Merge pull request #9885 from Expensify/update-staging-from-main

Update version to 1.1.84-5 on staging
Expensify · Jul 13, 2022 · abf8fa8 · abf8fa8
2 parents d59a97d + 6d8ee00
commit abf8fa8
Show file tree

Hide file tree

Showing 39 changed files with 818 additions and 529 deletions.
diff --git a/.github/actions/composite/updateProtectedBranch/action.yml b/.github/actions/composite/updateProtectedBranch/action.yml
@@ -47,14 +47,19 @@ runs:
           echo "SOURCE_BRANCH=${{ inputs.SOURCE_BRANCH }}" >> "$GITHUB_ENV"
         fi
 
+    # Version: 3.0.2
+    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      with:
+        ref: ${{ env.SOURCE_BRANCH }}
+        fetch-depth: 0
+
     - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
       with:
         GPG_PASSPHRASE: ${{ inputs.GPG_PASSPHRASE }}
 
     - name: Update target and source branches
       shell: bash
       run: |
-        git fetch
         git checkout ${{ inputs.TARGET_BRANCH }}
         git merge origin/${{ inputs.TARGET_BRANCH }}
         git checkout ${{ env.SOURCE_BRANCH }}

diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml
@@ -26,36 +26,9 @@ jobs:
 
   createNewVersion:
     needs: validateActor
-    runs-on: ubuntu-latest
     if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) && github.event.inputs.NEW_VERSION == '' }}
-    outputs:
-      NEW_VERSION: ${{ steps.getNewVersion.outputs.NEW_VERSION }}
-    steps:
-      - name: Checkout main branch
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-        with:
-          ref: main
-          token: ${{ secrets.OS_BOTIFY_TOKEN }}
-
-      - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65
-        with:
-          poll-interval-seconds: 10
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create new BUILD version
-        uses: Expensify/App/.github/actions/javascript/triggerWorkflowAndWait@main
-        with:
-          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          WORKFLOW: createNewVersion.yml
-          INPUTS: '{ "SEMVER_LEVEL": "BUILD" }'
-
-      - name: Pull main to get the new version
-        id: getNewVersion
-        run: |
-          git pull origin main
-          echo "New version is $(npm run print-version --silent)"
-          echo "::set-output name=NEW_VERSION::$(npm run print-version --silent)"
+    uses: Expensify/App/.github/workflows/createNewVersion.yml@main
+    secrets: inherit
 
   cherryPick:
     needs: [validateActor, createNewVersion]

diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml
@@ -1,47 +1,79 @@
-name: Create a new version
+name: Create new version
 
 on:
-  workflow_dispatch:
+  workflow_call:
     inputs:
       SEMVER_LEVEL:
         description: One of {BUILD, PATCH, MINOR, MAJOR}
+        required: false
+        default: BUILD
+        type: string
+
+    outputs:
+      NEW_VERSION:
+        description: The new version string
+        value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }}
+
+    secrets:
+      LARGE_SECRET_PASSPHRASE:
+        description: Passphrase used to decrypt GPG key
+        required: true
+      OS_BOTIFY_TOKEN:
+        description: Token for the OSBotify user
+        required: true
+      SLACK_WEBHOOK:
+        description: Webhook used to comment in slack
         required: true
 
 jobs:
+  validateActor:
+    runs-on: ubuntu-latest
+    outputs:
+      HAS_WRITE_ACCESS: ${{ contains(fromJSON('["write", "admin"]'), steps.getUserPermissions.outputs.PERMISSION) }}
+    steps:
+      - name: Get user permissions
+        id: getUserPermissions
+        run: echo "::set-output name=PERMISSION::$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission | jq -r '.permission')"
+        env:
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
+
   createNewVersion:
-    if: github.actor == 'OSBotify'
-    runs-on: macos-11
+    runs-on: macos-latest
+    needs: validateActor
+    if: ${{ fromJSON(needs.validateActor.outputs.HAS_WRITE_ACCESS) }}
+
+    outputs:
+      NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }}
 
     steps:
-      # Version: 2.3.4
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      # Version: 3.0.2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           fetch-depth: 0
-          token: ${{ secrets.OS_BOTIFY_TOKEN }}
-
-      - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65
-        with:
-          poll-interval-seconds: 10
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
       - name: Create new branch
         run: |
-          BRANCH_NAME="version-${{ github.event.inputs.SEMVER_LEVEL }}-$(uuidgen)"
+          BRANCH_NAME="version-${{ inputs.SEMVER_LEVEL }}-$(uuidgen)"
           git checkout -b "$BRANCH_NAME"
           git push --set-upstream origin "$BRANCH_NAME"
           echo "VERSION_BRANCH=$BRANCH_NAME" >> "$GITHUB_ENV"
 
+      - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65
+        with:
+          poll-interval-seconds: 10
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
       - name: Generate version
         id: bumpVersion
         uses: Expensify/App/.github/actions/javascript/bumpVersion@main
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          SEMVER_LEVEL: ${{ github.event.inputs.SEMVER_LEVEL }}
+          SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }}
 
       - name: Commit new version
         run: |

diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml
@@ -56,70 +56,46 @@ jobs:
     needs: validate
     if: ${{ fromJSON(needs.validate.outputs.isValid) }}
     steps:
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-        with:
-          ref: main
-          token: ${{ secrets.OS_BOTIFY_TOKEN }}
-
       - name: Update production branch
         uses: Expensify/App/.github/actions/composite/updateProtectedBranch@main
         with:
           TARGET_BRANCH: production
           OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
-  # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle.
-  createNewStagingDeployCash:
-    runs-on: macos-11
+  # Create a new patch version to prep for next release cycle
+  createNewPatchVersion:
     needs: validate
     if: ${{ fromJSON(needs.validate.outputs.isValid) }}
-    steps:
-      # Version: 2.3.4
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-        with:
-          ref: main
-          fetch-depth: 0
-          token: ${{ secrets.OS_BOTIFY_TOKEN }}
-
-      - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65
-        with:
-          poll-interval-seconds: 10
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create new PATCH version
-        uses: Expensify/App/.github/actions/javascript/triggerWorkflowAndWait@main
-        with:
-          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          WORKFLOW: createNewVersion.yml
-          INPUTS: '{ "SEMVER_LEVEL": "PATCH" }'
+    uses: Expensify/App/.github/workflows/createNewVersion.yml@main
+    secrets: inherit
+    with:
+      SEMVER_LEVEL: PATCH
 
+  # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle.
+  createNewStagingDeployCash:
+    runs-on: ubuntu-latest
+    needs: createNewPatchVersion
+    steps:
       - name: Update staging branch to trigger staging deploy
         uses: Expensify/App/.github/actions/composite/updateProtectedBranch@main
         with:
           TARGET_BRANCH: staging
           OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
-      - name: Pull staging to get the new version
-        run: |
-          git checkout staging
-          git pull origin staging
-          echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
-          echo "New version is ${{ env.NEW_VERSION }}"
-
         # Create a local git tag so that GitUtils.getPullRequestsMergedBetween can use `git log` to generate a
         # list of pull requests that were merged between this version tag and another.
         # NOTE: This tag is only used locally and shouldn't be pushed to the remote.
         # If it was pushed, that would trigger the staging deploy which is handled in a separate workflow (deploy.yml)
       - name: Tag version
-        run: git tag ${{ env.NEW_VERSION }}
+        run: git tag ${{ needs.createNewPatchVersion.outputs.NEW_VERSION }}
 
       - name: Create new StagingDeployCash
         uses: Expensify/App/.github/actions/javascript/createOrUpdateStagingDeploy@main
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
-          NPM_VERSION: ${{ env.NEW_VERSION }}
+          NPM_VERSION: ${{ needs.createNewPatchVersion.outputs.NEW_VERSION }}
 
       - if: ${{ failure() }}
         uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main