Update Platform Branch #218
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| name: "Update Platform Branch" | |
| # This workflow updates the platform.branch property in all pom.xml files to a new tag or branch. | |
| # It is triggered by a manual dispatch or by a call from another workflow - notably from platform changes to protocol/go. | |
| # This property is used to select which versions of the protocol buffer definitions to use. | |
| # | |
| # To test: | |
| # `act workflow_dispatch -W ./.github/workflows/update-platform-branch.yaml --input tag=protocol/go/v0.3.1` | |
| on: | |
| schedule: | |
| - cron: "17 0 * * *" # Runs daily at 00:17 UTC | |
| workflow_call: | |
| inputs: | |
| tag: | |
| required: true | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "The new tag or branch to update the platform.branch property to use for targeting the RPC protocol buffers." | |
| required: true | |
| default: "protocol/go/v0.3.0" | |
| jobs: | |
| update-platform-branch: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: read | |
| steps: | |
| - name: Checkout java-sdk repository | |
| uses: actions/checkout@v3 | |
| with: | |
| persist-credentials: true | |
| - name: Set up GitHub CLI as Actions bot | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh auth setup-git | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Fetch latest semver tag for protocol/go | |
| id: fetch-latest-tag | |
| run: | | |
| if [ -z "${{ github.event.inputs.tag }}" ]; then | |
| LATEST_TAG=$(git ls-remote --tags https://github.com/opentdf/platform.git | \ | |
| grep "refs/tags/protocol/go" | \ | |
| sed 's|.*/||' | \ | |
| sort -V | \ | |
| tail -n1) | |
| echo "LATEST_TAG=$LATEST_TAG" >> "$GITHUB_ENV" | |
| else | |
| echo "LATEST_TAG=${{ github.event.inputs.tag }}" >> "$GITHUB_ENV" | |
| fi | |
| - name: Check if update is needed | |
| id: check-update | |
| run: | | |
| CURRENT_TAG=$(grep -oP '<platform.branch>\K.*(?=</platform.branch>)' pom.xml | head -n1) | |
| if [ "$CURRENT_TAG" = "$LATEST_TAG" ]; then | |
| echo "Platform branch is already up-to-date." | |
| echo "no_updates=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "CURRENT_TAG=$CURRENT_TAG" >> "$GITHUB_ENV" | |
| - name: Check for existing PR | |
| if: steps.check-update.outputs.no_updates != 'true' | |
| id: check-pr | |
| run: | | |
| EXISTING_PR=$(gh pr list --head update-platform-branch --json number --jq '.[0].number') | |
| if [ -n "$EXISTING_PR" ]; then | |
| echo "EXISTING_PR=$EXISTING_PR" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check out existing PR | |
| if: steps.check-pr.outputs.EXISTING_PR != '' && steps.check-update.outputs.no_updates != 'true' | |
| run: | | |
| git fetch origin update-platform-branch:update-platform-branch | |
| git checkout update-platform-branch | |
| - name: Update platform.branch in pom.xml files | |
| if: steps.check-update.outputs.no_updates != 'true' | |
| id: update-platform-branch | |
| run: | | |
| find . -name "pom.xml" -exec sed -i.bak "s|<platform.branch>.*</platform.branch>|<platform.branch>${LATEST_TAG}</platform.branch>|g" {} \; | |
| CHANGED_FILES=$(find . -name "pom.xml" -exec diff -u {} {}.bak \;) | |
| if [ -z "$CHANGED_FILES" ]; then | |
| echo "No changes detected in pom.xml files." | tee -a $GITHUB_STEP_SUMMARY | |
| find . -name "pom.xml.bak" -delete | |
| exit 0 | |
| fi | |
| # otherwise output that changes were made | |
| echo "changes=true" >> $GITHUB_OUTPUT | |
| echo "The following pom.xml files were updated: $CHANGED_FILES" | |
| find . -name "pom.xml.bak" -delete | |
| - name: Create new branch | |
| if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.changes == 'true' | |
| run: | | |
| git checkout -b $BRANCH_NAME | |
| git push origin $BRANCH_NAME | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: update-platform-branch | |
| - name: Update files | |
| if: steps.update-platform-branch.outputs.changes == 'true' | |
| run: | | |
| echo "Committing changes..." | |
| FILES_CHANGED=$(git status --porcelain | awk '{print $2}') | |
| for file in $FILES_CHANGED; do | |
| echo "Committing file: $file" | |
| CONTENT=$(base64 -i $file) | |
| MESSAGE="Update $file to match platform tag $LATEST_TAG" | |
| SHA=$( git rev-parse $BRANCH_NAME:$file 2>/dev/null | grep -E '^[0-9a-f]{40}$' || echo "" ) | |
| if [ -z "$SHA" ]; then | |
| SHA="" | |
| fi | |
| gh api --method PUT /repos/${{ github.repository }}/contents/$file \ | |
| --field message="$MESSAGE" \ | |
| --field content="$CONTENT" \ | |
| --field encoding="base64" \ | |
| --field branch="$BRANCH_NAME" \ | |
| --field sha="$SHA" | |
| done | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: update-platform-branch | |
| - name: Create New PR | |
| if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.changes == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: update-platform-branch | |
| run: | | |
| RELEASE_NOTES=$(gh release view protocol/go/$LATEST_TAG --repo opentdf/platform --json body --jq '.body') | |
| cat <<EOF > pr_body.txt | |
| This PR updates the platform.branch property in all pom.xml files to the new tag or branch: $LATEST_TAG. | |
| See the release: https://github.com/opentdf/platform/releases/tag/protocol%2Fgo%2F$LATEST_TAG | |
| Release Notes: | |
| $RELEASE_NOTES | |
| EOF | |
| gh pr create \ | |
| --title "fix(sdk): Updates to proto version $LATEST_TAG" \ | |
| --body-file pr_body.txt \ | |
| --head $BRANCH_NAME \ | |
| --base main | |