Skip to content

Commit

Permalink
📂 update Red Hat specific files
Browse files Browse the repository at this point in the history
  • Loading branch information
lance committed Sep 5, 2023
1 parent baf97cc commit 6c54021
Show file tree
Hide file tree
Showing 3 changed files with 125 additions and 0 deletions.
11 changes: 11 additions & 0 deletions OWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# The OWNERS file is used by prow to automatically merge approved PRs.

approvers:
- lance
- cooktheryan
- lkatalin
- sallom

reviewers:
- JasonPowr
- tommyd450
20 changes: 20 additions & 0 deletions cosign/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#Build stage
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 AS build-env
WORKDIR /cosign
COPY . .
USER root
RUN make cosign

#Install Cosign
FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
COPY --from=build-env /cosign/cosign /usr/local/bin/cosign
RUN chown root:0 /usr/local/bin/cosign && chmod g+wx /usr/local/bin/cosign

#Configure home directory
ENV HOME=/home
RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME}

WORKDIR ${HOME}

# Makes sure the container stays running
CMD ["tail", "-f", "/dev/null"]
94 changes: 94 additions & 0 deletions redhat/release/update-to-head.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
#!/usr/bin/env bash

# Copyright 2023 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# The local git repo must have a remote "upstream" pointing
# to upstream sigstore/cosign, and a remote "origin"
# pointing to securesign/cosign

# Synchs the release-next branch to either the upstream `main` branch
# or a provided git-ref (typically an upstream release tag) and then triggers CI.
#
# NOTE: This requires a corresponding midstream branch to exist in the securesign fork
# with the same name as the upstream branch/ref, but prefixed with "midstream-".
#
# Usage: update-to-head.sh [<git-ref>]

if [ "$#" -ne 1 ]; then
upstream_ref="main"
midstream_ref="main"
redhat_ref="release-next"
else
upstream_ref=$1
midstream_ref="midstream-${upstream_ref}" # The overlays and patches for the given version
redhat_ref="redhat-${upstream_ref}" # The midstream repo with overlays and patches applied
fi

echo "Synchronizing ${redhat_ref} to upstream/${upstream_ref}..."

set -e
REPO_NAME=$(basename $(git rev-parse --show-toplevel))

# Custom files
custom_files=$(cat <<EOT | tr '\n' ' '
redhat
OWNERS
EOT
)
redhat_files_msg=":open_file_folder: update Red Hat specific files"
robot_trigger_msg=":robot: triggering CI on branch '${redhat_ref}' after synching from upstream/${upstream_ref}"

# Reset release-next to upstream main or <git-ref>.
git fetch upstream $upstream_ref
if [[ "$upstream_ref" == "main" ]]; then
git checkout upstream/main -B ${redhat_ref}
else
git checkout $upstream_ref -B ${redhat_ref}
fi

# Update redhat's main and take all needed files from there.
git fetch origin $midstream_ref
git checkout origin/$midstream_ref $custom_files

# Apply midstream patches
if [[ -d redhat/patches ]]; then
git apply redhat/patches/*
fi

git add . # Adds applied patches
git add $custom_files # Adds custom files
git commit -m "${redhat_files_msg}"

# Push the release-next branch
git push -f origin "${redhat_ref}"

# Trigger CI
# TODO: Set up openshift or github CI to run on release-next-ci
git checkout "${redhat_ref}" -B "${redhat_ref}"-ci
date > ci
git add ci
git commit -m "${robot_trigger_msg}"
git push -f origin "${redhat_ref}-ci"

if hash hub 2>/dev/null; then
# Test if there is already a sync PR in
COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/securesign/${REPO_NAME}/pulls --flat \
| grep -c "${robot_trigger_msg}") || true
if [ "$COUNT" = "0" ]; then
hub pull-request --no-edit -l "kind/sync-fork-to-upstream" -b securesign/${REPO_NAME}:${redhat_ref} -h securesign/${REPO_NAME}:${redhat_ref}-ci -m "${robot_trigger_msg}"
fi
else
echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually."
fi

0 comments on commit 6c54021

Please sign in to comment.