From 6940eea7428b1779b37dbe8823f8105009a40f35 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 11:55:26 +0200 Subject: [PATCH 1/8] fix: specify secrets correctly --- .github/workflows/create-cli-pr.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-cli-pr.yaml b/.github/workflows/create-cli-pr.yaml index 52c1bed4a..133ca960e 100644 --- a/.github/workflows/create-cli-pr.yaml +++ b/.github/workflows/create-cli-pr.yaml @@ -23,6 +23,6 @@ jobs: - name: Create PR in CLI to integrate LS env: - GH_TOKEN: ${{ HAMMERHEAD_GITHUB_PAT_SNYKLS }} + GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} run: | .github/create-cli-pr.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 001c307a9..9e6b561b7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -155,6 +155,6 @@ jobs: - name: Create PR in CLI to integrate LS env: - GH_TOKEN: ${{ HAMMERHEAD_GITHUB_PAT_SNYKLS }} + GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} run: | .github/create-cli-pr.sh From 1a9338636618a14a927b6e3d3395907bb878e65d Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 12:01:02 +0200 Subject: [PATCH 2/8] fix: create pr workflow steps --- .github/workflows/create-cli-pr.yaml | 1 + .github/workflows/release.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/create-cli-pr.yaml b/.github/workflows/create-cli-pr.yaml index 133ca960e..dcb3ebb52 100644 --- a/.github/workflows/create-cli-pr.yaml +++ b/.github/workflows/create-cli-pr.yaml @@ -24,5 +24,6 @@ jobs: - name: Create PR in CLI to integrate LS env: GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} + GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} run: | .github/create-cli-pr.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9e6b561b7..9fb174653 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -156,5 +156,6 @@ jobs: - name: Create PR in CLI to integrate LS env: GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} + GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} run: | .github/create-cli-pr.sh From 4c4c6e9cf282c92af601b295ec39a82129ec7413 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 13:44:04 +0200 Subject: [PATCH 3/8] fix: use ssh for cloning cli repo --- .github/create-cli-pr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh index e21766da8..e519bd3f0 100755 --- a/.github/create-cli-pr.sh +++ b/.github/create-cli-pr.sh @@ -18,7 +18,7 @@ set -ex CLI_DIR=$(mktemp -d) -git clone --depth 1 https://github.com/snyk/cli $CLI_DIR +git clone --depth 1 git@github.com:snyk/cli.git $CLI_DIR pushd $CLI_DIR UPGRADE=$(go run scripts/upgrade-snyk-go-dependencies.go --name=snyk-ls) LS_VERSION=$(echo $UPGRADE | sed 's/.*Sha: \(.*\) URL.*/\1/') From 2d24a06e901df365fec6201e2abc846ce36f9ef3 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 13:47:36 +0200 Subject: [PATCH 4/8] fix: use gh cli for cloning --- .github/create-cli-pr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh index e519bd3f0..c13d00e58 100755 --- a/.github/create-cli-pr.sh +++ b/.github/create-cli-pr.sh @@ -18,7 +18,7 @@ set -ex CLI_DIR=$(mktemp -d) -git clone --depth 1 git@github.com:snyk/cli.git $CLI_DIR +gh repo clone snyk/cli $CLI_DIR pushd $CLI_DIR UPGRADE=$(go run scripts/upgrade-snyk-go-dependencies.go --name=snyk-ls) LS_VERSION=$(echo $UPGRADE | sed 's/.*Sha: \(.*\) URL.*/\1/') From 910765a45eebe4af87a708c6c52f219576b93286 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 14:15:26 +0200 Subject: [PATCH 5/8] fix: try to push using ssh --- .github/create-cli-pr.sh | 6 +++--- .github/workflows/create-cli-pr.yaml | 7 ++++++- .github/workflows/release.yaml | 4 ++++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh index c13d00e58..fe8a4361a 100755 --- a/.github/create-cli-pr.sh +++ b/.github/create-cli-pr.sh @@ -18,15 +18,15 @@ set -ex CLI_DIR=$(mktemp -d) -gh repo clone snyk/cli $CLI_DIR +gh repo clone git@github.com:snyk/cli.git $CLI_DIR -- --depth=1 pushd $CLI_DIR UPGRADE=$(go run scripts/upgrade-snyk-go-dependencies.go --name=snyk-ls) LS_VERSION=$(echo $UPGRADE | sed 's/.*Sha: \(.*\) URL.*/\1/') BRANCH=feat/automatic-upgrade-of-ls-to-$LS_VERSION git checkout -b $BRANCH - git config --global user.email "team-ide-user@snyk.io" - git config --global user.name "Snyk Team IDE User" + git config --global user.email "team-ide@snyk.io" + git config --global user.name "Snyk Team IDE" git commit -am "feat: automatic integration of language server $LS_VERSION" git push --set-upstream origin $BRANCH diff --git a/.github/workflows/create-cli-pr.yaml b/.github/workflows/create-cli-pr.yaml index dcb3ebb52..3e7bc9700 100644 --- a/.github/workflows/create-cli-pr.yaml +++ b/.github/workflows/create-cli-pr.yaml @@ -21,9 +21,14 @@ jobs: with: go-version: ${{ env.GO_VERSION }} + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }} + - name: Create PR in CLI to integrate LS env: GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} - GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} + GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}TEAM_IDE_USER_SSH + run: | .github/create-cli-pr.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9fb174653..6f630b520 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -153,6 +153,10 @@ jobs: run: | .github/upload-to-s3.sh + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }} + - name: Create PR in CLI to integrate LS env: GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} From c6e0b80256f197640f8e679bfc3ddb3d5c12e1b2 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 14:23:28 +0200 Subject: [PATCH 6/8] fix: gh create command --- .github/create-cli-pr.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh index fe8a4361a..072abfc09 100755 --- a/.github/create-cli-pr.sh +++ b/.github/create-cli-pr.sh @@ -23,6 +23,7 @@ pushd $CLI_DIR UPGRADE=$(go run scripts/upgrade-snyk-go-dependencies.go --name=snyk-ls) LS_VERSION=$(echo $UPGRADE | sed 's/.*Sha: \(.*\) URL.*/\1/') BRANCH=feat/automatic-upgrade-of-ls-to-$LS_VERSION + BASE=$(git log --pretty=tformat:"%h" -n1 .) git checkout -b $BRANCH git config --global user.email "team-ide@snyk.io" @@ -32,5 +33,5 @@ pushd $CLI_DIR git push --set-upstream origin $BRANCH COMMIT_HASH=$(git log --pretty=tformat:"%h" -n1 .) - gh pr create --repo github.com/snyk/cli --base main --fill-verbose --head $COMMIT_HASH --title "feat(language-server): integrate LS (automatic PR) ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')" + gh pr create --repo github.com/snyk/cli --base $BASE --head $COMMIT_HASH --title "feat(language-server): integrate LS ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')" popd From 96458de1f6d3070357edaa744e0639ac62f08041 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 14:43:51 +0200 Subject: [PATCH 7/8] fix: gh create command #2 --- .github/create-cli-pr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh index 072abfc09..9fe8cbbd0 100755 --- a/.github/create-cli-pr.sh +++ b/.github/create-cli-pr.sh @@ -33,5 +33,5 @@ pushd $CLI_DIR git push --set-upstream origin $BRANCH COMMIT_HASH=$(git log --pretty=tformat:"%h" -n1 .) - gh pr create --repo github.com/snyk/cli --base $BASE --head $COMMIT_HASH --title "feat(language-server): integrate LS ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')" + gh pr create --repo github.com/snyk/cli --base main --head $BRANCH --title "feat(language-server): integrate LS ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')" popd From 6fc4e11ce143ae72e43fc77004f76158c7e26b35 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 19 Jun 2024 15:02:07 +0200 Subject: [PATCH 8/8] feat: add commit signing via ssh --- .github/create-cli-pr.sh | 5 +++++ .github/workflows/create-cli-pr.yaml | 4 ++-- .github/workflows/release.yaml | 1 + 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh index 9fe8cbbd0..3ddb9ac0a 100755 --- a/.github/create-cli-pr.sh +++ b/.github/create-cli-pr.sh @@ -28,6 +28,11 @@ pushd $CLI_DIR git config --global user.email "team-ide@snyk.io" git config --global user.name "Snyk Team IDE" + git config --global gpg.format ssh + git config --global commit.gpgsign true + + echo $PUB_SIGNING_KEY > signingkey.pub + git config --global user.signingkey ./signingkey.pub git commit -am "feat: automatic integration of language server $LS_VERSION" git push --set-upstream origin $BRANCH diff --git a/.github/workflows/create-cli-pr.yaml b/.github/workflows/create-cli-pr.yaml index 3e7bc9700..db620ba57 100644 --- a/.github/workflows/create-cli-pr.yaml +++ b/.github/workflows/create-cli-pr.yaml @@ -28,7 +28,7 @@ jobs: - name: Create PR in CLI to integrate LS env: GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} - GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}TEAM_IDE_USER_SSH - + GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} + PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }} run: | .github/create-cli-pr.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6f630b520..7c17b8faa 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -161,5 +161,6 @@ jobs: env: GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }} + PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }} run: | .github/create-cli-pr.sh