dd-trace-java/.github/workflows/create-release-branch.yaml at master · GoodNotes/dd-trace-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Create Release Branch and Pin System Tests

on:
  push:
    tags:
      - 'v[0-9]+.[0-9]+.0' # Trigger on minor release tags (e.g. v1.54.0)
  workflow_dispatch:
    inputs:
      tag:
        description: 'The minor release tag (e.g. v1.54.0)'
        required: true
        type: string

jobs:
  create-release-branch:
    runs-on: ubuntu-latest
    permissions:
      contents: write # Allow pushing the release branch
    outputs:
      release-branch-name: ${{ steps.define-release-branch.outputs.branch }}
    steps:
      - name: Determine tag
        id: determine-tag
        run: |
          if [ -n "${{ github.event.inputs.tag }}" ]; then
            TAG=${{ github.event.inputs.tag }}
          else
            TAG=${GITHUB_REF#refs/tags/}
          fi
          if ! [[ "$TAG" =~ ^v[0-9]+\.[0-9]+\.0$ ]]; then
            echo "Error: Tag $TAG is not in the expected format: vX.Y.0"
            exit 1
          fi
          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"

      - name: Define release branch name from tag
        id: define-release-branch
        run: |
          TAG=${{ steps.determine-tag.outputs.tag }}
          echo "branch=release/${TAG%.0}.x" >> "$GITHUB_OUTPUT"

      - name: Check out repo at tag
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
        with:
          ref: ${{ steps.determine-tag.outputs.tag }}

      - name: Check if branch already exists
        id: check-release-branch
        run: |
          BRANCH=${{ steps.define-release-branch.outputs.branch }}
          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
            echo "creating_new_branch=false" >> "$GITHUB_OUTPUT"
            echo "Branch $BRANCH already exists - skipping creation"
          else
            echo "creating_new_branch=true" >> "$GITHUB_OUTPUT"
            echo "Branch $BRANCH does not exist - creating it now"
          fi

      - name: Create and push release branch
        if: steps.check-release-branch.outputs.creating_new_branch == 'true'
        run: |
          git checkout -b "${{ steps.define-release-branch.outputs.branch }}"
          git push -u origin "${{ steps.define-release-branch.outputs.branch }}"

  pin-system-tests:
    needs: create-release-branch
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write # required for OIDC token federation
    steps:
      - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
        id: octo-sts
        with:
          scope: DataDog/dd-trace-java
          policy: self.pin-system-tests.create-pr

      - name: Check out repo at release branch
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
        with:
          ref: ${{ needs.create-release-branch.outputs.release-branch-name }}

      - name: Get latest commit SHA of base release branch
        id: get-latest-commit-sha
        run: |
          echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT

      - name: Define pin-system-tests branch name from date
        id: define-pin-branch
        run: echo "branch=ci/pin-system-tests-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT

      - name: Check if pin-system-tests branch already exists
        id: check-pin-branch
        run: |
          BRANCH=${{ steps.define-pin-branch.outputs.branch }}
          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
            echo "ERROR: Branch $BRANCH already exists - please delete it and re-run the workflow."
            exit 1
          else
            echo "Branch $BRANCH does not exist - creating it now."
          fi

      - name: Update system-tests references to latest commit SHA of system-tests main
        run: ./tooling/update_system_test_reference.sh

      - name: Check if changes should be committed
        id: check-changes
        run: |
          if [[ -z "$(git status -s)" ]]; then
            echo "ERROR: No changes to commit - the system-tests reference was not updated."
            exit 1
          else
            echo "Changes to commit:"
            git status -s
          fi

      - name: Commit changes
        id: create-commit
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git commit -m "chore: Pin system-tests for release branch" .github/workflows/run-system-tests.yaml
          echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT

      - name: Push changes
        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
        with:
          token: "${{ steps.octo-sts.outputs.token }}"
          branch: "${{ steps.define-pin-branch.outputs.branch }}"
          head-sha: "${{ steps.get-latest-commit-sha.outputs.sha }}"
          create-branch: true
          command: push
          commits: "${{ steps.create-commit.outputs.commit }}"

      - name: Create pull request
        env:
          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
        run: |
          gh pr create --title "Pin system tests for release branch" \
            --base ${{ needs.create-release-branch.outputs.release-branch-name }} \
            --head ${{ steps.define-pin-branch.outputs.branch }} \
            --label "tag: dependencies" \
            --label "tag: no release notes" \
            --body "This PR pins the system-tests reference for the release branch."