qcom-build-utils/.github/workflows/workflows_sync.yml at main · qualcomm-linux/qcom-build-utils · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
name: Workflows Sync
description: |
  Sync workflows from qcom-build-utils/.github/pkg-workflows/** back to the
  Qualcomm package repositories.

on:
  workflow_dispatch:
    inputs:
      confirmation:
        type: boolean
        default: false
        required: true
        description: |
          Tick to confirm creating pull requests to sync workflows from
          qcom-build-utils to the Qualcomm package repositories.
          If not ticked, the workflow will not create any pull requests and will simply print the list of repositories that would have been synced.

permissions:
  contents: write
  pull-requests: write

jobs:
  sync:
    runs-on: ubuntu-latest

    steps:

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          path: qcom-build-utils

      - name: Sync workflows from qcom-build-utils
        id: sync
        env:
          GH_TOKEN: ${{secrets.DEB_PKG_BOT_CI_TOKEN}}
          ORG: qualcomm-linux
          BOT_NAME: ${{vars.DEB_PKG_BOT_CI_NAME}}
          BOT_EMAIL: ${{vars.DEB_PKG_BOT_CI_EMAIL}}
          BOT_USERNAME: ${{vars.DEB_PKG_BOT_CI_USERNAME}}
          CONFIRMATION_INPUT: ${{ inputs.confirmation }}
        run: |
          # Define explicit list of repositories to exclude
          EXCLUDE_REPOS=("pkg-example" \
                         "pkg-oss-staging-repo" \
                         "pkg-linux-firmware" \
                         "pkg-camera-service-temp" \
                         "pkg-gst-plugins-imsdk-temp" \
                         "pkg-kernel-fedora" \
                         "pkg-linux-kernel" \
                         "pkg-workspace" \
                         "pkg-ynancher" \
                         "pkg-linux-qcom-backup" )

          # Array to store created PR URLs
          PR_URLS=()

          # Get the list of Qualcomm package repositories
          repos=$(gh repo list --limit 9999 $ORG --json name --jq '.[] | select(.name | startswith("pkg-")) | .name')

          echo "List of repositories starting with 'pkg-': $repos"

          # pr-pre-post-merge.yml is checked out locally in pkg-workflows/debian/
          DEBIAN_LATEST_WORKFLOW_FILE="$(pwd)/qcom-build-utils/.github/pkg-workflows/debian/pr-pre-post-merge.yml"
          echo "📄 Using pr-pre-post-merge.yml from pkg-workflows/debian/"

          for repo in $repos; do
            # Skip excluded repositories
            if [[ " ${EXCLUDE_REPOS[@]} " =~ " ${repo} " ]]; then
              echo "⏭️ Skipping excluded repository: $repo"
              continue
            fi

            echo "🔄 Checking repo: $repo"

            # Check if the bot account has write or admin permissions
            echo "  🔍 Checking permissions for $BOT_USERNAME on $repo"
            permission_response=$(gh api repos/$ORG/$repo/collaborators/$BOT_USERNAME/permission 2>/dev/null || echo "")

            if [[ -z "$permission_response" ]]; then
              echo "    ⛔ Cannot verify permissions for $BOT_USERNAME on $repo - skipping"
              continue
            fi

            permission_level=$(echo "$permission_response" | jq -r '.permission')

            if [[ "$permission_level" != "admin" && "$permission_level" != "write" ]]; then
              echo "    ⛔ $BOT_USERNAME does not have write/admin permissions on $repo (has: $permission_level) - skipping"
              continue
            fi

            echo "  ✅ $BOT_USERNAME has $permission_level permissions on $repo"

            # Clone the target repository
            gh repo clone "$ORG/$repo" "$repo" 2>&1 | sed 's/^/  /'
            cd "$repo"

            # Detect the default branch (usually 'main' but some repos use 'master')
            default_branch=$(gh api repos/$ORG/$repo --jq '.default_branch')
            echo "  🌿 Default branch for $repo: $default_branch"

            # Configure git to use gh CLI for authentication
            gh auth setup-git
            git config user.name "$BOT_NAME"
            git config user.email "$BOT_EMAIL"

            # Delete the sync branch if it exists from a previous run
            if git ls-remote --exit-code --heads origin sync/qcom-build-utils-workflows > /dev/null 2>&1; then
              echo "    🧹 Deleting existing sync/qcom-build-utils-workflows branch from remote"
              git push origin --delete sync/qcom-build-utils-workflows 2>&1 | sed 's/^/    /'
            fi

            # Track if changes are needed
            isDirty=false

            # Remove legacy per-repo workflows_sync workflow if present.
            # The source of truth is qcom-build-utils/.github/workflows/workflows_sync.yml.
            if [[ -f ".github/workflows/workflows_sync.yml" ]]; then
              echo "    🗑️ Removing deprecated workflows_sync.yml"
              rm ".github/workflows/workflows_sync.yml"
              isDirty=true
            fi

            # Compare and sync workflow files
            for workflow in ../qcom-build-utils/.github/pkg-workflows/main/*.yml; do
              workflow_name=$(basename "$workflow")

              target_workflow=".github/workflows/$workflow_name"

              if [[ -f "$target_workflow" ]]; then
                if diff -q "$workflow" "$target_workflow" > /dev/null; then
                  echo "    ✅ $workflow_name is up to date"
                else
                  echo "    ❌ $workflow_name differs from template"
                  cp "$workflow" "$target_workflow"
                  isDirty=true
                fi
              else
                echo "    + Creating $workflow_name (missing from $repo)"
                mkdir -p ".github/workflows"
                cp "$workflow" "$target_workflow"
                isDirty=true
              fi
            done

              # Create branch, commit, and push main branch changes if needed
              if [[ "$isDirty" == "true" ]]; then
                echo "    📝 Creating branch and committing main branch changes"
                git checkout -b sync/qcom-build-utils-workflows 2>&1 | sed 's/^/    /'
                git add -A .github/workflows/
                git commit -s -m "chore: sync workflows from qcom-build-utils" 2>&1 | sed 's/^/    /'

                if [[ "$CONFIRMATION_INPUT" == "true" ]]; then
                  echo "    🚀 Pushing changes and creating PR for $default_branch"
                  git push origin sync/qcom-build-utils-workflows 2>&1 | sed 's/^/    /'

                  pr_url=$(gh pr create --repo "$ORG/$repo" \
                    --title "chore: sync workflows from qcom-build-utils" \
                    --body "This PR syncs the latest workflows from qcom-build-utils." \
                    --head sync/qcom-build-utils-workflows \
                    --base "$default_branch")

                  PR_URLS+=("$pr_url")
                  echo "    ✅ PR created: $pr_url"
                else
                  echo "    👀 Dry-run mode - No PR will be created for $default_branch"
                fi

                # Return to default branch before debian/* sync
                git checkout "$default_branch" 2>&1 | sed 's/^/    /'
              else
                echo "    ✨ No main branch changes needed for $repo"
              fi

              # Sync pr-pre-post-merge.yml from qcom-build-utils pkg-workflows
              # to every debian/* and qcom/debian/* branch
              debian_branches=$(git branch -r | grep -E 'origin/(qcom/)?debian/' | sed 's|.*origin/||' | tr -d ' ')

              for debian_branch in $debian_branches; do
                # Skip debian/latest itself (it's the source)
                if [[ "$debian_branch" == "debian/latest" ]]; then
                  continue
                fi

                echo "  🌿 Checking pr-pre-post-merge.yml on branch: $debian_branch"
                safe_branch_name="${debian_branch//\//-}"
                debian_sync_branch="sync/qcom-build-utils-pr-merge-${safe_branch_name}"

                # Delete existing sync branch if from a previous run
                if git ls-remote --exit-code --heads origin "$debian_sync_branch" > /dev/null 2>&1; then
                  echo "    🧹 Deleting existing $debian_sync_branch"
                  git push origin --delete "$debian_sync_branch" 2>&1 | sed 's/^/    /'
                fi

                git checkout "$debian_branch" 2>&1 | sed 's/^/    /'

                isDebianDirty=false
                if [[ -f ".github/workflows/pr-pre-post-merge.yml" ]]; then
                  if diff -q "$DEBIAN_LATEST_WORKFLOW_FILE" ".github/workflows/pr-pre-post-merge.yml" > /dev/null; then
                    echo "    ✅ pr-pre-post-merge.yml is up to date on $debian_branch"
                  else
                    echo "    ❌ pr-pre-post-merge.yml differs on $debian_branch"
                    cp "$DEBIAN_LATEST_WORKFLOW_FILE" ".github/workflows/pr-pre-post-merge.yml"
                    isDebianDirty=true
                  fi
                else
                  echo "    + Creating pr-pre-post-merge.yml on $debian_branch (missing)"
                  mkdir -p ".github/workflows"
                  cp "$DEBIAN_LATEST_WORKFLOW_FILE" ".github/workflows/pr-pre-post-merge.yml"
                  isDebianDirty=true
                fi

                if [[ "$isDebianDirty" == "true" ]]; then
                  git checkout -b "$debian_sync_branch" 2>&1 | sed 's/^/    /'
                  git add .github/workflows/pr-pre-post-merge.yml
                  git commit -s -m "chore: sync pr-pre-post-merge from qcom-build-utils" 2>&1 | sed 's/^/    /'

                  if [[ "$CONFIRMATION_INPUT" == "true" ]]; then
                    echo "    🚀 Pushing changes and creating PR for $debian_branch"
                    git push origin "$debian_sync_branch" 2>&1 | sed 's/^/    /'

                    pr_url=$(gh pr create --repo "$ORG/$repo" \
                      --title "chore: sync pr-pre-post-merge from qcom-build-utils" \
                      --body "This PR syncs \`pr-pre-post-merge.yml\` from qcom-build-utils \`.github/pkg-workflows/debian/\`." \
                      --head "$debian_sync_branch" \
                      --base "$debian_branch")

                    PR_URLS+=("$pr_url")
                    echo "    ✅ PR created: $pr_url"
                  else
                    echo "    👀 Dry-run mode - No PR will be created for $debian_branch"
                  fi
                fi
              done

            cd ..
          done

          # Output summary of created PRs
          if [[ "${#PR_URLS[@]}" -gt 0 ]]; then
            echo "🎉 Created PRs for the following repositories:"
            for pr_url in "${PR_URLS[@]}"; do
              echo "  - $pr_url"
            done
          fi