forked from sigstore/rekor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
update-to-head.sh
executable file
·98 lines (84 loc) · 3.33 KB
/
update-to-head.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/env bash
# Copyright 2023 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The local git repo must have a remote "upstream" pointing
# to upstream sigstore/rekor, and a remote "origin"
# pointing to securesign/rekor
# Synchs the release-next branch to either the upstream `main` branch
# or a provided git-ref (typically an upstream release tag) and then triggers CI.
#
# NOTE: This requires a corresponding midstream branch to exist in the securesign fork
# with the same name as the upstream branch/ref, but prefixed with "midstream-".
#
# Usage: update-to-head.sh [<git-ref>]
if [ "$#" -ne 1 ]; then
upstream_ref="main"
midstream_ref="main"
redhat_ref="release-next"
else
upstream_ref=$1
midstream_ref="midstream-${upstream_ref}" # The overlays and patches for the given version
redhat_ref="redhat-${upstream_ref}" # The midstream repo with overlays and patches applied
fi
echo "Synchronizing ${redhat_ref} to upstream/${upstream_ref}..."
set -e
REPO_NAME=$(basename $(git rev-parse --show-toplevel))
# Custom files
custom_files=$(cat <<EOT | tr '\n' ' '
redhat
OWNERS
EOT
)
redhat_files_msg=":open_file_folder: update Red Hat specific files"
robot_trigger_msg=":robot: triggering CI on branch '${redhat_ref}' after synching from upstream/${upstream_ref}"
# Reset release-next to upstream main or <git-ref>.
echo "Fetching upstream changes on ${upstream_ref}..."
git fetch upstream $upstream_ref
if [[ "$upstream_ref" == "main" ]]; then
git checkout upstream/main -B ${redhat_ref}
else
git checkout $upstream_ref -B ${redhat_ref}
fi
# Update redhat's main and take all needed files from there.
echo "Applying midstream patches from ${midstream_ref}..."
git fetch origin $midstream_ref
git checkout origin/$midstream_ref $custom_files
# Apply midstream patches
if [[ -d redhat/patches ]]; then
git apply redhat/patches/*
fi
echo "Committing changes..."
git add . # Adds applied patches
git add $custom_files # Adds custom files
git commit -m "${redhat_files_msg}"
# Push the release-next branch
echo "Pushing changes..."
git push -f origin "${redhat_ref}"
# Trigger CI
# TODO: Set up openshift or github CI to run on release-next-ci
git checkout "${redhat_ref}" -B "${redhat_ref}"-ci
date > ci
git add ci
git commit -m "${robot_trigger_msg}"
git push -f origin "${redhat_ref}-ci"
if hash hub 2>/dev/null; then
# Test if there is already a sync PR in
COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/securesign/${REPO_NAME}/pulls --flat \
| grep -c "${robot_trigger_msg}") || true
if [ "$COUNT" = "0" ]; then
hub pull-request --no-edit -l "kind/sync-fork-to-upstream" -b securesign/${REPO_NAME}:${redhat_ref} -h securesign/${REPO_NAME}:${redhat_ref}-ci -m "${robot_trigger_msg}"
fi
else
echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually."
fi