forked from adoptium/temurin-build
-
Notifications
You must be signed in to change notification settings - Fork 1
178 lines (158 loc) · 8.57 KB
/
code-freeze-master.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# This is a basic workflow to help you get started with Actions
name: Code Freeze Bot
on:
workflow_call:
secrets:
SLACK_WEBHOOK_CODEFREEZE_URL:
required: false
env:
PMC_MEMBERS: '[ "gdams", "sxa", "johnoliver", "tellison", "jerboaa", "smlambert", "karianna", "llxia", "sanhong", "andrew-m-leonard", "steelhead31" ]'
permissions:
contents: write
pull-requests: write
jobs:
freeze:
runs-on: ubuntu-latest
# Change to false when code freeze is not in place
if: github.repository_owner == 'andrew-m-leonard' && false
steps:
- name: Check for blocking review
if: github.event_name == 'pull_request_target' || (github.event_name == 'issue_comment' && github.event.issue.pull_request)
id: blocking-review
run: |
if [[ -z $PR_NUMBER ]]; then
PR_NUMBER="${{ github.event.pull_request.number }}"
fi
curl --request GET \
--url "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/reviews" \
--header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' --header "Accept: application/vnd.github+json" \
> reviews.json
REVIEW_STATE=$(cat reviews.json | jq '.[] | select( .user.login == "github-actions[bot]").state' | tail -n 1)
echo "check=$REVIEW_STATE" >> $GITHUB_OUTPUT
env:
PR_NUMBER: ${{ github.event.issue.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Block pull request
if: (github.event_name == 'pull_request_target' || github.event.issue.pull_request) && (steps.blocking-review.outputs.check == 'DISMISSED' || !steps.blocking-review.outputs.check)
run: |
if [[ -z $PR_URL ]]; then
PR_URL="https://github.com/${{ github.repository }}/pull/${{ github.event.issue.number }}"
fi
echo -e "A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.\n\nIf this pull request needs to be merged during the release cycle then please comment \`/merge\` and a PMC member will be able to remove the block.\n\nIf the code freeze is over you can remove this block by commenting \`/thaw\`." > msg
export msg=$(cat msg); gh pr review --request-changes --body "$msg" "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- uses: khan/pull-request-comment-trigger@edab8d9ba7759221187ef7120592a6fbfada0d18 # v1.1.0
if: github.event_name == 'issue_comment'
id: thaw
with:
trigger: '/thaw'
prefix_only: 'true'
reaction: '-1'
env:
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
- name: Add comment
if: steps.thaw.outputs.triggered == 'true'
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ github.event.issue.number }}
body: Sorry @${{ github.actor }}, the code freeze is still in place.
- name: Fetch merge request cache
if: github.event_name == 'issue_comment'
id: merge-request
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: merge-request.txt
key: "${{ github.event.issue.number }}-merge-request"
- uses: khan/pull-request-comment-trigger@edab8d9ba7759221187ef7120592a6fbfada0d18 # v1.1.0
if: steps.merge-request.outputs.cache-hit != 'true' && github.event_name == 'issue_comment'
id: check
with:
trigger: '/merge'
prefix_only: 'true'
reaction: '+1'
env:
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
- name: Add approval to merge comment
if: steps.check.outputs.triggered == 'true'
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ github.event.issue.number }}
body: |
Approval to merge during the lockdown cycle
Please can two [Adoptium PMC](https://projects.eclipse.org/projects/adoptium/who) members comment `/approve`?
- name: Store merge request
if: steps.check.outputs.triggered == 'true'
run: echo true > merge-request.txt
- uses: khan/pull-request-comment-trigger@edab8d9ba7759221187ef7120592a6fbfada0d18 # v1.1.0
if: steps.merge-request.outputs.cache-hit == 'true' && github.event_name == 'issue_comment'
id: approval
with:
trigger: '/approve'
prefix_only: 'true'
reaction: '+1'
env:
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
- name: Add comment if user not approved
if: steps.approval.outputs.triggered == 'true' && !contains(fromJson(env.PMC_MEMBERS), github.actor)
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ github.event.issue.number }}
body: Sorry @${{ github.actor }}, you are not a PMC member and therefore cannot approve this request.
- name: Fetch total approvals
if: steps.approval.outputs.triggered == 'true' && contains(fromJson(env.PMC_MEMBERS), github.actor)
id: store-approvals
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: review-log.txt
key: ${{ github.event.issue.number }}
- name: Store approval
if: steps.store-approvals.outputs.cache-hit != 'true' && steps.approval.outputs.triggered == 'true' && contains(fromJson(env.PMC_MEMBERS), github.actor)
run: echo ${{ github.actor }} > review-log.txt
- name: Dismiss blocking review
if: steps.store-approvals.outputs.cache-hit == 'true' && steps.approval.outputs.triggered == 'true' && contains(fromJson(env.PMC_MEMBERS), github.actor)
run: |
FIRST_APPROVER=$(cat review-log.txt)
if [[ ${{ github.actor }} != $FIRST_APPROVER ]]; then
curl --request GET \
--url 'https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}/reviews' \
--header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' --header "Accept: application/vnd.github+json" \
> reviews.json
REVIEW_ID=$(cat reviews.json | jq '.[] | select( .user.login == "github-actions[bot]").id' | tail -n 1)
curl --request PUT \
--url "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}/reviews/${REVIEW_ID}/dismissals" \
--header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' --header "Accept: application/vnd.github+json" \
-d "{\"message\":\"Thank you @${FIRST_APPROVER} and @${{ github.actor }} for your approvals, this pull request is now approved to merge during release.\",\"event\":\"DISMISS\"}"
else
echo "duplicate review detected from the same user ${FIRST_APPROVER} and ${{ github.actor }}"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
thaw:
needs: freeze
runs-on: ubuntu-latest
if: github.repository_owner == 'andrew-m-leonard' && github.event_name == 'issue_comment' && always() && needs.freeze.result == 'skipped'
steps:
- uses: khan/pull-request-comment-trigger@edab8d9ba7759221187ef7120592a6fbfada0d18 # v1.1.0
id: thaw
with:
trigger: '/thaw'
prefix_only: 'true'
reaction: '+1'
env:
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
- name: Dismiss blocking review
if: steps.thaw.outputs.triggered == 'true'
run: |
curl --request GET \
--url 'https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}/reviews' \
--header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' --header "Accept: application/vnd.github+json" \
> reviews.json
REVIEW_ID=$(cat reviews.json | jq '.[] | select( .user.login == "github-actions[bot]").id' | tail -n 1)
curl --request PUT \
--url "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}/reviews/${REVIEW_ID}/dismissals" \
--header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' --header "Accept: application/vnd.github+json" \
-d '{"message":"Pull Request unblocked - code freeze is over.","event":"DISMISS"}'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}