From d247647c555cda53d34432041f1d5ba350016fd1 Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Fri, 5 May 2023 17:58:13 +1000 Subject: [PATCH 1/7] feat(ci): add a Rebase Branch workflow to rebase staging on top of main after a package was published --- .github/workflows/_generate-rebase.yaml | 50 +++++++++++++++++++++++++ .github/workflows/release.yaml | 16 ++++++++ 2 files changed, 66 insertions(+) create mode 100644 .github/workflows/_generate-rebase.yaml diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml new file mode 100644 index 00000000..7424bbe6 --- /dev/null +++ b/.github/workflows/_generate-rebase.yaml @@ -0,0 +1,50 @@ +# Automatically rebase one branch branch on top of another; usually staging on top +# of main after a new package version was published. + +name: Rebase branch +on: + workflow_call: + inputs: + to_head: + type: string + required: true + from_base: + type: string + required: true + git_user_name: + required: true + type: string + git_user_email: + required: true + type: string + +permissions: + contents: read + +jobs: + rebase: + runs-on: ubuntu-latest + steps: + + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: Check out repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + with: + fetch-depth: 0 + token: ${{ secrets.REPO_ACCESS_TOKEN }} + ref: ${{ github.ref_name }} + + - name: Do rebase + run: | + git config --global user.name "$USER_NAME" + git config --global user.email "$USER_EMAIL" + git checkout ${{ inputs.to_head }} + git rebase ${{ inputs.from_base }} + git push --force-with-lease + env: + USER_NAME: ${{ inputs.git_user_name }} + USER_EMAIL: ${{ inputs.git_user_email }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1abdca1d..28c57b79 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -251,3 +251,19 @@ jobs: git_user_email: jenstroeger@users.noreply.github.com secrets: REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} + + # Rebase the staging branch on top of the main branch, to keep histories in sync. + rebase_staging: + # if: ${{ false }} + needs: [release] + name: Rebase staging branch on main + uses: ./.github/workflows/_generate-rebase.yaml + permissions: + contents: read + with: + to_head: staging + from_base: origin/main + git_user_name: jenstroeger + git_user_email: jenstroeger@users.noreply.github.com + secrets: + REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} From 7b162f853981cf5af9c0e1b432366f25d334ea6a Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Mon, 15 May 2023 09:39:39 +1000 Subject: [PATCH 2/7] chore: use environment variables to pass input to the job script --- .github/workflows/_generate-rebase.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml index 7424bbe6..69cdb9db 100644 --- a/.github/workflows/_generate-rebase.yaml +++ b/.github/workflows/_generate-rebase.yaml @@ -42,9 +42,11 @@ jobs: run: | git config --global user.name "$USER_NAME" git config --global user.email "$USER_EMAIL" - git checkout ${{ inputs.to_head }} - git rebase ${{ inputs.from_base }} + git checkout "$TO_HEAD" + git rebase "$FROM_BASE" git push --force-with-lease env: USER_NAME: ${{ inputs.git_user_name }} USER_EMAIL: ${{ inputs.git_user_email }} + TO_HEAD: ${{ inputs.to_head }} + FROM_BASE: ${{ inputs.from_base }} From 356b3acfd66905bc552207f3e38e708a41ca2914 Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Tue, 16 May 2023 22:05:24 +1000 Subject: [PATCH 3/7] chore: typo --- .github/workflows/_generate-rebase.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml index 69cdb9db..c8c6b13c 100644 --- a/.github/workflows/_generate-rebase.yaml +++ b/.github/workflows/_generate-rebase.yaml @@ -1,4 +1,4 @@ -# Automatically rebase one branch branch on top of another; usually staging on top +# Automatically rebase one branch on top of another; usually staging on top # of main after a new package version was published. name: Rebase branch From d0fdfa011a52c261a0e590bac86515a2b9f98bdf Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Thu, 18 May 2023 21:59:47 +1000 Subject: [PATCH 4/7] docs: update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4c2b7930..d8441498 100644 --- a/README.md +++ b/README.md @@ -233,7 +233,7 @@ The [sync-with-upstream.yaml](https://github.com/jenstroeger/python-package-temp ## Versioning, publishing and changelog -To enable automation for [semantic versioning](https://semver.org/), package publishing, and changelog generation it is important to use meaningful [conventional commit messages](https://www.conventionalcommits.org/)! This package template already has a built-in semantic release support enabled which is set up to take care of all three of these aspects — every time changes are merged into the `main` branch. +To enable automation for [semantic versioning](https://semver.org/), package publishing, and changelog generation it is important to use meaningful [conventional commit messages](https://www.conventionalcommits.org/)! This package template already has a built-in semantic release support enabled which is set up to take care of all three of these aspects — every time changes are merged into the `main` branch. Furthermore, after a new package was published, the Github Actions workflow rebases the `staging` branch automatically on top of the bumped `main` branch. If you’d like to receive Slack notifications whenever a new release is published, follow the comments in the [Release Notification](https://github.com/jenstroeger/python-package-template/tree/main/.github/workflows/_release-notifications.yaml) Action and set up a Slack bot by following [the instructions here](https://github.com/slackapi/slack-github-action#setup-2). From 7d672a76a53f0899e0bd6c8923aeb21501d4836c Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Sun, 21 May 2023 17:46:45 +1000 Subject: [PATCH 5/7] chore: PR feedback --- .github/workflows/_generate-rebase.yaml | 4 ++++ .github/workflows/release.yaml | 4 +++- README.md | 4 +++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml index c8c6b13c..f8925f69 100644 --- a/.github/workflows/_generate-rebase.yaml +++ b/.github/workflows/_generate-rebase.yaml @@ -8,15 +8,19 @@ on: to_head: type: string required: true + description: Branch that is being rebased from_base: type: string required: true + description: Base branch git_user_name: required: true type: string + description: Name of the git user that rebases and pushes the to_head branch git_user_email: required: true type: string + description: Email address of said git user permissions: contents: read diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 28c57b79..5e8e529e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -252,7 +252,9 @@ jobs: secrets: REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} - # Rebase the staging branch on top of the main branch, to keep histories in sync. + # After the bump commit was pushed to the main branch, rebase the staging branch + # (to_head argument) on top of the new main branch (from_base argument), to keep + # the histories of both both branches in sync. rebase_staging: # if: ${{ false }} needs: [release] diff --git a/README.md b/README.md index d8441498..1dc75876 100644 --- a/README.md +++ b/README.md @@ -233,7 +233,9 @@ The [sync-with-upstream.yaml](https://github.com/jenstroeger/python-package-temp ## Versioning, publishing and changelog -To enable automation for [semantic versioning](https://semver.org/), package publishing, and changelog generation it is important to use meaningful [conventional commit messages](https://www.conventionalcommits.org/)! This package template already has a built-in semantic release support enabled which is set up to take care of all three of these aspects — every time changes are merged into the `main` branch. Furthermore, after a new package was published, the Github Actions workflow rebases the `staging` branch automatically on top of the bumped `main` branch. +To enable automation for [semantic versioning](https://semver.org/), package publishing, and changelog generation it is important to use meaningful [conventional commit messages](https://www.conventionalcommits.org/)! This package template already has a built-in semantic release support enabled which is set up to take care of all three of these aspects — every time changes are pushed to the `main` branch. + +With every package release, a new `bump:` commit is pushed to the `main` branch and tagged with the package’s new version. In addition, the `staging` branch (which this repository uses to stage merged pull requests into for the next release) is rebased on top of the updated `main` branch automatically, so that subsequent pull requests can be merged while keeping a [linear history](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-linear-history). If you’d like to receive Slack notifications whenever a new release is published, follow the comments in the [Release Notification](https://github.com/jenstroeger/python-package-template/tree/main/.github/workflows/_release-notifications.yaml) Action and set up a Slack bot by following [the instructions here](https://github.com/slackapi/slack-github-action#setup-2). From c0dc5566241ff4d8bec88d37687d5507bd7e2f87 Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Sun, 21 May 2023 17:53:06 +1000 Subject: [PATCH 6/7] fix(ci): add missing secret --- .github/workflows/_generate-rebase.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml index f8925f69..d3644643 100644 --- a/.github/workflows/_generate-rebase.yaml +++ b/.github/workflows/_generate-rebase.yaml @@ -21,6 +21,9 @@ on: required: true type: string description: Email address of said git user + secrets: + REPO_ACCESS_TOKEN: + required: true permissions: contents: read From bed3e6978bcafe6f88de0e67f0a2202fbf54136a Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Sun, 21 May 2023 17:56:08 +1000 Subject: [PATCH 7/7] chore: fix typo --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5e8e529e..4c89a4b8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -254,7 +254,7 @@ jobs: # After the bump commit was pushed to the main branch, rebase the staging branch # (to_head argument) on top of the new main branch (from_base argument), to keep - # the histories of both both branches in sync. + # the histories of both branches in sync. rebase_staging: # if: ${{ false }} needs: [release]