From 0613affde4b29d5ea3ac62e5795b29c4824777a9 Mon Sep 17 00:00:00 2001 From: Jade Guiton Date: Mon, 25 Nov 2024 15:42:50 +0100 Subject: [PATCH 1/5] [chore] Add CI check to enforce merge freezes --- .github/workflows/check-merge-freeze.yml | 22 +++++++++++++++++++ .../workflows/scripts/check-merge-freeze.sh | 7 ++++++ .../scripts/release-prepare-release.sh | 2 +- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/check-merge-freeze.yml create mode 100755 .github/workflows/scripts/check-merge-freeze.sh diff --git a/.github/workflows/check-merge-freeze.yml b/.github/workflows/check-merge-freeze.yml new file mode 100644 index 00000000000..91c0c2aefd6 --- /dev/null +++ b/.github/workflows/check-merge-freeze.yml @@ -0,0 +1,22 @@ +name: Merge freeze + +on: + pull_request: + types: [opened, ready_for_review, synchronize, reopened, labeled, unlabeled] + branches: [main] + merge_group: + types: [checks_requested] + +jobs: + check-merge-freeze: + name: Check + if: ${{ !contains(github.event.pull_request.labels.*.name, 'release:prepare') }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + sparse-checkout: .github/workflows/scripts + - run: ./.github/workflows/scripts/check-merge-freeze.sh + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: open-telemetry/opentelemetry-collector diff --git a/.github/workflows/scripts/check-merge-freeze.sh b/.github/workflows/scripts/check-merge-freeze.sh new file mode 100755 index 00000000000..2f1e8275af0 --- /dev/null +++ b/.github/workflows/scripts/check-merge-freeze.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e + +BLOCKERS=$(gh pr list --search "label:release:prepare" --json url --jq '.[].url' --repo "${REPO}") +if [ "${BLOCKERS}" != "" ]; then + echo "Merging in main is frozen by release PR: ${BLOCKERS}" + exit 1 +fi diff --git a/.github/workflows/scripts/release-prepare-release.sh b/.github/workflows/scripts/release-prepare-release.sh index 9f9d698cbb5..47d26c93180 100755 --- a/.github/workflows/scripts/release-prepare-release.sh +++ b/.github/workflows/scripts/release-prepare-release.sh @@ -41,7 +41,7 @@ if [ "${CANDIDATE_BETA}" != "" ]; then fi git push origin "${BRANCH}" -gh pr create --title "[chore] Prepare release ${RELEASE_VERSION}" --body " +gh pr create --title "[chore] Prepare release ${RELEASE_VERSION}" --label release:prepare --body " The following commands were run to prepare this release: ${COMMANDS} " From 9a22e8aa4fd40b86f1ded61cc425b0d428b87d7d Mon Sep 17 00:00:00 2001 From: Jade Guiton Date: Mon, 25 Nov 2024 16:18:58 +0100 Subject: [PATCH 2/5] Added copyright notice and uniformized script formatting --- .github/workflows/scripts/check-merge-freeze.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scripts/check-merge-freeze.sh b/.github/workflows/scripts/check-merge-freeze.sh index 2f1e8275af0..a153d952849 100755 --- a/.github/workflows/scripts/check-merge-freeze.sh +++ b/.github/workflows/scripts/check-merge-freeze.sh @@ -1,7 +1,10 @@ #!/bin/bash -e +# +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 -BLOCKERS=$(gh pr list --search "label:release:prepare" --json url --jq '.[].url' --repo "${REPO}") +BLOCKERS=$( gh pr list --search "label:release:prepare" --json url --jq '.[].url' --repo "${REPO}" ) if [ "${BLOCKERS}" != "" ]; then - echo "Merging in main is frozen by release PR: ${BLOCKERS}" - exit 1 + echo "Merging in main is frozen while release PR is open: ${BLOCKERS}" + exit 1 fi From ea8aa3eea462f7f9f2ef64464bc297af7e986b08 Mon Sep 17 00:00:00 2001 From: Jade Guiton Date: Tue, 26 Nov 2024 11:10:26 +0100 Subject: [PATCH 3/5] Changed label name, added comments --- .github/workflows/check-merge-freeze.yml | 3 ++- .github/workflows/scripts/check-merge-freeze.sh | 4 ++-- .github/workflows/scripts/release-prepare-release.sh | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-merge-freeze.yml b/.github/workflows/check-merge-freeze.yml index 91c0c2aefd6..834e0884968 100644 --- a/.github/workflows/check-merge-freeze.yml +++ b/.github/workflows/check-merge-freeze.yml @@ -10,7 +10,8 @@ on: jobs: check-merge-freeze: name: Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'release:prepare') }} + # This condition is to avoid blocking the PR causing the freeze in the first place. + if: ${{ !contains(github.event.pull_request.labels.*.name, 'release:merge-freeze') }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/scripts/check-merge-freeze.sh b/.github/workflows/scripts/check-merge-freeze.sh index a153d952849..fcb98dc0d6c 100755 --- a/.github/workflows/scripts/check-merge-freeze.sh +++ b/.github/workflows/scripts/check-merge-freeze.sh @@ -3,8 +3,8 @@ # Copyright The OpenTelemetry Authors # SPDX-License-Identifier: Apache-2.0 -BLOCKERS=$( gh pr list --search "label:release:prepare" --json url --jq '.[].url' --repo "${REPO}" ) +BLOCKERS=$( gh pr list --search "label:release:merge-freeze" --json url --jq '.[].url' --repo "${REPO}" ) if [ "${BLOCKERS}" != "" ]; then - echo "Merging in main is frozen while release PR is open: ${BLOCKERS}" + echo "Merging in main is frozen, as there are open PRs labeled 'release:merge-freeze': ${BLOCKERS}" exit 1 fi diff --git a/.github/workflows/scripts/release-prepare-release.sh b/.github/workflows/scripts/release-prepare-release.sh index 47d26c93180..d3e7e1a72ea 100755 --- a/.github/workflows/scripts/release-prepare-release.sh +++ b/.github/workflows/scripts/release-prepare-release.sh @@ -41,7 +41,8 @@ if [ "${CANDIDATE_BETA}" != "" ]; then fi git push origin "${BRANCH}" -gh pr create --title "[chore] Prepare release ${RELEASE_VERSION}" --label release:prepare --body " +# The `release:merge-freeze` label will cause the `check-merge-freeze` workflow to fail, enforcing the freeze. +gh pr create --title "[chore] Prepare release ${RELEASE_VERSION}" --label release:merge-freeze --body " The following commands were run to prepare this release: ${COMMANDS} " From b6585ce836501c8d0219cd3822497a599f885249 Mon Sep 17 00:00:00 2001 From: Jade Guiton Date: Tue, 26 Nov 2024 11:12:17 +0100 Subject: [PATCH 4/5] Added log encouraging re-running the check --- .github/workflows/scripts/check-merge-freeze.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/scripts/check-merge-freeze.sh b/.github/workflows/scripts/check-merge-freeze.sh index fcb98dc0d6c..efd8927b17d 100755 --- a/.github/workflows/scripts/check-merge-freeze.sh +++ b/.github/workflows/scripts/check-merge-freeze.sh @@ -6,5 +6,6 @@ BLOCKERS=$( gh pr list --search "label:release:merge-freeze" --json url --jq '.[].url' --repo "${REPO}" ) if [ "${BLOCKERS}" != "" ]; then echo "Merging in main is frozen, as there are open PRs labeled 'release:merge-freeze': ${BLOCKERS}" + echo "If you believe this is no longer true, re-run this job to unblock your PR." exit 1 fi From bc2371772a5866f3f64bfcb23ad70e86a1a1bf8b Mon Sep 17 00:00:00 2001 From: Jade Guiton Date: Tue, 26 Nov 2024 11:49:45 +0100 Subject: [PATCH 5/5] Pin checkout action to commit hash Co-authored-by: Pablo Baeyens --- .github/workflows/check-merge-freeze.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-merge-freeze.yml b/.github/workflows/check-merge-freeze.yml index 834e0884968..c24b32dc718 100644 --- a/.github/workflows/check-merge-freeze.yml +++ b/.github/workflows/check-merge-freeze.yml @@ -14,7 +14,7 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'release:merge-freeze') }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: .github/workflows/scripts - run: ./.github/workflows/scripts/check-merge-freeze.sh