tools: update create-release-proposal workflow

PR-URL: https://github.com/nodejs/node/pull/56054 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
2025-12-06 12:20:27 +01:00 · 2024-12-05 20:33:44 +00:00 · 2024-12-05 20:33:44 +00:00 · 60e9c6f441
commit 60e9c6f441
parent 53356c37b7
2 changed files with 118 additions and 24 deletions
--- a/.github/workflows/create-release-proposal.yml
+++ b/.github/workflows/create-release-proposal.yml
@ -1,7 +1,6 @@
 # This action requires the following secrets to be set on the repository:
 #   GH_USER_NAME: GitHub user whose Jenkins and GitHub token are defined below
 #   GH_USER_TOKEN: GitHub user token, to be used by ncu and to push changes
-#   JENKINS_TOKEN: Jenkins token, to be used to check CI status

 name: Create Release Proposal

@ -24,6 +23,7 @@ env:

 permissions:
  contents: write
+  pull-requests: write

 jobs:
  releasePrepare:
@ -37,9 +37,7 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
        with:
          ref: ${{ env.STAGING_BRANCH }}
-          # Needs the whole git history for ncu to work
-          # See https://github.com/nodejs/node-core-utils/pull/486
-          fetch-depth: 0
+          persist-credentials: false

      # Install dependencies
      - name: Install Node.js
@ -56,21 +54,19 @@ jobs:
          ncu-config set upstream origin
          ncu-config set username "$USERNAME"
          ncu-config set token "$GH_TOKEN"
-          ncu-config set jenkins_token "$JENKINS_TOKEN"
          ncu-config set repo "$(echo "$GITHUB_REPOSITORY" | cut -d/ -f2)"
          ncu-config set owner "${GITHUB_REPOSITORY_OWNER}"
        env:
          USERNAME: ${{ secrets.JENKINS_USER }}
-          GH_TOKEN: ${{ secrets.GH_USER_TOKEN }}
-          JENKINS_TOKEN: ${{ secrets.JENKINS_TOKEN }}
+          GH_TOKEN: ${{ github.token }}

      - name: Set up ghauth config (Ubuntu)
        run: |
-          mkdir -p ~/.config/changelog-maker/
-          echo '{
-            "user": "'$(ncu-config get username)'",
-            "token": "'$(ncu-config get token)'"
-          }' > ~/.config/changelog-maker/config.json
+          mkdir -p "${XDG_CONFIG_HOME:-~/.config}/changelog-maker"
+          echo '{}' | jq '{user: env.USERNAME, token: env.TOKEN}' > "${XDG_CONFIG_HOME:-~/.config}/changelog-maker/config.json"
+        env:
+          USERNAME: ${{ secrets.JENKINS_USER }}
+          TOKEN: ${{ github.token }}

      - name: Setup git author
        run: |
@ -78,7 +74,12 @@ jobs:
          git config --local user.name "Node.js GitHub Bot"

      - name: Start git node release prepare
+        # The curl command is to make sure we run the version of the script corresponding to the current workflow.
        run: |
+          git update-index --assume-unchanged tools/actions/create-release.sh
+          curl -fsSLo tools/actions/create-release.sh https://github.com/${GITHUB_REPOSITORY}/raw/${GITHUB_SHA}/tools/actions/create-release.sh
          ./tools/actions/create-release.sh "${RELEASE_DATE}" "${RELEASE_LINE}"
        env:
-          GH_TOKEN: ${{ secrets.GH_USER_TOKEN }}
+          GH_TOKEN: ${{ github.token }}
+          # We want the bot to push the push the release commit so CI runs on it.
+          BOT_TOKEN: ${{ secrets.GH_USER_TOKEN }}
--- a/tools/actions/create-release.sh
+++ b/tools/actions/create-release.sh
@ -2,6 +2,9 @@

 set -xe

+GITHUB_REPOSITORY=${GITHUB_REPOSITORY:-nodejs/node}
+BOT_TOKEN=${BOT_TOKEN:-}
+
 RELEASE_DATE=$1
 RELEASE_LINE=$2

@ -10,24 +13,114 @@ if [ -z "$RELEASE_DATE" ] || [ -z "$RELEASE_LINE" ]; then
  exit 1
 fi

+if [ -z "$GITHUB_REPOSITORY" ] || [ -z "$BOT_TOKEN" ]; then
+  echo "Invalid value in env for GITHUB_REPOSITORY and BOT_TOKEN"
+  exit 1
+fi
+
+if ! command -v node || ! command -v gh || ! command -v git || ! command -v awk; then
+  echo "Missing required dependencies"
+  exit 1
+fi
+
 git node release --prepare --skipBranchDiff --yes --releaseDate "$RELEASE_DATE"
-# We use it to not specify the branch name as it changes based on
-# the commit list (semver-minor/semver-patch)
-git config push.default current
-git push
+
+HEAD_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+HEAD_SHA="$(git rev-parse HEAD^)"

 TITLE=$(awk "/^## ${RELEASE_DATE}/ { print substr(\$0, 4) }" "doc/changelogs/CHANGELOG_V${RELEASE_LINE}.md")

 # Use a temporary file for the PR body
 TEMP_BODY="$(awk "/## ${RELEASE_DATE}/,/^<a id=/{ if (!/^<a id=/) print }" "doc/changelogs/CHANGELOG_V${RELEASE_LINE}.md")"

-PR_URL="$(gh pr create --title "$TITLE" --body "$TEMP_BODY" --base "v$RELEASE_LINE.x")"
+# Create the proposal branch
+gh api \
+  --method POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  "/repos/${GITHUB_REPOSITORY}/git/refs" \
+   -f "ref=refs/heads/$HEAD_BRANCH" -f "sha=$HEAD_SHA"

-# Amend commit message so it contains the correct PR-URL trailer.
-AMENDED_COMMIT_MSG="$(git log -1 --pretty=%B | sed "s|PR-URL: TODO|PR-URL: $PR_URL|")"
+# Create the proposal PR
+PR_URL="$(gh api \
+  --method POST \
+  --jq .html_url \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  "/repos/${GITHUB_REPOSITORY}/pulls" \
+   -f "title=$TITLE" -f "body=$TEMP_BODY" -f "head=$HEAD_BRANCH" -f "base=v$RELEASE_LINE.x")"

-# Replace "TODO" with the PR URL in the last commit
-git commit --amend --no-edit -m "$AMENDED_COMMIT_MSG" || true
+# Push the release commit to the proposal branch using `BOT_TOKEN` from the env
+node --input-type=module - \
+    "$GITHUB_REPOSITORY" \
+    "$HEAD_BRANCH" \
+    "$HEAD_SHA" \
+    "$(git log -1 HEAD --format=%s || true)" \
+    "$(git log -1 HEAD --format=%b | awk -v PR_URL="$PR_URL" '{sub(/^PR-URL: TODO$/, "PR-URL: " PR_URL)} 1' || true)" \
+    "$(git show HEAD --diff-filter=d --name-only --format= || true)" \
+    "$(git show HEAD --diff-filter=D --name-only --format= || true)" \
+<<'EOF'
+const [,,
+  repo,
+  branch,
+  parentCommitSha,
+  commit_title,
+  commit_body,
+  modifiedOrAddedFiles,
+  deletedFiles,
+] = process.argv;

-# Force-push the amended commit
-git push --force
+import { readFileSync } from 'node:fs';
+import util from 'node:util';
+
+const query = `
+mutation ($repo: String! $branch: String!, $parentCommitSha: GitObjectID!, $changes: FileChanges!, $commit_title: String!, $commit_body: String) {
+  createCommitOnBranch(input: {
+    branch: {
+      repositoryNameWithOwner: $repo,
+      branchName: $branch
+    },
+    message: {
+      headline: $commit_title,
+      body: $commit_body
+    },
+    expectedHeadOid: $parentCommitSha,
+    fileChanges: $changes
+  }) {
+    commit {
+      url
+    }
+  }
+}
+`;
+const response = await fetch('https://api.github.com/graphql', {
+  method: 'POST',
+  headers: {
+    'Authorization': `bearer ${process.env.BOT_TOKEN}`,
+  },
+  body: JSON.stringify({
+    query,
+    variables: {
+      repo,
+      branch,
+      parentCommitSha,
+      commit_title,
+      commit_body,
+      changes: {
+        additions: modifiedOrAddedFiles.split('\n').filter(Boolean)
+          .map(path => ({ path, contents: readFileSync(path).toString('base64') })),
+        deletions: deletedFiles.split('\n').filter(Boolean),
+      }
+    },
+  })
+});
+if (!response.ok) {
+  console.log({statusCode: response.status, statusText: response.statusText});
+  process.exitCode ||= 1;
+}
+const data = await response.json();
+if (data.errors?.length) {
+  throw new Error('Endpoint returned an error', { cause: data });
+}
+console.log(util.inspect(data, { depth: Infinity }));
+EOF