From 2cb588058ca95e69b7458bc44b59bfe773da3ae8 Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 17:27:44 +0000
Subject: [PATCH 1/7] initial draft bom workflow

---
 .github/workflows/beam_Upgrade_GCP_BOM.yml | 85 ++++++++++++++++++++++
 scripts/tools/gcp_bom_upgrade_check.py     | 62 ++++++++++++++++
 2 files changed, 147 insertions(+)
 create mode 100644 .github/workflows/beam_Upgrade_GCP_BOM.yml
 create mode 100644 scripts/tools/gcp_bom_upgrade_check.py

diff --git a/.github/workflows/beam_Upgrade_GCP_BOM.yml b/.github/workflows/beam_Upgrade_GCP_BOM.yml
new file mode 100644
index 000000000000..fb3360824446
--- /dev/null
+++ b/.github/workflows/beam_Upgrade_GCP_BOM.yml
@@ -0,0 +1,85 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Upgrade GCP Platform Libraries BOM
+
+on:
+  schedule:
+    - cron: "0 0 * * 0" # Weekly on Sundays at 00:00 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+  issues: read
+  statuses: read
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  upgrade_gcp_bom:
+    runs-on: [self-hosted, ubuntu-24.04, main]
+    name: Upgrade GCP BOM
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+      - name: Setup environment
+        uses: ./.github/actions/setup-environment-action
+        with:
+          python-version: 3.11
+          java-version: default
+          go-version: default
+      - name: Check if new BOM is available
+        id: check_bom
+        run: python3 scripts/tools/gcp_bom_upgrade_check.py
+      - name: Run bomupgrader
+        if: steps.check_bom.outputs.should_upgrade == 'true'
+        run: python3 scripts/tools/bomupgrader.py ${{ steps.check_bom.outputs.latest_version }}
+      - name: Install gh cli
+        if: steps.check_bom.outputs.should_upgrade == 'true'
+        uses: ./.github/actions/setup-gh-cli-linux
+      - name: Set git config
+        if: steps.check_bom.outputs.should_upgrade == 'true'
+        run: |
+          git config user.name $GITHUB_ACTOR
+          git config user.email actions@"$RUNNER_NAME".local
+      - name: Commit Changes and create PR
+        if: steps.check_bom.outputs.should_upgrade == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LATEST_VER: ${{ steps.check_bom.outputs.latest_version }}
+          CURRENT_VER: ${{ steps.check_bom.outputs.current_version }}
+        run: |
+          branchName=upgrade_gcp_bom_${LATEST_VER//./_}
+          git checkout -b $branchName
+          git add -A
+          git diff-index --quiet HEAD || gitdiff=$? || echo $?
+          if [[ $gitDiff != 0 ]]; then
+            echo "Changes are ready to commit"
+            git commit -m "Upgrade GCP Libraries BOM to ${LATEST_VER}" --quiet
+            git push origin $branchName --quiet
+            
+            PR_BODY="This PR was created by automation. It upgrades the Google Cloud Platform Libraries BOM from **${CURRENT_VER}** to **${LATEST_VER}** and updates Netty, gRPC, Arrow, Gax, Protobuf, and OpenTelemetry versions to match.
+            
+            Please review the changes and merge if all tests pass."
+            
+            GITHUB_PR_URL=$(gh pr create --title "Upgrade GCP Libraries BOM to ${LATEST_VER}" --body "$PR_BODY" --label "dependencies" --base master)
+            echo "Link of the new PR: $GITHUB_PR_URL"
+          else
+            echo "No changes on the files"
+          fi
diff --git a/scripts/tools/gcp_bom_upgrade_check.py b/scripts/tools/gcp_bom_upgrade_check.py
new file mode 100644
index 000000000000..7037ba68dbe5
--- /dev/null
+++ b/scripts/tools/gcp_bom_upgrade_check.py
@@ -0,0 +1,62 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import urllib.request
+import re
+import os
+
+def get_latest_bom():
+    url = "https://repo1.maven.org/maven2/com/google/cloud/libraries-bom/maven-metadata.xml"
+    with urllib.request.urlopen(url) as response:
+        xml = response.read().decode('utf-8')
+    match = re.search(r'<release>([^<]+)</release>', xml)
+    if match:
+        return match.group(1)
+    raise RuntimeError("Could not find latest release in Maven metadata")
+
+def get_current_bom():
+    path = "buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy"
+    with open(path) as f:
+        content = f.read()
+    match = re.search(r'google_cloud_platform_libraries_bom\s*:\s*[\"\']com\.google\.cloud:libraries-bom:([0-9.]+)[\"\']', content)
+    if match:
+        return match.group(1)
+    raise RuntimeError("Could not find current libraries-bom in BeamModulePlugin.groovy")
+
+def to_tuple(version_str):
+    return tuple(map(int, version_str.split('.')))
+
+def main():
+    latest = get_latest_bom()
+    current = get_current_bom()
+    print(f"Latest libraries-bom version: {latest}")
+    print(f"Current libraries-bom version: {current}")
+    
+    should_upgrade = to_tuple(latest) > to_tuple(current)
+    
+    github_output = os.getenv('GITHUB_OUTPUT')
+    if github_output:
+        with open(github_output, 'a') as f:
+            f.write(f"should_upgrade={str(should_upgrade).lower()}\n")
+            f.write(f"latest_version={latest}\n")
+            f.write(f"current_version={current}\n")
+            
+    if should_upgrade:
+        print("A newer version of libraries-bom is available. Upgrade needed.")
+    else:
+        print("libraries-bom is up-to-date.")
+
+if __name__ == '__main__':
+    main()

From d2a56a59aa402d52b666123299f729f6d00c9628 Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 17:38:54 +0000
Subject: [PATCH 2/7] add temp fix

---
 .github/workflows/beam_Upgrade_GCP_BOM.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/beam_Upgrade_GCP_BOM.yml b/.github/workflows/beam_Upgrade_GCP_BOM.yml
index fb3360824446..4c9ca7d594aa 100644
--- a/.github/workflows/beam_Upgrade_GCP_BOM.yml
+++ b/.github/workflows/beam_Upgrade_GCP_BOM.yml
@@ -19,6 +19,9 @@ on:
   schedule:
     - cron: "0 0 * * 0" # Weekly on Sundays at 00:00 UTC
   workflow_dispatch:
+  push:
+  branches:
+    - 20260527_createBOMWorkflow
 
 permissions:
   contents: write

From 8ff89afe4332f974e9ca32c8d2ef06f5ced82506 Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 17:46:53 +0000
Subject: [PATCH 3/7] Document new GCP BOM upgrade workflow in README

---
 .github/workflows/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/README.md b/.github/workflows/README.md
index c6a95b29b4c0..707f3e3fbed8 100644
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -542,3 +542,4 @@ PostCommit Jobs run in a schedule against master branch and generally do not get
 | [ Infrastructure Policy Enforcer ](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_PolicyEnforcer.yml) | N/A | [![.github/workflows/beam_Infrastructure_PolicyEnforcer.yml](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_PolicyEnforcer.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_PolicyEnforcer.yml?query=event%3Aschedule) |
 | [ Modify the GCP User Roles according to the infra/users.yml file ](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_UsersPermissions.yml) | N/A | [![.github/workflows/beam_Infrastructure_UsersPermissions.yml](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_UsersPermissions.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_UsersPermissions.yml?query=event%3Aschedule) |
 | [ Service Account Keys Management ](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_ServiceAccountKeys.yml) | N/A | [![.github/workflows/beam_Infrastructure_ServiceAccountKeys.yml](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_ServiceAccountKeys.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_ServiceAccountKeys.yml?query=event%3Aschedule) |
+| [ Upgrade GCP Platform Libraries BOM ](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml) | N/A | [![.github/workflows/beam_Upgrade_GCP_BOM.yml](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml?query=event%3Aschedule) |

From 30a83432dfb1765c9ba9d47844ae227dfe5fd1ed Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 17:53:07 +0000
Subject: [PATCH 4/7] Fix YAML indentation for push branches trigger

---
 .github/workflows/beam_Upgrade_GCP_BOM.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/beam_Upgrade_GCP_BOM.yml b/.github/workflows/beam_Upgrade_GCP_BOM.yml
index 4c9ca7d594aa..229555d74ea8 100644
--- a/.github/workflows/beam_Upgrade_GCP_BOM.yml
+++ b/.github/workflows/beam_Upgrade_GCP_BOM.yml
@@ -20,8 +20,8 @@ on:
     - cron: "0 0 * * 0" # Weekly on Sundays at 00:00 UTC
   workflow_dispatch:
   push:
-  branches:
-    - 20260527_createBOMWorkflow
+    branches:
+      - 20260527_createBOMWorkflow
 
 permissions:
   contents: write

From 2d9e8747e9c902110b7f277d8e28cf0eb0fedfda Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 17:59:06 +0000
Subject: [PATCH 5/7] remove tmp push

---
 .github/workflows/beam_Upgrade_GCP_BOM.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/beam_Upgrade_GCP_BOM.yml b/.github/workflows/beam_Upgrade_GCP_BOM.yml
index 229555d74ea8..fb3360824446 100644
--- a/.github/workflows/beam_Upgrade_GCP_BOM.yml
+++ b/.github/workflows/beam_Upgrade_GCP_BOM.yml
@@ -19,9 +19,6 @@ on:
   schedule:
     - cron: "0 0 * * 0" # Weekly on Sundays at 00:00 UTC
   workflow_dispatch:
-  push:
-    branches:
-      - 20260527_createBOMWorkflow
 
 permissions:
   contents: write

From d2cdedf7ec08e8d9858867af93b34fdd2b7e9be0 Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 18:01:44 +0000
Subject: [PATCH 6/7] Rename workflow to Upgrade GCP Libraries BOM

---
 .github/workflows/README.md                | 2 +-
 .github/workflows/beam_Upgrade_GCP_BOM.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/README.md b/.github/workflows/README.md
index 707f3e3fbed8..30225a999411 100644
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -542,4 +542,4 @@ PostCommit Jobs run in a schedule against master branch and generally do not get
 | [ Infrastructure Policy Enforcer ](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_PolicyEnforcer.yml) | N/A | [![.github/workflows/beam_Infrastructure_PolicyEnforcer.yml](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_PolicyEnforcer.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_PolicyEnforcer.yml?query=event%3Aschedule) |
 | [ Modify the GCP User Roles according to the infra/users.yml file ](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_UsersPermissions.yml) | N/A | [![.github/workflows/beam_Infrastructure_UsersPermissions.yml](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_UsersPermissions.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_UsersPermissions.yml?query=event%3Aschedule) |
 | [ Service Account Keys Management ](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_ServiceAccountKeys.yml) | N/A | [![.github/workflows/beam_Infrastructure_ServiceAccountKeys.yml](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_ServiceAccountKeys.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Infrastructure_ServiceAccountKeys.yml?query=event%3Aschedule) |
-| [ Upgrade GCP Platform Libraries BOM ](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml) | N/A | [![.github/workflows/beam_Upgrade_GCP_BOM.yml](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml?query=event%3Aschedule) |
+| [ Upgrade GCP Libraries BOM ](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml) | N/A | [![.github/workflows/beam_Upgrade_GCP_BOM.yml](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml/badge.svg?event=schedule)](https://github.com/apache/beam/actions/workflows/beam_Upgrade_GCP_BOM.yml?query=event%3Aschedule) |
diff --git a/.github/workflows/beam_Upgrade_GCP_BOM.yml b/.github/workflows/beam_Upgrade_GCP_BOM.yml
index fb3360824446..ffa5a5073ee4 100644
--- a/.github/workflows/beam_Upgrade_GCP_BOM.yml
+++ b/.github/workflows/beam_Upgrade_GCP_BOM.yml
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: Upgrade GCP Platform Libraries BOM
+name: Upgrade GCP Libraries BOM
 
 on:
   schedule:

From e490f90607d5ba4d8f030f9c6dece23007f24c0c Mon Sep 17 00:00:00 2001
From: Derrick Williams <derrickaw@google.com>
Date: Wed, 27 May 2026 18:21:46 +0000
Subject: [PATCH 7/7] fix gemini comments

---
 scripts/tools/gcp_bom_upgrade_check.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/tools/gcp_bom_upgrade_check.py b/scripts/tools/gcp_bom_upgrade_check.py
index 7037ba68dbe5..40943dafdf2c 100644
--- a/scripts/tools/gcp_bom_upgrade_check.py
+++ b/scripts/tools/gcp_bom_upgrade_check.py
@@ -19,7 +19,7 @@
 
 def get_latest_bom():
     url = "https://repo1.maven.org/maven2/com/google/cloud/libraries-bom/maven-metadata.xml"
-    with urllib.request.urlopen(url) as response:
+    with urllib.request.urlopen(url, timeout=15) as response:
         xml = response.read().decode('utf-8')
     match = re.search(r'<release>([^<]+)</release>', xml)
     if match:
@@ -36,7 +36,11 @@ def get_current_bom():
     raise RuntimeError("Could not find current libraries-bom in BeamModulePlugin.groovy")
 
 def to_tuple(version_str):
-    return tuple(map(int, version_str.split('.')))
+    parts = []
+    for part in version_str.split('.'):
+        match = re.match(r'^(\d+)', part)
+        parts.append(int(match.group(1)) if match else 0)
+    return tuple(parts)
 
 def main():
     latest = get_latest_bom()