Sync frm test fork. (#24)

yosefAlsuhaibani · Yosef Alsuhaibani · Andre Kuhlenschmidt · web-flow · commit b7192c505658 · 2024-08-16T14:57:46.000-04:00
* Add work from other fork * Hardcode configs + remove inc * adding remotes command * going to version 2 of checkout * using version 4 of checkout * using with submodules: true * remove fake reviwer` * add gh token * aaa * Add autoapprove bot * Remove approvals and merge from bump_version * remove bogus reviewer * wack script * Fix bump ver * Restore state? * change name * fix typo * Bump setup to 1.82.0 * Bump pre-commit yaml to 1.81.0 (#16) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * Bump pre-commit yaml to 1.84.1 (#18) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * Bump setup to 1.33.22 (#19) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * simplify workflow * Make 2nd step its own workflow * no dup name * maybe fix error * remove dup key * don't hardcode bump yaml * Bump setup to 3.33.3 (#21) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * Change trigger hook * Bump setup to 2.22.2 (#22) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * remove dispatch * try on:push * Bump setup to 3.33.3 (#23) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * Bump setup to 1.84.1 (#24) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * push a tag * make sed portable * reset version * commit all files * Bump setup to 1.84.1 (#26) Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> * Cooper edit * sync * actually get token * perms * Bump setup to 1.84.0 (#29) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * Don't negate? * Bump setup to 1.84.1 (#30) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * escape properlly? * Bump setup to 1.84.0 (#31) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * remove conditional * Bump setup to 1.84.1 (#32) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * add back conditional * fake file * Change ext * Bump setup to 1.84.0 (#34) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * Update autoapprove? * Fix checks * add --squash * del tag and tag * Bump setup to 1.84.1 (#37) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * add ref: develop * Bump setup to 1.84.0 (#38) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * Bump setup to 1.84.1 (#39) Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com> * Remove tag-version script and workflow * Add a small comment why we change ids * Don't push bogus changes * bogus --------- Co-authored-by: Yosef Alsuhaibani <yosefalsuhaibani@Yosefs-MacBook-Pro-2.local> Co-authored-by: Andre Kuhlenschmidt <andre@semgrep.com> Co-authored-by: semgrep-ci[bot] <semgrep-ci[bot]@users.noreply.github.com> Co-authored-by: semgrep-ci[bot] <106279034+semgrep-ci[bot]@users.noreply.github.com> Co-authored-by: yosefAlsuhaibani <yosefAlsuhaibani@users.noreply.github.com>
diff --git a/.github/workflows/autoapprove.yml b/.github/workflows/autoapprove.yml
@@ -10,13 +10,60 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'github-actions' || github.actor == 'semgrep-ci[bot]'}}
     steps:
-      - name: Enable auto-merge
-        run: gh pr merge --auto --squash "$PR_URL"
+      - name: Approve
+        run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Approve
-        run: gh pr review --approve "$PR_URL"
+
+      - name: Watch untill PR checks are done
+        run: gh pr checks --required --watch  "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Merge PR
+        run: gh pr merge --squash "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Now we switch to semgrep-ci[bot] to actually be able to
+      # move the tag we created in bump_version.yml from the
+      # release branch to develop
+
+      - id: jwt
+        env:
+          EXPIRATION: 600
+          ISSUER: ${{ secrets.SEMGREP_CI_APP_ID }}
+          PRIVATE_KEY: ${{ secrets.SEMGREP_CI_APP_KEY }}
+        name: Get JWT for semgrep-ci GitHub App
+        uses: docker://public.ecr.aws/y9k7q4m1/devops/cicd:latest
+
+      - id: token
+        name: Get token for semgrep-ci GitHub App
+        run: |
+          TOKEN="$(curl -X POST \
+          -H "Authorization: Bearer ${{ steps.jwt.outputs.jwt }}" \
+          -H "Accept: application/vnd.github.v3+json" \
+          "https://api.github.com/app/installations/${{ secrets.SEMGREP_CI_APP_INSTALLATION_ID }}/access_tokens" | \
+          jq -r .token)"
+          echo "::add-mask::$TOKEN"
+          echo "token=$TOKEN" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v4
+        with:
+          ref: develop
+          token: ${{ steps.token.outputs.token }}
+
+      - name: Move tag to develop branch
+        env:
+          GITHUB_TOKEN: ${{ steps.token.outputs.token }}
+        run: |
+          CURR_VERSION=$(grep -o 'version=\"[0-9.]*\"' setup.py | sed "s/version=\"\([0-9.]*\)\"/\1/")
+          # We tagged the release branch first in bump_version.yml
+          # to allow tests to pass; now moving it to develop so
+          # it can be a part of its history
+          git push --delete origin "v${CURR_VERSION}"
+          git tag "v${CURR_VERSION}" HEAD
+          git push origin tag "v${CURR_VERSION}"
diff --git a/a.txt b/a.txt
@@ -0,0 +1 @@
+a
