[ENG-3808] chore: script merge public to private (#155)

* chore: add a script for merging public to private chore: update merge scripts chore: update scripts with correct remote url chore: fix gh cli check in scirpts chore: fix scripts with pr command chore: fix new lines chore: fix attempt for the release pr action error: fatal unrelated histories chore: add workflow to trigger the script chore: remove trigger on pr chore: rename workflow and add choice of direction chore: update script with --unshallow chore: remove --unshallow chore: simplify merge script chore: delete other script in favour of one way merges chore: continue script if bad tags chore: assign reviewers to the merge chore: fix assign reviewer part chore: oops remove merge markers chore: loop for main and develop chore: add script use to workflows chore: remove unshallow for --allow-unrelated-histories chore: remove comment * chore: use a generic name for merge script * chore: add CODEOWNERS file * chore: fix asset upload and add steps to copy release to public
2026-01-12 09:43:44 +08:00 · 2024-04-02 14:47:13 +08:00
parent 1e4d7a14ed
commit f9ffbba547
7 changed files with 185 additions and 4 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @secretkeylabs/reviewers-web-extension
--- a/.github/workflows/merge-repos.yml
+++ b/.github/workflows/merge-repos.yml
@@ -0,0 +1,33 @@
+name: Merge branch to remote
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Merge branch'
+        required: true
+        default: develop
+        type: choice
+        options:
+          - develop
+          - main
+
+jobs:
+  merge-branch-to-remote:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - id: run-merge-script
+        env:
+          ORIGIN_BRANCH: ${{ inputs.branch }}
+          GH_TOKEN: ${{ github.token }}
+          REMOTE_REPO: ${{ secrets.REMOTE_REPO }}
+        run: |
+          # git config
+          git config user.name "GitHub Actions Bot"
+          git config user.email "<>"
+          # run shell script
+          cd scripts
+          ORIGIN_BRANCH=$ORIGIN_BRANCH REMOTE_REPO=$REMOTE_REPO ./merge-to-remote.sh
--- a/.github/workflows/release-develop.yml
+++ b/.github/workflows/release-develop.yml
@@ -0,0 +1,33 @@
+name: Merge release to develop
+##
+# This workflow triggers on merge of release branch back to develop
+#
+# It should push to public repo
+#
+on:
+  pull_request:
+    branches:
+      - develop
+    types:
+      - closed
+jobs:
+  publish-latest:
+    if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/')}}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - uses: actions/checkout@v4
+      - id: push-to-public
+        name: Push to public remote
+        if: ${{ contains(github.repositoryUrl, 'private' }}
+        run: |
+          # git config
+          git config user.name "GitHub Actions Bot"
+          git config user.email "<>"
+          # run shell script
+          cd scripts
+          ORIGIN_BRANCH=develop REMOTE_REPO=xverse-web-extension ./merge-to-remote.sh
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -29,6 +29,7 @@ jobs:
        env:
          SOURCE_BRANCH: ${{ github.head_ref }}
        run: |
+          cd scripts
          # find the target commitish of the latest release matching our tag
          TAG=$(echo $SOURCE_BRANCH | sed 's/release\/\(.*\)/\1/')
          gh api \
@@ -48,6 +49,8 @@ jobs:
            -f name="$TAG" \
            -F generate_release_notes=true > release.json
          # save env for upload
+          echo "TAG=$TAG" >> $GITHUB_ENV
+          echo "TARGET_COMMITISH=$TARGET_COMMITISH" >> $GITHUB_ENV
          echo "TAG_RC=$TAG_RC" >> $GITHUB_ENV
          echo "FILENAME=xverse-web-extension.$TAG.zip" >> $GITHUB_ENV
          echo "UPLOAD_URL=$(cat release.json | jq -r .upload_url)" >> $GITHUB_ENV
@@ -68,11 +71,11 @@ jobs:
      - id: download-latest-asset
        name: Download latest asset from rc
        run: |
-          RELEASE_ID=$(cat releases.json | jq -r ".[] | select(.tag_name==\"$TAG_RC\") | .id")
+          ASSET_ID=$(cat releases.json | jq -r ".[] | select(.tag_name==\"$TAG_RC\") | .assets[0].id")
          gh api \
            -H "Accept: application/octet-stream" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
-            /repos/{owner}/{repo}/releases/assets/$RELEASE_ID > build.zip
+            /repos/{owner}/{repo}/releases/assets/$ASSET_ID > build.zip
      - id: upload-latest-asset
        name: Upload latest asset to latest release
        uses: actions/upload-release-asset@v1
@@ -83,3 +86,42 @@ jobs:
          asset_path: build.zip
          asset_name: ${{ env.FILENAME }}
          asset_content_type: application/zip
+      - id: push-to-public
+        name: Push to public remote
+        if: ${{ contains(github.repositoryUrl, 'private' }}
+        env:
+          REMOTE_REPO: xverse-web-extension
+        run: |
+          # git config
+          git config user.name "GitHub Actions Bot"
+          git config user.email "<>"
+          # run shell script
+          ./merge-to-remote.sh
+      - id: copy-release-to-public
+        name: Copy release to public remote
+        needs: push-to-public
+        env:
+          REMOTE_REPO: xverse-web-extension
+        run: |
+          # publish the latest release on remote
+          cat release.json | jq -r .body > public-body.md
+          gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/{owner}/$REMOTE_REPO/releases \
+            -f tag_name="$TAG" \
+            -f target_commitish="$TARGET_COMMITISH" \
+            -f name="$TAG" \
+            -F 'body=@public-body.md' > public-release.json
+          echo "PUBLIC_UPLOAD_URL=$(cat public-release.json | jq -r .upload_url)" >> $GITHUB_ENV
+      - id: upload-latest-asset-to-public
+        name: Upload latest asset to latest release on public remote
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ env.PUBLIC_UPLOAD_URL}}
+          asset_path: build.zip
+          asset_name: ${{ env.FILENAME }}
+          asset_content_type: application/zip
--- a/scripts/.gitignore
+++ b/scripts/.gitignore
@@ -1,4 +1,4 @@
 release.json
-pr-*.json
+pr*.json
 body.md
 releases.json
--- a/scripts/create-release-pr.sh
+++ b/scripts/create-release-pr.sh
@@ -7,6 +7,8 @@
 # Alternatively trigger it from the github action
 #

+set -e
+
 if [[ -z "$BUMP" ]]; then
  echo "BUMP is required. major|minor|patch"
  exit 1
@@ -26,7 +28,7 @@ TITLE="release: $TAG"

 git checkout -B $BRANCH
 git commit -am "$TITLE"
-git merge origin/main -s ours
+git merge --allow-unrelated-histories origin/main -s ours

 git push --set-upstream origin $BRANCH

--- a/scripts/merge-to-remote.sh
+++ b/scripts/merge-to-remote.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+##
+# merge-to-remote.sh
+#
+# to be run locally from downstream repo, or from GitHub Actions
+
+set -e
+
+if [[ -z $(git status --porcelain) ]]; then
+  echo "Working directory clean. Proceeding with merge."
+else
+  echo "Working directory not clean. Please commit or stash your changes before proceeding."
+  exit 1
+fi
+
+ORIGIN_BRANCH=${ORIGIN_BRANCH:-main} # defaults to main
+REMOTE_REPO=${REMOTE_REPO:-xverse-web-extension} # defaults to xverse-web-extension
+
+echo "Merging $ORIGIN_BRANCH to $REMOTE_REPO"
+
+ORIGIN_NAME="origin"
+REMOTE_URL="git@github.com:secretkeylabs/$REMOTE_REPO.git"
+REMOTE_NAME="public"
+
+## add or set remote
+git remote -v | grep -w $REMOTE_NAME || git remote add $REMOTE_NAME $REMOTE_URL
+git remote set-url $REMOTE_NAME $REMOTE_URL
+
+## fetch from all remotes including tags
+git fetch --all --tags || true # TODO remove || true after fixing tag conflicts
+
+PR_TITLE="merge-$ORIGIN_BRANCH-to-$REMOTE_NAME"
+REMOTE_BRANCH="chore/$PR_TITLE-$(date +%s)"
+REMOTE_BASE=$ORIGIN_BRANCH
+
+## checkout origin branch and push to remote
+echo "Checking out $ORIGIN_NAME/$ORIGIN_BRANCH and pushing to $REMOTE_NAME/$REMOTE_BRANCH"
+git checkout $ORIGIN_NAME/$ORIGIN_BRANCH
+git checkout -B $REMOTE_BRANCH
+git push $REMOTE_NAME $REMOTE_BRANCH
+
+if command -v gh >/dev/null 2>&1; then
+  echo "gh cli installed. Proceeding with PR creation."
+else
+  echo "gh cli not installed. Please install gh cli or create the PR manually."
+  exit 1
+fi
+
+## create PR and assign team review
+gh api \
+  --method POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  /repos/{owner}/$REMOTE_REPO/pulls \
+  -f title="$PR_TITLE" \
+  -f head="$REMOTE_BRANCH" \
+  -f base="$REMOTE_BASE" \
+  -f body="Created by merge-to-remote.sh" > pr.json
+
+PULL_NUMBER=$(jq -r '.number' pr.json)
+gh api \
+  --method POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  /repos/{owner}/$REMOTE_REPO/pulls/$PULL_NUMBER/requested_reviewers \
+-f "team_reviewers[]=reviewers-web-extension"
+
+## push tags
+git push $REMOTE_NAME --tags || true # TODO remove || true after fixing tag conflicts