qcom-build-utils/.github/workflows/qcom-promote-upstream-reusable-workflow.yml at 2264c8bfcec97dac7838b105ff9db0e29423f9d9 · qualcomm-linux/qcom-build-utils · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
name: Qualcomm Upstream Version Promotion Reusable Workflow
description: |
  The purpose of this workflow is to take a given tag that exists in the upstream repository
  that the package repo tracks, and then import it with git-buildpackage so that it makes its
  way in the upstream and debian branch. It also takes care of increasing the version number
  in the changelog file. The tracked upstream repo needs to be properly configured in the
  debian/watch file.

on:
  workflow_call:
    inputs:

      qcom-build-utils-ref:
        description: The ref name that was used to invoke this reusable workflow
        type: string
        required: true

      debian-branch:
        description: The debian branch to apply the promotion to. For example branch "debian/qcom-next"
        type: string
        required: false
        default: debian/qcom-next

      upstream-tag:
        description: The tag in the upstream repo to promote to.
        type: string
        required: true

      upstream-repo:
        description: The upstream git repo adress
        type: string
        required: true

    secrets:
      UPSTREAM_REPO_READ_PAT:
        required: false

permissions:
  contents: write
  packages: read

env:
  NORMALIZED_VERSION: ""
  UPSTREAM_TAG_ALREADY_EXISTS: false

jobs:
  promote-upstream-version:

    runs-on: ubuntu-24.04-arm

    defaults:
      run:
        shell: bash

    container:
      # This docker image is built and published by the qualcomm-linux/docker-pkg-build repo CI workflow
      image: ghcr.io/qualcomm-linux/pkg-builder:noble
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    steps:

      # Normalizing a tag : (e.g ) v1.0.0 -> 1.0.0
      - name: Normalize Tag Version
        run: |
          echo "ℹ️ Input upstream-tag is : ${{inputs.upstream-tag}}"

          NORMALIZED_VERSION=$(echo "${{inputs.upstream-tag}}" | sed 's/^v//')
          echo "NORMALIZED_VERSION=$NORMALIZED_VERSION" >> $GITHUB_ENV

          echo "ℹ️ Normalized version : $NORMALIZED_VERSION"

      - name: Checkout qcom-build-utils
        uses: actions/checkout@v4
        with:
          repository: qualcomm-linux/qcom-build-utils
          ref: ${{inputs.qcom-build-utils-ref}}
          path: ./qcom-build-utils
          fetch-depth: 1
          sparse-checkout: |
            .github
            scripts

      # Fetch all history for all tags and branches
      - name: Checkout Repository
        uses: actions/checkout@v4
        with:
          path: ./package-repo
          fetch-depth: 0

      - name: Authenticate with GitHub
        run : |
          gh auth login --with-token <<< "${{secrets.GITHUB_TOKEN}}"

      - name: Show branches/tags and checkout debian/upstream latest
        working-directory: ./package-repo
        run: |
          git branch
          git tag
          git checkout ${{inputs.debian-branch}}
          echo "Listing all the current tags :"
          git tag --list
          if git ls-remote --exit-code --heads origin upstream/latest; then
            git checkout upstream/latest # Checkout this branch just to make sure it exists locally after its been fetched as gbp will need it later
            git checkout - # Then revert back to the inputs.debian-branch branch as we will need to have it checked out for gbp later
          fi

      - name: Make sure the upstream tag is not already part of the repo
        working-directory: ./package-repo
        run: |
          if (git tag --list | grep "${{inputs.upstream-tag}}"); then
            echo "❌ The supplied upstream tag is wrong as it pertains to this repo already."
            exit 1
          fi

      - name: Validate the upstream tag promotion state
        working-directory: ./package-repo
        run: |
          # Check if the upstream/<normalized_version> tag does not already exists
          if ! git tag --list | grep "upstream/${{env.NORMALIZED_VERSION}}"; then
            echo "✅ The upstream tag '${{inputs.upstream-tag}}' has not been promoted yet. Continuing."
            exit 0
          fi

          echo "⚠️ It appears like this repo has already integrated the upstream tag '${{inputs.upstream-tag}}'"

          LATEST_UPSTREAM_TAG=$(git tag --list 'upstream/*' | sort -V | tail -1)

          echo "ℹ️ The latest upstream tag in the repo is: $LATEST_UPSTREAM_TAG"

          if [ "$LATEST_UPSTREAM_TAG" != "upstream/${{env.NORMALIZED_VERSION}}" ]; then
            echo "❌ However, the existing tag 'upstream/${{env.NORMALIZED_VERSION}}' is NOT the latest upstream tag"
            echo "❌ This means we are trying to promote an older tag. Aborting."
            exit 1
          fi

          echo "ℹ️ The existing tag 'upstream/${{env.NORMALIZED_VERSION}}' is the latest upstream tag already."
          echo "ℹ️ This is likely a second attempt to promote the same upstream tag, where the first attempt already added the upstream tag in the upstram branch"

          # Check if there is a PR open for this already
          PRS=$(gh pr list --head "debian/pr/${{env.NORMALIZED_VERSION}}-1" --state open --json number --jq '.[].number')
          if [ -n "$PRS" ]; then
            echo "❌ An open PR already exists for this promotion attempt: $PRS"
            echo "❌ Please merge or close the existing PR before attempting to promote the same upstream tag again."
            exit 1
          fi

          # If we reach this point, it means the upstream tag exists but no PR is open for it
          echo "⚠️ The upstream tag 'upstream/${{env.NORMALIZED_VERSION}}' already exists but no PR is open for it."
          echo "⚠️ This likely means the previous promotion PR was closed without merging."
          echo "⚠️ We will proceed with the promotion, but please ensure to merge the resulting PR to avoid confusion like this."

          # Keep track that the upstream tag already exists
          echo "UPSTREAM_TAG_ALREADY_EXISTS=true" >> $GITHUB_ENV

          # Perform a last check to see if the debian/pr/<version>-1 branch already exists locally (which would mean its also present remotely)
          if git ls-remote --exit-code --heads origin "debian/pr/${{env.NORMALIZED_VERSION}}-1"; then
            echo "❌ The debian/pr/${{env.NORMALIZED_VERSION}}-1 branch already exists remotely."
            echo "❌ This likely means the previous promotion PR branch was not deleted after closing the PR."
            echo "❌ Please delete the remote branch before attempting to promote the same upstream tag again."
            exit 1
          fi

      - name: Add Upstream Link As A Remote And Fetch Tags
        working-directory: ./package-repo
        run: |
          if [ -n "${{secrets.UPSTREAM_REPO_READ_PAT}}" ]; then
            echo "ℹ️ Adding upstream remote with token authentication. This is because the upstream repository may be private and require authentication to fetch tags."
            REPO_URL=https://x-access-token:${{secrets.UPSTREAM_REPO_READ_PAT}}@github.com/${{inputs.upstream-repo}}.git
          else
            echo "ℹ️ Adding upstream remote without token authentication, repo is assumed to be public"
            REPO_URL=https://github.com/${{inputs.upstream-repo}}.git
          fi

          git remote add upstream-source $REPO_URL

          echo "ℹ️ Fetching tags from upstream repository using token authentication."

          if ! git fetch upstream-source "+refs/tags/*:refs/tags/*"; then
            echo "❌ Failed to fetch tags from '${{inputs.upstream-repo}}'."

            if [ -n "${{secrets.UPSTREAM_REPO_READ_PAT}}" ]; then
              echo "❌ Ensure that the UPSTREAM_REPO_READ_PAT token has the  permission on the repository."
              echo "❌ For more information about this token, see the README.md in qcom-build-utils repo."
            else
              echo "❌ Make sure the upstream repository is public or if it is private that the UPSTREAM_REPO_READ_PAT token is set and has the necessary permissions."
            fi
`
            exit 1
          fi

      - name: Ensure the tag exists in the upstream repo
        working-directory: ./package-repo
        run: |
          if ! git rev-parse --verify "refs/tags/${{inputs.upstream-tag}}" >/dev/null 2>&1; then
            echo "❌ The specified upstream tag '${{inputs.upstream-tag}}' does not exist in the upstream repository."
            exit 1
          fi

      - name: Pre-populate the upstream/latest branch if first promotion
        working-directory: ./package-repo
        run: |

          # If the upstream/latest branch does not exist yet, create it and give it
          # the history of upstream directly, instead of creating an --allow-empty commit
          # which will be dragged along.
          if ! git ls-remote --exit-code --heads origin upstream/latest; then
            git branch upstream/latest ${{inputs.upstream-tag}}
          else
            # The branch exists, check it out and promote it to the upstream tag
            git checkout upstream/latest
            git merge --ff-only ${{inputs.upstream-tag}}
          fi

      - name: Merge upstream tag into packaging branch
        working-directory: ./package-repo
        run: |
          git config user.name "${{vars.DEB_PKG_BOT_CI_NAME}}"
          git config user.email "${{vars.DEB_PKG_BOT_CI_EMAIL}}"

          git checkout ${{inputs.debian-branch}}

          git checkout -b debian/pr/${{env.NORMALIZED_VERSION}}-1

          ../qcom-build-utils/scripts/merge_debian_packaging_upstream ${{inputs.upstream-tag}}

      - name: Promote Changelog
        working-directory: ./package-repo
        run: |
          export DEBFULLNAME="${{vars.DEB_PKG_BOT_CI_NAME}}"
          export DEBEMAIL="${{vars.DEB_PKG_BOT_CI_EMAIL}}"

          # use ignore branch because we are not on default debian branch
          dch \
            --distribution=UNRELEASED \
            --newversion=${{env.NORMALIZED_VERSION}}-1 \
            'New upstream release'

          git commit -a -s -m "Update changelog version to ${{env.NORMALIZED_VERSION}}-1 and UNRELEASED suite"

      - name: Push Upstream/latest and debian PR Branch
        working-directory: ./package-repo
        run: |
          if [ "${{env.UPSTREAM_TAG_ALREADY_EXISTS}}" = "false" ]; then
              # This is the happy path where no previous promotion attempt was detected

              # Push upstream/latest branch promoted to the tag
              git push origin upstream/latest

              git tag upstream/${{env.NORMALIZED_VERSION}} upstream/latest

              # Push that new tag
              git push origin upstream/${{env.NORMALIZED_VERSION}}
          fi

          git push origin debian/pr/${{env.NORMALIZED_VERSION}}-1

      - name: Open Promotion PR
        working-directory: ./package-repo
        run: |
          ../qcom-build-utils/scripts/create_promotion_pr.py \
            --base-branch "${{inputs.debian-branch}}" \
            --upstream-tag "${{inputs.upstream-tag}}" \
            --normalized-version "${{env.NORMALIZED_VERSION}}"