7-
- main
6+
- master
87
- "v*"
98

9+
permissions:
10+
contents: read
11+
pull-requests: read
12+
13+
concurrency:
14+
group: dep-versions-update-${{ github.ref_name }}
15+
cancel-in-progress: true
16+
1017
jobs:
1118
create-pull-request:
12-
if: github.event.pull_request.merged == true
1319
runs-on: ubuntu-latest
20+
1421
steps:
15-
- name: Install Dependencies
16-
run: |
17-
sudo apt update -y
18-
sudo apt install -y jq wget
19-
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
20-
sudo mv yq_linux_amd64 /usr/local/bin/yq
21-
sudo chmod +x /usr/local/bin/yq
22-
23-
- name: Prepare Packages
24-
run: |
25-
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
26-
chmod 700 get_helm.sh
27-
./get_helm.sh
28-
29-
- name: Log triggering PR information
30-
shell: bash
31-
run: |
32-
echo "Triggered by PR: #${{ github.event.pull_request.number }}"
33-
echo "PR Title: ${{ github.event.pull_request.title }}"
34-
echo "PR URL: ${{ github.event.pull_request.html_url }}"
35-
echo "PR was merged into branch: ${{ github.event.pull_request.base.ref }}"
36-
37-
- name: Set ref
38-
run: |
39-
if [ "${{ github.event.pull_request.base.ref }}" = "main" ]; then
40-
echo "LONGHORN_BRANCH=master" >> $GITHUB_ENV
41-
else
42-
echo "LONGHORN_BRANCH=${{ github.event.pull_request.base.ref }}" >> $GITHUB_ENV
43-
fi
44-
45-
- uses: actions/checkout@v4
46-
with:
47-
repository: longhorn/longhorn
48-
ref: ${{ env.LONGHORN_BRANCH }}
49-
50-
- name: Create longhorn/longhorn PR
51-
shell: bash
52-
run: |
53-
COMPONENTS=(backing-image-manager longhorn-engine longhorn-instance-manager longhorn-manager longhorn-share-manager longhorn-ui longhorn-cli)
54-
EXTERNALS=("csi-attacher" "csi-provisioner" "csi-resizer" "csi-snapshotter" "csi-node-driver-registrar" "livenessprobe" "support-bundle-kit")
55-
56-
IMAGE_FILE="deploy/longhorn-images.txt"
57-
58-
component_images=()
59-
60-
curl -L https://raw.githubusercontent.com/longhorn/dep-versions/refs/heads/${{ github.event.pull_request.base.ref }}/versions.json -o /tmp/versions.json
61-
cat /tmp/versions.json
62-
63-
TAG=${{ env.LONGHORN_BRANCH }}-head
64-
65-
# Extract component images from the $IMAGE_FILE
66-
while IFS= read -r line; do
67-
for component in "${COMPONENTS[@]}"; do
68-
if [[ "$line" == *"$component"* ]]; then
69-
component_images+=("$line")
70-
break
22+
- name: Install Dependencies
23+
run: |
24+
set -euxo pipefail
25+
sudo apt update -y
26+
sudo apt install -y jq wget
27+
28+
# Install yq for YAML processing
29+
wget -O /tmp/yq \
30+
https://github.com/mikefarah/yq/releases/download/v4.52.5/yq_linux_amd64
31+
sudo mv /tmp/yq /usr/local/bin/yq
32+
sudo chmod +x /usr/local/bin/yq
33+
34+
- name: Prepare Packages
35+
run: |
36+
set -euxo pipefail
37+
38+
# Install Helm
39+
curl -fsSL -o /tmp/get_helm.sh \
40+
https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
41+
chmod 700 /tmp/get_helm.sh
42+
DESIRED_VERSION=v3.20.2 /tmp/get_helm.sh
43+
44+
- name: Set workflow variables
45+
run: |
46+
set -euxo pipefail
47+
48+
SHORT_SHA="${GITHUB_SHA:0:7}"
49+
50+
# Use the pushed branch as both source and target
51+
echo "TARGET_BRANCH=${GITHUB_REF_NAME}" >> $GITHUB_ENV
52+
echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_ENV
53+
54+
- name: Create GitHub App token
55+
id: app-token
56+
uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349
57+
with:
58+
app-id: ${{ secrets.LONGHORN_GITHUB_BOT_APP_ID }}
59+
private-key: ${{ secrets.LONGHORN_GITHUB_BOT_PRIVATE_KEY }}
60+
owner: ${{ github.repository_owner }}
61+
permission-contents: write
62+
permission-pull-requests: write
63+
64+
- name: Checkout longhorn/longhorn
65+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
66+
with:
67+
repository: longhorn/longhorn
68+
token: ${{ steps.app-token.outputs.token }}
69+
ref: ${{ env.TARGET_BRANCH }}
70+
71+
- name: Update dependency versions
72+
id: update
73+
run: |
74+
set -euxo pipefail
75+
76+
COMPONENTS=(
77+
backing-image-manager
78+
longhorn-engine
79+
longhorn-instance-manager
80+
longhorn-manager
81+
longhorn-share-manager
82+
longhorn-ui
83+
longhorn-cli
84+
)
85+
86+
EXTERNALS=(
87+
csi-attacher
88+
csi-provisioner
89+
csi-resizer
90+
csi-snapshotter
91+
csi-node-driver-registrar
92+
livenessprobe
93+
support-bundle-kit
94+
)
95+
96+
IMAGE_FILE="deploy/longhorn-images.txt"
97+
98+
if [[ ! -f "${IMAGE_FILE}" ]]; then
99+
echo "::error::${IMAGE_FILE} not found in longhorn/longhorn@${TARGET_BRANCH}"
100+
exit 1
101+
fi
102+
103+
# Fetch dependency versions from dep-versions repo
104+
VERSIONS_URL="https://raw.githubusercontent.com/longhorn/dep-versions/refs/heads/${TARGET_BRANCH}/versions.json"
105+
if ! curl -fsSL "${VERSIONS_URL}" -o /tmp/versions.json; then
106+
echo "::error::Failed to fetch versions.json from ${VERSIONS_URL}"
107+
exit 1
108+
fi
109+
110+
# Validate that versions.json is valid JSON
111+
if ! jq empty /tmp/versions.json 2>/dev/null; then
112+
echo "::error::versions.json is not valid JSON"
113+
exit 1
114+
fi
115+
116+
component_images=()
117+
118+
# Preserve only Longhorn component images
119+
while IFS= read -r line; do
120+
for component in "${COMPONENTS[@]}"; do
121+
if [[ "${line}" == *"${component}"* ]]; then
122+
component_images+=("${line}")
123+
break
124+
fi
125+
done
126+
done < "${IMAGE_FILE}"
127+
128+
rm -f "${IMAGE_FILE}"
129+
130+
# Restore component images
131+
for image in "${component_images[@]}"; do
132+
echo "${image}" >> "${IMAGE_FILE}"
133+
done
134+
135+
# Append external dependency images from versions.json
136+
for dep in "${EXTERNALS[@]}"; do
137+
tag="$(jq -r --arg dep "${dep}" '.[$dep].tag' /tmp/versions.json)"
138+
if [[ -z "${tag}" || "${tag}" == "null" ]]; then
139+
echo "::error::Missing or null tag for '${dep}' in versions.json"
140+
exit 1
71141
fi
142+
echo "longhornio/${dep}:${tag}" >> "${IMAGE_FILE}"
72143
done
73-
done < "$IMAGE_FILE"
74-
75-
echo "Component images: ${component_images[@]}"
76-
77-
rm -rf $IMAGE_FILE
78-
79-
# Copy the component images to the $IMAGE_FILE
80-
for image in "${component_images[@]}"; do
81-
echo $image >> $IMAGE_FILE
82-
done
83-
84-
# Add the external images to the $IMAGE_FILE
85-
for dep in "${EXTERNALS[@]}"
86-
do
87-
tag=$(jq -r --arg dep "$dep" '.[$dep].tag' /tmp/versions.json)
88-
echo "longhornio/$dep:$tag" >> $IMAGE_FILE
89-
done
90-
91-
cat $IMAGE_FILE
92-
93-
bash scripts/update-chart-readme.sh || { echo "Failed: update-chart-readme.sh"; exit 1; }
94-
bash scripts/update-chart-questions.sh || { echo "Failed: update-chart-questions.sh"; exit 1; }
95-
bash scripts/update-chart-values.sh || { echo "Failed: update-chart-values.sh"; exit 1; }
96-
bash scripts/generate-longhorn-yaml.sh || { echo "Failed: generate-longhorn-yaml.sh"; exit 1; }
97-
98-
- name: Get Head Commit Name
99-
id: get_head_commit_name
100-
run: echo "::set-output name=commit_name::$(git log -1 --pretty=format:'%an')"
101-
102-
- name: Get Head Commit Email
103-
id: get_head_commit_email
104-
run: echo "::set-output name=commit_email::$(git log -1 --pretty=format:'%ae')"
105-
106-
- name: Create Pull Request
107-
id: cpr
108-
uses: peter-evans/create-pull-request@v7
109-
with:
110-
token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
111-
branch: "update-deps-version-${{ github.event.pull_request.number }}"
112-
delete-branch: true
113-
sign-commits: true
114-
signoff: true
115-
author: ${{ steps.get_head_commit_name.outputs.commit_name }} <${{ steps.get_head_commit_email.outputs.commit_email }}>
116-
committer: ${{ steps.get_head_commit_name.outputs.commit_name }} <${{ steps.get_head_commit_email.outputs.commit_email }}>
117-
commit-message: "chore(chart): update dependency versions (PR longhorn/dep-versions#${{ github.event.pull_request.number}})"
118-
title: "chore(chart): update dependency versions (PR longhorn/dep-versions#${{ github.event.pull_request.number}})"
119-
body: |
120-
This PR updates dependency versions.
121-
It was triggered by longhorn/dep-versions#${{ github.event.pull_request.number}}.
144+
145+
# Regenerate chart-related files
146+
bash scripts/update-chart-readme.sh
147+
bash scripts/update-chart-questions.sh
148+
bash scripts/update-chart-values.sh
149+
bash scripts/generate-longhorn-yaml.sh
150+
151+
# Only proceed if there are actual changes
152+
# This prevents creating empty or duplicate PRs
153+
if git diff --quiet; then
154+
echo "NO_CHANGES=true" >> $GITHUB_ENV
155+
else
156+
echo "NO_CHANGES=false" >> $GITHUB_ENV
157+
fi
158+
159+
- name: Create Pull Request
160+
# Skip PR creation if no changes detected
161+
if: env.NO_CHANGES == 'false'
162+
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
163+
with:
164+
token: ${{ steps.app-token.outputs.token }}
165+
166+
# Use a stable branch name so the PR is updated instead of recreated
167+
branch: "update-deps-version-${{ env.TARGET_BRANCH }}"
168+
169+
delete-branch: true
170+
sign-commits: true
171+
signoff: true
172+
author: Longhorn GitHub Bot <67932897+longhorn-io-github-bot@users.noreply.github.com>
173+
committer: Longhorn GitHub Bot <67932897+longhorn-io-github-bot@users.noreply.github.com>
174+
175+
commit-message: "chore(chart): update dependency versions (${{ env.TARGET_BRANCH }})"
176+
title: "chore(chart): update dependency versions (${{ env.TARGET_BRANCH }})"
177+
body: |
178+
This PR updates dependency versions.
179+
Triggered by push on `${{ github.ref_name }}`.

0 commit comments

Comments
 (0)