chore: fixes required to run previous release

checkout release_branch before release fix success/failure notifications go back to environment variables
semgrep · Sep 13, 2024 · 0b46384 · 0b46384
1 parent f064d28
commit 0b46384
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 22 deletions.
diff --git a/.github/workflows/start-release.jsonnet b/.github/workflows/start-release.jsonnet
@@ -175,6 +175,8 @@ local check_semgrep_pro_job = {
   },
 };
 
+local release_branch = 'release-%s' % version;
+
 // make the Release PR
 local release_setup_job = {
   needs: [
@@ -187,6 +189,7 @@ local release_setup_job = {
     'pr-number': '${{ steps.open-pr.outputs.pr-number }}',
   },
   env: {
+    BRANCH: release_branch,
     VERSION: version,
   },
   // TODO: again why we need this token? we release from
@@ -201,22 +204,22 @@ local release_setup_job = {
       },
     },
     {
-      run: 'git checkout -b "release-${VERSION}"',
+      run: 'git checkout -b "${BRANCH}"'
     },
     {
       name: 'Push release branch',
       run: |||
         %s
         git add --all
-        git commit -m "chore: release version ${VERSION}"
-        git push --set-upstream origin release-${VERSION}
+        git commit --allow-empty -m "chore: release version ${VERSION}"
+        git push --set-upstream origin ${BRANCH}
       ||| % gha.git_config_user,
     } + unless_dry_run,
     {
       name: 'Create PR',
       id: 'open-pr',
       env: {
-        SOURCE: 'release-%s' % version,
+        SOURCE: release_branch,
         TARGET: '${{ github.event.repository.default_branch }}',
         TITLE: 'Release Version %s' % version,
         GITHUB_TOKEN: semgrep.github_bot.token_ref,
@@ -287,7 +290,7 @@ local create_tag_job = {
       with: {
         submodules: true,
         // checkout the release branch this time
-        ref: 'release-%s' % version,
+        ref: release_branch,
         token: semgrep.github_bot.token_ref,
       },
     },
@@ -332,6 +335,13 @@ local create_draft_release_job = {
     // another. I am sure it is possible, but it isn't easy.  Instead
     // I just made an additional file contained in the repo called
     // OSS/release_changes.md .
+    {
+      uses: 'actions/checkout@v3',
+      with: {
+        ref: release_branch,
+        token: semgrep.github_bot.token_ref,
+      },
+    },
     {
       name: 'Create Draft Release Semgrep',
       uses: 'softprops/action-gh-release@v1',
@@ -418,11 +428,11 @@ local notify_success_job = {
     'bump-semgrep-intellij',
   ],
   'runs-on': 'ubuntu-20.04',
+  env: {
+    VERSION: version,
+  },
   steps: [
     {
-      env: {
-	VERSION: version
-      },
       run: 'echo "${VERSION}"',
     },
     {
@@ -441,10 +451,7 @@ local notify_success_job = {
     },
     {
       name: 'Notify Success on Slack',
-      env: {
-        VERSION: version
-      },
-      run: semgrep.slack.curl_notify('Release Validation for ${VERSION} has succeeded! Please review the PRs in semgrep-app, semgrep-rpc, and semgrep-action that were generated by this workflow.'),
+      run: semgrep.slack.curl_notify("Release Validation for ${VERSION} has succeeded! Please review the PRs in semgrep-app, semgrep-rpc, and semgrep-action that were generated by this workflow."),
     },
   ],
 };
@@ -477,7 +484,7 @@ local notify_success_job = {
     'notify-success': notify_success_job,
     'notify-failure':
       semgrep.slack.notify_failure_job(
-        'Release Validation has failed for version ${VERSION}. Please see https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} for more details!'
+        "Release Validation has failed for version ${VERSION}. Please see https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} for more details!"
          ) + {
          env: {
 	  VERSION: version

diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml
@@ -232,6 +232,10 @@ jobs:
           jq -r .token)"
           echo "::add-mask::$TOKEN"
           echo "token=$TOKEN" >> $GITHUB_OUTPUT
+      - uses: actions/checkout@v3
+        with:
+          ref: release-${{ github.event.inputs.semgrep-version }}
+          token: ${{ steps.token.outputs.token }}
       - name: Create Draft Release Semgrep
         uses: softprops/action-gh-release@v1
         with:
@@ -325,6 +329,8 @@ jobs:
              "text": "Release Validation has failed for version ${VERSION}. Please see https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} for more details!"
            }'
   notify-success:
+    env:
+      VERSION: ${{ github.event.inputs.semgrep-version }}
     if: ${{ success() && ! inputs.dry-run }}
     needs:
       - check-version
@@ -337,19 +343,15 @@ jobs:
       - bump-semgrep-intellij
     runs-on: ubuntu-20.04
     steps:
-      - env:
-          VERSION: ${{ github.event.inputs.semgrep-version }}
-        run: echo "${VERSION}"
+      - run: echo "${VERSION}"
       - env:
           VERSION: ${{ github.event.inputs.semgrep-version }}
         name: Notify Success on Twitter
         run: |
           # POST a webhook to Zapier to allow for public notifications to our users via Twitter
           curl "${{ secrets.ZAPIER_WEBHOOK_URL }}" \
             -d '{"version":"${VERSION}","changelog_url":"https://github.com/returntocorp/semgrep/releases/tag/v${VERSION}"}'
-      - env:
-          VERSION: ${{ github.event.inputs.semgrep-version }}
-        name: Notify Success on Slack
+      - name: Notify Success on Slack
         run: |
           curl --request POST \
            --url  ${{ secrets.NOTIFICATIONS_URL }} \
@@ -359,6 +361,7 @@ jobs:
            }'
   release-setup:
     env:
+      BRANCH: release-${{ github.event.inputs.semgrep-version }}
       VERSION: ${{ github.event.inputs.semgrep-version }}
     needs:
       - check-version
@@ -389,16 +392,16 @@ jobs:
           ref: ${{ github.event.repository.default_branch }}
           submodules: recursive
           token: ${{ steps.token.outputs.token }}
-      - run: git checkout -b "release-${VERSION}"
+      - run: git checkout -b "${BRANCH}"
       - if: ${{ ! inputs.dry-run }}
         name: Push release branch
         run: |
           git config user.name ${{ github.actor }}
           git config user.email ${{ github.actor }}@users.noreply.github.com
 
           git add --all
-          git commit -m "chore: release version ${VERSION}"
-          git push --set-upstream origin release-${VERSION}
+          git commit --allow-empty -m "chore: release version ${VERSION}"
+          git push --set-upstream origin ${BRANCH}
       - env:
           GITHUB_TOKEN: ${{ steps.token.outputs.token }}
           SOURCE: release-${{ github.event.inputs.semgrep-version }}