keystone/.github/workflows/propose_osc_changes.yml at 489c19307f6b3e47f82bbf0b446cec06c649845b · openstack-experimental/keystone · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: Propose PR to the `openstack` repo

on:
  pull_request:
    types: ["closed"]

permissions:
  contents: read

jobs:
  propose-osc-pr:
    if: "github.event.pull_request.merged == true && github.event.pull_request.user.login != 'dependabot[bot]'"
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594  # v2.16.0
        with:
          egress-policy: audit

      - name: Checkout source repo
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
        with:
          fetch-depth: 0  # get all commits

      - name: Install Rust
        uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # stable
        with:
          toolchain: stable

      - name: Get the codegenerator
        run: git clone https://opendev.org/openstack/codegenerator

      - name: Install uv
        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78  # v7.6.0
        with:
          working-directory: codegenerator

      - name: Prepare the work dir
        run: mkdir -p codegenerator/wrk/openapi_specs/identity

      - name: Generate OpenAPI
        run: cargo run --bin keystone -- --dump-openapi yaml > codegenerator/wrk/openapi_specs/identity/keystone_rust.yaml

      - name: Install the codegenerator
        working-directory: codegenerator
        run: uv sync

      - name: Generate the code
        working-directory: codegenerator
        run: |
          for resource in "federation/identity_provider" "federation/mapping" "user/passkey"; do
            uv run openstack-codegenerator --work-dir wrk --target rust-sdk --metadata metadata/identity_metadata.yaml --service identity --resource ${resource}
            uv run openstack-codegenerator --work-dir wrk --target rust-types --metadata metadata/identity_metadata.yaml --service identity --resource ${resource}
            uv run openstack-codegenerator --work-dir wrk --target rust-cli --metadata metadata/identity_metadata.yaml --service identity --resource ${resource}
            uv run openstack-codegenerator --work-dir wrk --target rust-tui --metadata metadata/identity_metadata.yaml --service identity --resource ${resource}
          done;

      - name: Set PR variables
        id: vars
        run: |
          echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
          echo "branch_name=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT
          echo "merge_sha=${{ github.event.pull_request.merge_commit_sha }}" >> $GITHUB_OUTPUT

      - name: Resolve best commit message for the merged PR
        id: commit
        env:
          GITHUB_TOKEN: ${{ github.token }}
          PR_NUMBER: ${{ steps.vars.outputs.pr_number }}
          REPO: ${{ github.repository }}
          MERGE_SHA: ${{ steps.vars.outputs.merge_sha }}
        run: |
          set -euo pipefail
          # helper to emit multi-line output
          set_output() {
              echo "commit_message<<EOF" >> $GITHUB_OUTPUT
              printf "%s\n" "$1" >> $GITHUB_OUTPUT
              echo "EOF" >> $GITHUB_OUTPUT
          }

          COMMIT_MSG=""
          # 1) If merge_commit_sha exists, try to fetch that commit (works for merge & squash)
          if [ -n "$MERGE_SHA" ] && [ "$MERGE_SHA" != "null" ]; then
              echo "Attempting to fetch merge commit message for SHA: $MERGE_SHA"
              RESP=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
                  "https://api.github.com/repos/$REPO/commits/$MERGE_SHA")
              COMMIT_MSG=$(echo "$RESP" | jq -r '.commit.message // empty' | sed 's/\r$//')
          fi

          # 2) Fallback: collect all commits on the PR and join their messages
          if [ -z "$COMMIT_MSG" ]; then
              echo "Falling back to collecting PR commits..."
              RESP=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
                  "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER/commits")
              COMMIT_MSG=$(echo "$RESP" | jq -r 'map(.commit.message) | join("\n\n---\n\n")' | sed 's/\r$//')
          fi

          # 3) Fallback: use PR title and body
          if [ -z "$COMMIT_MSG" ]; then
              echo "Falling back to PR title/body..."
              RESP=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
                  "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER")
              TITLE=$(echo "$RESP" | jq -r '.title // empty') BODY=$(echo "$RESP" | jq -r '.body // empty')
              if [ -n "$TITLE" ] || [ -n "$BODY" ]; then
                  COMMIT_MSG="$TITLE"$'\n\n'"$BODY"
              fi
          fi

          # 4) Final fallback
          if [ -z "$COMMIT_MSG" ]; then
              COMMIT_MSG="Automated update from source repo (PR #$PR_NUMBER)"
          fi

          set_output "$COMMIT_MSG"

      - name: Clone target repository
        run: |
          git clone https://x-access-token:${{ secrets.OPENSTACK_REPO_TOKEN }}@github.com/gtema/openstack.git target-repo
          cd target-repo
          git checkout -b "ks_${{ steps.vars.outputs.branch_name }}" || git checkout "ks_${{ steps.vars.outputs.branch_name }}"

      - name: Copy files to target repo
        run: |
          cp -R ./codegenerator/wrk/rust/* ./target-repo/

      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y libudev-dev

      - name: Try to compile the target repo
        working-directory: target-repo
        run: |
          cargo clippy --fix --allow-dirty --all-features
          cargo b --all-features

      - name: Commit files
        id: sync
        run: |
          cd target-repo
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"

          if git diff --quiet; then
              echo "No changes detected — skipping commit and PR creation."
              echo "no_changes=true" >> $GITHUB_OUTPUT
              exit 0
          fi

          git add .
          git commit -m "${{ steps.commit.outputs.commit_message }}" || echo "No changes to commit"
          git push origin "ks_${{ steps.vars.outputs.branch_name }}"
          echo "no_changes=false" >> $GITHUB_OUTPUT

      - name: Create PR in target repo
        env:
          GH_TOKEN: ${{ secrets.OPENSTACK_REPO_TOKEN }}
        if: steps.sync.outputs.no_changes == 'false'
        run: |
          gh pr create \
            --repo gtema/openstack \
            --head "ks_${{ steps.vars.outputs.branch_name }}" \
            --base main \
            --title "${{ steps.commit.outputs.commit_message }}" \
            --body "Automated PR created after merging '${{ steps.vars.outputs.branch_name }}' in the gtema/keystone repo."