mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-19 13:41:10 +02:00
d595a95c01
After the merge workflow has been reversed and branches hosted in
`hashicorp/vault` are downstream from community branches hosted in
`hashicorp/vault-enterprise`, most contributions to the source code
will originate in `hashicorp/vault-enterprise` and be backported to
a community branch in hosted in `hashicorp/vault-enterprise`. These
community branches will be considered the primary source of truth and
we'll automatically push changes from them to mirrors hosted in
`hashicorp/vault`.
This workflow ought to yield a massive efficiency boost for HashiCorp
contributors with access to `hashicorp/vault-enterprise`. Before the
workflow would look something like:
- Develop a change in vault-enterprise
- Manually extract relevant changes from your vault-enterprise branch
into a new community vault branch.
- Add any stubs that might be required so as to support any enterprise
only changes.
- Get the community change reviewed. If changes are necessary it often
means changing and testing them on both the enteprise and community
branches.
- Merge the community change
- Wait for it to sync to enterprise
- *Hope you changes have not broken the build*. If they have, fix the
build.
- Update your enterprise branch
- Get the enterprise branch reviewed again
- Merge enterprise change
- Deal with complicated backports.
After the workflow will look like:
- Develop the change on enterprise
- Get the change reviewed
- Address feedback and test on the same branch
- Merge the change
- Automation will extract community changes and create a community
backport PR for you depending on changes files and branch
activeness.
- Automation will create any enterprise backports for you.
- Fix any backport as necessary
- Merge the changes
- The pipeline will automatically push the changes to the community
branch mirror hosted in hashicorp/vault.
No more
- Duplicative reviews
- Risky merges
- Waiting for changes to sync from community to enterprise
- Manual decompistion of changes from enterprise and community
- *Doing the same PR 3 times*
- Dealing with a different backport process depending on which branches
are active or not.
These changes do come at cost however. Since they always originate from
`vault-enterprise` only HashiCorp employees can take advatange of the
workflow. We need to be able to support community contributions that
originate from the mirrors but retain attribution.
That's what this PR is designed to do. The community will be able to
open a pull request as normal and have it reviewed as such, but rather
than merging it into the mirror we'll instead copy the PR and open it
against the corresponding enterprise base branch and have it merged it
from there. The change will automatically get backported to the
community branch if necessary, which eventually makes it back to the
mirror in hashicorp/vault.
To handle our squash merge workflow while retaining the correct
attribution, we'll automatically create merge commits in the copied PR
that include `Co-Authored-By:` trailers for all commit authors on the
original PR.
We also take care to ensure that the HashiCorp maitainers that approve
the PR and/or are assigned to it are also assigned to the copied PR.
This change is only the tooling to enable it. The workflow that drives
it will be implemented in VAULT-34827.
Signed-off-by: Ryan Cragun <me@ryan.ec>
157 lines
4.7 KiB
Go
157 lines
4.7 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package github
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"log/slog"
|
|
"os"
|
|
"strings"
|
|
|
|
libgit "github.com/hashicorp/vault/tools/pipeline/internal/pkg/git"
|
|
slogctx "github.com/veqryn/slog-context"
|
|
)
|
|
|
|
// ensureGitRepoDir repoDir verifies that the `dir` exists and is a directory.
|
|
// If the `dir` is unset, a temporary directory will be created. A boolean
|
|
// is returned which can be used to determine whether or not the path returned
|
|
// is a temporary directory.
|
|
func ensureGitRepoDir(ctx context.Context, dir string) (string, error, bool) {
|
|
if dir == "" {
|
|
slog.Default().DebugContext(ctx, "creating repository directory")
|
|
dir, err := os.MkdirTemp("", "pipeline-cmd-git-rep-dir")
|
|
return dir, err, true
|
|
}
|
|
|
|
ctx = slogctx.Append(ctx, slog.String("repo-dir", dir))
|
|
slog.Default().DebugContext(ctx, "verifying repository directory")
|
|
info, err := os.Stat(dir)
|
|
if err != nil {
|
|
return dir, fmt.Errorf("stating repository directory: %w", err), false
|
|
}
|
|
|
|
if !info.IsDir() {
|
|
return dir, errors.New("repo dir must be a directory"), false
|
|
}
|
|
|
|
return dir, nil, false
|
|
}
|
|
|
|
// initializeExistingRepo initializes an existing repository. It assumes that
|
|
// at least one remote origin exists and that some branch is checked out. If
|
|
// the current branch is our baseRef we'll pull in the latest changes, otherwise
|
|
// we'll fetch baseRef.
|
|
func initializeExistingRepo(
|
|
ctx context.Context,
|
|
git *libgit.Client,
|
|
repoDir string,
|
|
baseOrigin string,
|
|
baseRef string,
|
|
) error {
|
|
ctx = slogctx.Append(ctx,
|
|
slog.String("repo-dir", repoDir),
|
|
slog.String("base-origin", baseOrigin),
|
|
slog.String("base-ref", baseRef),
|
|
)
|
|
// We've been given an already initialized git directory. We'll have to
|
|
// assume it's the correct repo that has been cloned.
|
|
slog.Default().WarnContext(ctx, "using an already initialized git repository")
|
|
|
|
slog.Default().DebugContext(ctx, "changing working directory to repository dir")
|
|
err := os.Chdir(repoDir)
|
|
if err != nil {
|
|
return fmt.Errorf("changing directory to the repository dir: %w", err)
|
|
}
|
|
|
|
// Determine if we're on the correct branch. If we are, pull it, otherwise
|
|
// fetch it.
|
|
slog.Default().DebugContext(ctx, "getting existing repo current branch")
|
|
res, err := git.Branch(ctx, &libgit.BranchOpts{
|
|
NoColor: true,
|
|
ShowCurrent: true,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("getting existing repo current branch: %w", err)
|
|
}
|
|
|
|
if strings.TrimSpace(string(res.Stdout)) == baseRef {
|
|
// Our existing repo is already checked out to correct branch.
|
|
// Fetch the base ref to make sure our existing repository has the necessary
|
|
// objects and references we'll need to cherry-pick the commits to our
|
|
// branch.
|
|
slog.Default().DebugContext(ctx, "pulling in latest changes")
|
|
res, err := git.Pull(ctx, &libgit.PullOpts{
|
|
Refspec: []string{baseOrigin, baseRef},
|
|
Autostash: true,
|
|
SetUpstream: true,
|
|
Rebase: libgit.RebaseStrategyTrue,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("pulling repo current branch: %s: %w", res.String(), err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Fetch the base ref to make sure our existing repository has the necessary
|
|
// objects and references.
|
|
slog.Default().DebugContext(ctx, "fetching repository base ref")
|
|
res, err = git.Fetch(ctx, &libgit.FetchOpts{
|
|
// Fetch the ref but also provide a local tracking branch of the same name
|
|
// e.g. "git fetch origin main:main"
|
|
Refspec: []string{baseOrigin, fmt.Sprintf("%s:%s", baseRef, baseRef)},
|
|
SetUpstream: true,
|
|
Porcelain: true,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("fetching base ref: %s: %w", res.String(), err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// initializeNewRepo initializes a new repository by cloning the repo fetching
|
|
// the `baseRef`.
|
|
func initializeNewRepo(
|
|
ctx context.Context,
|
|
git *libgit.Client,
|
|
repoDir string,
|
|
owner string,
|
|
repo string,
|
|
baseOrigin string,
|
|
baseRef string,
|
|
) error {
|
|
cloneURL := fmt.Sprintf("https://github.com/%s/%s.git", owner, repo)
|
|
slog.Default().DebugContext(slogctx.Append(ctx,
|
|
slog.String("owner", owner),
|
|
slog.String("repo", repo),
|
|
slog.String("base-origin", baseOrigin),
|
|
slog.String("base-ref", baseRef),
|
|
slog.String("repo-dir", repoDir),
|
|
slog.String("repo-url", cloneURL),
|
|
), "initializing new clone of repository")
|
|
|
|
res, err := git.Clone(ctx, &libgit.CloneOpts{
|
|
Repository: cloneURL,
|
|
Directory: repoDir,
|
|
Origin: baseOrigin,
|
|
Branch: baseRef,
|
|
SingleBranch: true,
|
|
NoCheckout: true,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("cloning repository: %s: %w", res.String(), err)
|
|
}
|
|
|
|
slog.Default().DebugContext(ctx, "changing working directory to repo-dir")
|
|
err = os.Chdir(repoDir)
|
|
if err != nil {
|
|
return fmt.Errorf("changing directory to the repository dir: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|