Skip to content

Commit

Permalink
Merge pull request #1984 from ScriptAutomate/remove-auto-pr-creation
Browse files Browse the repository at this point in the history
Remove automated PR against salt repo at release
  • Loading branch information
ScriptAutomate authored Jan 19, 2024
2 parents d6ed8ea + ec283ba commit dffac08
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 99 deletions.
92 changes: 0 additions & 92 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -444,95 +444,3 @@ jobs:
atomic: true
branch: develop
repository: ${{ github.repository }}


salt:
name: Update Release on Salt Repo
runs-on:
- self-hosted
- linux
- repo-release
needs:
- update-develop-checksums
environment: release
permissions:
contents: write # For action peter-evans/create-pull-request
pull-requests: write # For action peter-evans/create-pull-request

steps:
- uses: actions/checkout@v3
with:
ref: stable
repository: ${{ github.repository }}

- name: Get bootstrap version
run: |
echo "BS_VERSION=$(sh bootstrap-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV"
- uses: actions/checkout@v3
with:
repository: saltstack/salt
ref: master
path: salt-checkout
token: ${{ secrets.SALT_REPO_WRITE_TOKEN }}

- name: Setup GnuPG
run: |
sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
GNUPGHOME="$(mktemp -d -p /run/gpg)"
echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
cat <<EOF > "${GNUPGHOME}/gpg.conf"
batch
no-tty
pinentry-mode loopback
EOF
- name: Get Secrets
id: get-secrets
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email [email protected]
git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true
- name: Update bootstrap script on Salt
run: |
cp bootstrap-salt.sh salt-checkout/salt/cloud/deploy/bootstrap-salt.sh
- name: Commit Changes
working-directory: salt-checkout/
run: |
git commit -am "Update the bootstrap script to v${{ env.BS_VERSION }}"
- name: Create Pull Request Against Develop
uses: peter-evans/create-pull-request@v5
with:
title: "Update the bootstrap script to v${{ env.BS_VERSION }}"
path: salt-checkout
base: master
token: ${{ secrets.SALT_REPO_WRITE_TOKEN }}
author: "Salt Project Packaging <[email protected]>"
committer: "Salt Project Packaging <[email protected]>"
commit-message: Update the bootstrap script to v${{ env.BS_VERSION }}
signoff: true
delete-branch: true
11 changes: 4 additions & 7 deletions RELEASE.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,10 @@
- See if there are any PRs worth squeezing into release.
- Go through the changes since last release, add them to changelog.
- Add any new authors to the AUTHORS file.
- If there's a new Salt release(major), update the script to add support for it.
- If there's a new Salt release (major), update the script to add support for it.
- Bump version for release.
- Open PR against develop with these changes.
- Once the above PR is merged, open a PR against stable with the changes from develop.
- Once the above PR is merged, wait until an automatic PR is opened against stable which updates the checksums.
- Once the above PR is merged, tag the release `v{version-here}` and push the tag.
- Wait until an automatic PR is opened against the develop branch updating the checksums in `README.rst`. Merge it.
- Check that an automated PR was opened against the salt repo updating the bootstrap script, located in `salt/cloud/deploy/bootstrap-salt.sh`

- Once the above PR is merged, go to [Cut Release](https://github.com/saltstack/salt-bootstrap/actions/workflows/release.yml) and `Run workflow` against `develop` branch
- Open a new PR against the branch of the oldest supported version of [the salt repo](https://github.com/saltstack/salt) (ex. `3006.x`), and replace `salt/cloud/deploy/bootstrap-salt.sh` with the latest `bootstrap-salt.sh` file
- When that PR is merged into [the salt repo](https://github.com/saltstack/salt), merge-forwards into the latest branches and `master` will ensure that the latest bootstrap script is available
- Victory!

0 comments on commit dffac08

Please sign in to comment.