mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-03-10 14:10:37 -07:00
breaking apart steps for permissions (#8880)
Co-authored-by: gemini-cli-robot <gemini-cli-robot@google.com>
This commit is contained in:
matt korwel
42
.github/workflows/release-patch-1-create-pr.yml
vendored
42
.github/workflows/release-patch-1-create-pr.yml
vendored
@@ -68,19 +68,36 @@ jobs:
|
|||||||
# Configure git to use GITHUB_TOKEN for remote operations (has actions:write for workflow files)
|
# Configure git to use GITHUB_TOKEN for remote operations (has actions:write for workflow files)
|
||||||
git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
|
git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
|
||||||
|
|
||||||
- name: 'Create Patch'
|
- name: 'Create Branches'
|
||||||
id: 'create_patch'
|
id: 'create_branches'
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
||||||
|
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
||||||
|
continue-on-error: true
|
||||||
|
run: |
|
||||||
|
# Capture output and display it in logs using tee
|
||||||
|
{
|
||||||
|
node scripts/releasing/create-patch-pr.js --commit=${{ github.event.inputs.commit }} --channel=${{ github.event.inputs.channel }} --dry-run=${{ github.event.inputs.dry_run }} --skip-pr-creation
|
||||||
|
echo "BRANCH_EXIT_CODE=$?" >> "$GITHUB_OUTPUT"
|
||||||
|
} 2>&1 | tee >(
|
||||||
|
echo "BRANCH_LOG_CONTENT<<EOF" >> "$GITHUB_ENV"
|
||||||
|
cat >> "$GITHUB_ENV"
|
||||||
|
echo "EOF" >> "$GITHUB_ENV"
|
||||||
|
)
|
||||||
|
|
||||||
|
- name: 'Create Pull Request'
|
||||||
|
id: 'create_pr'
|
||||||
|
if: 'always() && steps.create_branches.outputs.BRANCH_EXIT_CODE == 0'
|
||||||
|
env:
|
||||||
GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
|
GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
# Capture output and display it in logs using tee
|
# Capture output and display it in logs using tee
|
||||||
{
|
{
|
||||||
node scripts/releasing/create-patch-pr.js --commit=${{ github.event.inputs.commit }} --channel=${{ github.event.inputs.channel }} --dry-run=${{ github.event.inputs.dry_run }}
|
node scripts/releasing/create-patch-pr.js --commit=${{ github.event.inputs.commit }} --channel=${{ github.event.inputs.channel }} --dry-run=${{ github.event.inputs.dry_run }} --pr-only
|
||||||
echo "EXIT_CODE=$?" >> "$GITHUB_OUTPUT"
|
echo "PR_EXIT_CODE=$?" >> "$GITHUB_OUTPUT"
|
||||||
} 2>&1 | tee >(
|
} 2>&1 | tee >(
|
||||||
echo "LOG_CONTENT<<EOF" >> "$GITHUB_ENV"
|
echo "PR_LOG_CONTENT<<EOF" >> "$GITHUB_ENV"
|
||||||
cat >> "$GITHUB_ENV"
|
cat >> "$GITHUB_ENV"
|
||||||
echo "EOF" >> "$GITHUB_ENV"
|
echo "EOF" >> "$GITHUB_ENV"
|
||||||
)
|
)
|
||||||
@@ -90,20 +107,25 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
||||||
ORIGINAL_PR: '${{ github.event.inputs.original_pr }}'
|
ORIGINAL_PR: '${{ github.event.inputs.original_pr }}'
|
||||||
EXIT_CODE: '${{ steps.create_patch.outputs.EXIT_CODE }}'
|
EXIT_CODE: '${{ steps.create_branches.outputs.BRANCH_EXIT_CODE != 0 && steps.create_branches.outputs.BRANCH_EXIT_CODE || steps.create_pr.outputs.PR_EXIT_CODE }}'
|
||||||
COMMIT: '${{ github.event.inputs.commit }}'
|
COMMIT: '${{ github.event.inputs.commit }}'
|
||||||
CHANNEL: '${{ github.event.inputs.channel }}'
|
CHANNEL: '${{ github.event.inputs.channel }}'
|
||||||
REPOSITORY: '${{ github.repository }}'
|
REPOSITORY: '${{ github.repository }}'
|
||||||
GITHUB_RUN_ID: '${{ github.run_id }}'
|
GITHUB_RUN_ID: '${{ github.run_id }}'
|
||||||
LOG_CONTENT: '${{ env.LOG_CONTENT }}'
|
LOG_CONTENT: '${{ steps.create_branches.outputs.BRANCH_EXIT_CODE != 0 && env.BRANCH_LOG_CONTENT || env.PR_LOG_CONTENT }}'
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
git checkout '${{ github.event.inputs.ref }}'
|
git checkout '${{ github.event.inputs.ref }}'
|
||||||
node scripts/releasing/patch-create-comment.js
|
node scripts/releasing/patch-create-comment.js
|
||||||
|
|
||||||
- name: 'Fail Workflow if Main Task Failed'
|
- name: 'Fail Workflow if Tasks Failed'
|
||||||
if: 'always() && steps.create_patch.outputs.EXIT_CODE != 0'
|
if: 'always() && (steps.create_branches.outputs.BRANCH_EXIT_CODE != 0 || steps.create_pr.outputs.PR_EXIT_CODE != 0)'
|
||||||
run: |
|
run: |
|
||||||
echo "Patch creation failed with exit code: ${{ steps.create_patch.outputs.EXIT_CODE }}"
|
if [[ "${{ steps.create_branches.outputs.BRANCH_EXIT_CODE }}" != "0" ]]; then
|
||||||
|
echo "Branch creation failed with exit code: ${{ steps.create_branches.outputs.BRANCH_EXIT_CODE }}"
|
||||||
|
fi
|
||||||
|
if [[ "${{ steps.create_pr.outputs.PR_EXIT_CODE }}" != "0" ]]; then
|
||||||
|
echo "PR creation failed with exit code: ${{ steps.create_pr.outputs.PR_EXIT_CODE }}"
|
||||||
|
fi
|
||||||
echo "Check the logs above and the comment posted to the original PR for details."
|
echo "Check the logs above and the comment posted to the original PR for details."
|
||||||
exit 1
|
exit 1
|
||||||
|
|||||||
@@ -29,18 +29,44 @@ async function main() {
|
|||||||
type: 'boolean',
|
type: 'boolean',
|
||||||
default: false,
|
default: false,
|
||||||
})
|
})
|
||||||
|
.option('skip-pr-creation', {
|
||||||
|
description: 'Only create branches, skip PR creation.',
|
||||||
|
type: 'boolean',
|
||||||
|
default: false,
|
||||||
|
})
|
||||||
|
.option('pr-only', {
|
||||||
|
description: 'Only create PR, skip branch creation.',
|
||||||
|
type: 'boolean',
|
||||||
|
default: false,
|
||||||
|
})
|
||||||
.help()
|
.help()
|
||||||
.alias('help', 'h').argv;
|
.alias('help', 'h').argv;
|
||||||
|
|
||||||
const { commit, channel, dryRun } = argv;
|
const { commit, channel, dryRun, skipPrCreation, prOnly } = argv;
|
||||||
|
|
||||||
|
// Validate mutually exclusive flags
|
||||||
|
if (skipPrCreation && prOnly) {
|
||||||
|
console.error(
|
||||||
|
'Error: --skip-pr-creation and --pr-only are mutually exclusive.',
|
||||||
|
);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
console.log(`Starting patch process for commit: ${commit}`);
|
console.log(`Starting patch process for commit: ${commit}`);
|
||||||
console.log(`Targeting channel: ${channel}`);
|
console.log(`Targeting channel: ${channel}`);
|
||||||
if (dryRun) {
|
if (dryRun) {
|
||||||
console.log('Running in dry-run mode.');
|
console.log('Running in dry-run mode.');
|
||||||
}
|
}
|
||||||
|
if (skipPrCreation) {
|
||||||
|
console.log('Mode: Branch creation only (skipping PR creation)');
|
||||||
|
}
|
||||||
|
if (prOnly) {
|
||||||
|
console.log('Mode: PR creation only (skipping branch creation)');
|
||||||
|
}
|
||||||
|
|
||||||
run('git fetch --all --tags --prune', dryRun);
|
if (!prOnly) {
|
||||||
|
run('git fetch --all --tags --prune', dryRun);
|
||||||
|
}
|
||||||
|
|
||||||
const latestTag = getLatestTag(channel);
|
const latestTag = getLatestTag(channel);
|
||||||
console.log(`Found latest tag for ${channel}: ${latestTag}`);
|
console.log(`Found latest tag for ${channel}: ${latestTag}`);
|
||||||
@@ -48,6 +74,22 @@ async function main() {
|
|||||||
const releaseBranch = `release/${latestTag}`;
|
const releaseBranch = `release/${latestTag}`;
|
||||||
const hotfixBranch = `hotfix/${latestTag}/${channel}/cherry-pick-${commit.substring(0, 7)}`;
|
const hotfixBranch = `hotfix/${latestTag}/${channel}/cherry-pick-${commit.substring(0, 7)}`;
|
||||||
|
|
||||||
|
// If PR-only mode, skip all branch creation logic
|
||||||
|
if (prOnly) {
|
||||||
|
console.log(
|
||||||
|
'PR-only mode: Skipping branch creation, proceeding to PR creation...',
|
||||||
|
);
|
||||||
|
// Jump to PR creation section
|
||||||
|
return await createPullRequest(
|
||||||
|
hotfixBranch,
|
||||||
|
releaseBranch,
|
||||||
|
commit,
|
||||||
|
channel,
|
||||||
|
dryRun,
|
||||||
|
false,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
// Create the release branch from the tag if it doesn't exist.
|
// Create the release branch from the tag if it doesn't exist.
|
||||||
if (!branchExists(releaseBranch)) {
|
if (!branchExists(releaseBranch)) {
|
||||||
console.log(
|
console.log(
|
||||||
@@ -154,7 +196,43 @@ async function main() {
|
|||||||
console.log(`Pushing hotfix branch ${hotfixBranch} to origin...`);
|
console.log(`Pushing hotfix branch ${hotfixBranch} to origin...`);
|
||||||
run(`git push --set-upstream origin ${hotfixBranch}`, dryRun);
|
run(`git push --set-upstream origin ${hotfixBranch}`, dryRun);
|
||||||
|
|
||||||
// Create the pull request.
|
// If skip-pr-creation mode, stop here
|
||||||
|
if (skipPrCreation) {
|
||||||
|
console.log(
|
||||||
|
'✅ Branch creation completed! Skipping PR creation as requested.',
|
||||||
|
);
|
||||||
|
if (hasConflicts) {
|
||||||
|
console.log(
|
||||||
|
'⚠️ Note: Conflicts were detected during cherry-pick - manual resolution required before PR creation!',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
newBranch: hotfixBranch,
|
||||||
|
created: true,
|
||||||
|
hasConflicts,
|
||||||
|
skippedPR: true,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create the pull request
|
||||||
|
return await createPullRequest(
|
||||||
|
hotfixBranch,
|
||||||
|
releaseBranch,
|
||||||
|
commit,
|
||||||
|
channel,
|
||||||
|
dryRun,
|
||||||
|
hasConflicts,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
async function createPullRequest(
|
||||||
|
hotfixBranch,
|
||||||
|
releaseBranch,
|
||||||
|
commit,
|
||||||
|
channel,
|
||||||
|
dryRun,
|
||||||
|
hasConflicts,
|
||||||
|
) {
|
||||||
console.log(
|
console.log(
|
||||||
`Creating pull request from ${hotfixBranch} to ${releaseBranch}...`,
|
`Creating pull request from ${hotfixBranch} to ${releaseBranch}...`,
|
||||||
);
|
);
|
||||||
|
|||||||
Reference in New Issue
Block a user