|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +# Copyright 2026 The kpt Authors |
| 4 | +# |
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | +# you may not use this file except in compliance with the License. |
| 7 | +# You may obtain a copy of the License at |
| 8 | +# |
| 9 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | +# |
| 11 | +# Unless required by applicable law or agreed to in writing, software |
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | +# See the License for the specific language governing permissions and |
| 15 | +# limitations under the License. |
| 16 | + |
| 17 | +# Manual patch release for functions/go KRM functions (used by GitHub Actions and runnable locally). |
| 18 | +# |
| 19 | +# Creates a GitHub Release (and the semver tag on the server at GITHUB_SHA) via `gh`. Image build, |
| 20 | +# short tag creation, and appending the container image to release notes are left to workflows |
| 21 | +# that run on tag push (e.g. after-tag-with-version.yaml, release.yaml). Use a GitHub App |
| 22 | +# installation access token or PAT for GH_TOKEN in CI so those workflows are triggered; |
| 23 | +# GITHUB_TOKEN-created tag/release events do not start them. |
| 24 | +# |
| 25 | +# Environment (required unless noted): |
| 26 | +# MANUAL_PATCH_FUNCTIONS Comma-separated function names (must match output of: make list-functions), |
| 27 | +# or the single word "all" (case-insensitive) to release every name from |
| 28 | +# `make list-functions`. With "all", functions with no prior |
| 29 | +# functions/go/<name>/vMAJOR.MINOR.PATCH tag are skipped with a notice. |
| 30 | +# GITHUB_REPOSITORY owner/repo (e.g. kptdev/krm-functions-catalog). |
| 31 | +# GITHUB_SHA Commit SHA for the new tag and release target. |
| 32 | +# GH_TOKEN GitHub App installation token or PAT for gh release create — required |
| 33 | +# when not in dry-run; must allow creating releases and tags on the repo. |
| 34 | +# |
| 35 | +# Optional: |
| 36 | +# MANUAL_PATCH_DRY_RUN If "true", only print planned versions (no gh calls). |
| 37 | +# |
| 38 | +# Prerequisites: gh, git; remote `origin` must exist for non dry-run. |
| 39 | + |
| 40 | +set -euo pipefail |
| 41 | + |
| 42 | +scripts_dir="$(cd "$(dirname "$0")" && pwd)" |
| 43 | +repo_root="$(cd "${scripts_dir}/.." && pwd)" |
| 44 | +cd "${repo_root}" |
| 45 | + |
| 46 | +functions_input="${MANUAL_PATCH_FUNCTIONS:-}" |
| 47 | +repo="${GITHUB_REPOSITORY:-}" |
| 48 | +sha="${GITHUB_SHA:-}" |
| 49 | +dry_run="${MANUAL_PATCH_DRY_RUN:-false}" |
| 50 | + |
| 51 | +if [[ -z "$functions_input" ]]; then |
| 52 | + echo "::error::MANUAL_PATCH_FUNCTIONS is not set" >&2 |
| 53 | + exit 1 |
| 54 | +fi |
| 55 | +if [[ -z "$repo" ]]; then |
| 56 | + echo "::error::GITHUB_REPOSITORY is not set" >&2 |
| 57 | + exit 1 |
| 58 | +fi |
| 59 | +if [[ -z "$sha" ]]; then |
| 60 | + echo "::error::GITHUB_SHA is not set" >&2 |
| 61 | + exit 1 |
| 62 | +fi |
| 63 | + |
| 64 | +if [[ "$dry_run" != "true" ]] && [[ -z "${GH_TOKEN:-}" ]]; then |
| 65 | + echo "::error::GH_TOKEN is required when not in dry-run (GitHub App installation token or PAT with permission to create releases and tags)" >&2 |
| 66 | + exit 1 |
| 67 | +fi |
| 68 | + |
| 69 | +# Same names as FUNCTIONS in functions/go/Makefile (see target list-functions). |
| 70 | +mapfile -t allowed < <(make -s list-functions) |
| 71 | + |
| 72 | +if [[ ${#allowed[@]} -eq 0 ]]; then |
| 73 | + echo "::error::make list-functions produced no output" >&2 |
| 74 | + exit 1 |
| 75 | +fi |
| 76 | + |
| 77 | +_trim_space() { |
| 78 | + local s="$1" |
| 79 | + s="${s#"${s%%[![:space:]]*}"}" |
| 80 | + s="${s%"${s##*[![:space:]]}"}" |
| 81 | + printf '%s' "$s" |
| 82 | +} |
| 83 | + |
| 84 | +is_allowed() { |
| 85 | + local n="$1" |
| 86 | + for a in "${allowed[@]}"; do |
| 87 | + [[ "$n" == "$a" ]] && return 0 |
| 88 | + done |
| 89 | + return 1 |
| 90 | +} |
| 91 | + |
| 92 | +outer_trim="$(_trim_space "${functions_input}")" |
| 93 | +declare -a functions=() |
| 94 | +expand_all=0 |
| 95 | + |
| 96 | +# Bulk mode: every function from `make list-functions`. |
| 97 | +if [[ "${outer_trim,,}" == "all" ]]; then |
| 98 | + expand_all=1 |
| 99 | + functions=("${allowed[@]}") |
| 100 | +else |
| 101 | + # Explicit list: comma-separated names (strict if missing tags). |
| 102 | + IFS=',' read -ra raw_parts <<< "${functions_input}" |
| 103 | + for part in "${raw_parts[@]}"; do |
| 104 | + fn="$(_trim_space "$part")" |
| 105 | + [[ -z "$fn" ]] && continue |
| 106 | + if ! is_allowed "$fn"; then |
| 107 | + echo "::error::Function '$fn' is not in output of: make list-functions" >&2 |
| 108 | + exit 1 |
| 109 | + fi |
| 110 | + functions+=("$fn") |
| 111 | + done |
| 112 | +fi |
| 113 | + |
| 114 | +mapfile -t functions < <(printf '%s\n' "${functions[@]}" | sort -u) |
| 115 | + |
| 116 | +if [[ ${#functions[@]} -eq 0 ]]; then |
| 117 | + echo "::error::No function names after parsing MANUAL_PATCH_FUNCTIONS" >&2 |
| 118 | + exit 1 |
| 119 | +fi |
| 120 | + |
| 121 | +for fn in "${functions[@]}"; do |
| 122 | + echo "===== ${fn} =====" |
| 123 | + |
| 124 | + # Latest strict SemVer long tag for this function (sort -V orders versions correctly). |
| 125 | + prev_long="$( |
| 126 | + git tag -l "functions/go/${fn}/v*" --sort=v:refname | |
| 127 | + grep -E -- '/v[0-9]+\.[0-9]+\.[0-9]+$' | |
| 128 | + tail -n 1 || true |
| 129 | + )" |
| 130 | + |
| 131 | + if [[ -z "${prev_long}" ]]; then |
| 132 | + if [[ "${expand_all}" -eq 1 ]]; then |
| 133 | + echo "::notice::Skipping ${fn}: no prior semver tag functions/go/${fn}/vMAJOR.MINOR.PATCH" |
| 134 | + continue |
| 135 | + fi |
| 136 | + echo "::error::No prior semver tag functions/go/${fn}/vMAJOR.MINOR.PATCH; cannot infer next patch." >&2 |
| 137 | + exit 1 |
| 138 | + fi |
| 139 | + |
| 140 | + ver="${prev_long##*/}" |
| 141 | + v="${ver#v}" |
| 142 | + IFS=. read -r major minor patch <<< "${v}" |
| 143 | + next_ver="v${major}.${minor}.$((patch + 1))" |
| 144 | + long_tag="functions/go/${fn}/${next_ver}" |
| 145 | + release_title="${fn} ${next_ver}" |
| 146 | + |
| 147 | + echo "Previous: ${prev_long} -> Next: ${long_tag}" |
| 148 | + |
| 149 | + if [[ "$dry_run" == "true" ]]; then |
| 150 | + echo "(dry_run) would run: gh release create \"${long_tag}\" --repo \"${repo}\" --target \"${sha}\" --title \"${release_title}\" --generate-notes --notes-start-tag \"${prev_long}\"" |
| 151 | + continue |
| 152 | + fi |
| 153 | + |
| 154 | + if [[ -n "$(git ls-remote origin "refs/tags/${long_tag}")" ]]; then |
| 155 | + echo "::error::Tag ${long_tag} already exists on origin" >&2 |
| 156 | + exit 1 |
| 157 | + fi |
| 158 | + |
| 159 | + gh release create "${long_tag}" \ |
| 160 | + --repo "${repo}" \ |
| 161 | + --target "${sha}" \ |
| 162 | + --title "${release_title}" \ |
| 163 | + --generate-notes \ |
| 164 | + --notes-start-tag "${prev_long}" |
| 165 | +done |
0 commit comments