94 lines
2.8 KiB
YAML
94 lines
2.8 KiB
YAML
name: promote canary -> main
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
dry_run:
|
|
type: boolean
|
|
default: false
|
|
description: "Show what would change, but don't push"
|
|
src:
|
|
type: string
|
|
default: canary
|
|
description: 'Source branch'
|
|
dst:
|
|
type: string
|
|
default: main
|
|
description: 'Destination branch'
|
|
|
|
concurrency:
|
|
group: promote-${{ inputs.dst }}
|
|
cancel-in-progress: false
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
promote:
|
|
runs-on: blacksmith-2vcpu-ubuntu-2404
|
|
timeout-minutes: 10
|
|
|
|
steps:
|
|
- name: Create GitHub App token
|
|
id: app-token
|
|
uses: actions/create-github-app-token@v1
|
|
with:
|
|
app-id: ${{ secrets.PROMOTE_APP_ID }}
|
|
private-key: ${{ secrets.PROMOTE_APP_PRIVATE_KEY }}
|
|
|
|
- name: Checkout source
|
|
uses: actions/checkout@v6
|
|
with:
|
|
ref: ${{ inputs.src }}
|
|
fetch-depth: 0
|
|
token: ${{ steps.app-token.outputs.token }}
|
|
|
|
- name: Verify ff-only + summarize
|
|
id: verify
|
|
run: |
|
|
set -euo pipefail
|
|
src="${{ inputs.src }}"
|
|
dst="${{ inputs.dst }}"
|
|
|
|
git fetch origin "${dst}" "${src}" --prune
|
|
|
|
# Ensure HEAD is exactly origin/src
|
|
git reset --hard "origin/${src}"
|
|
|
|
# FF-only requirement: dst must be an ancestor of src
|
|
if ! git merge-base --is-ancestor "origin/${dst}" "origin/${src}"; then
|
|
echo "::error::Cannot fast-forward: origin/${dst} is not an ancestor of origin/${src} (branches diverged)."
|
|
exit 1
|
|
fi
|
|
|
|
ahead="$(git rev-list --count "origin/${dst}..origin/${src}")"
|
|
echo "ahead=$ahead" >> "$GITHUB_OUTPUT"
|
|
|
|
{
|
|
echo "## Promote \`${src}\` → \`${dst}\` (ff-only)"
|
|
echo ""
|
|
echo "- \`${dst}\`: \`$(git rev-parse "origin/${dst}")\`"
|
|
echo "- \`${src}\`: \`$(git rev-parse "origin/${src}")\`"
|
|
echo "- Commits to promote: **${ahead}**"
|
|
echo ""
|
|
echo "### Commits"
|
|
if [ "$ahead" -eq 0 ]; then
|
|
echo "_Nothing to promote._"
|
|
else
|
|
git log --oneline --decorate "origin/${dst}..origin/${src}"
|
|
fi
|
|
} >> "$GITHUB_STEP_SUMMARY"
|
|
|
|
- name: Push fast-forward
|
|
if: ${{ steps.verify.outputs.ahead != '0' && inputs.dry_run != true }}
|
|
run: |
|
|
set -euo pipefail
|
|
dst="${{ inputs.dst }}"
|
|
# Push src HEAD to dst (no merge commit, same SHAs)
|
|
git push origin "HEAD:refs/heads/${dst}"
|
|
|
|
- name: Dry run / no-op
|
|
if: ${{ steps.verify.outputs.ahead == '0' || inputs.dry_run == true }}
|
|
run: |
|
|
echo "No push performed (dry_run=${{ inputs.dry_run }}, ahead=${{ steps.verify.outputs.ahead }})."
|