podman

1
#! /usr/bin/env bash
2
#
3
# dependabot-dance - invoked to perform manual steps on podman dependabot PRs
4
#
5
# As best I can tell (please correct me if mistaken), dependabot's job is
6
# to submit PRs with a change only in 'go.mod' but without actually
7
# running 'make vendor' to update the source files under vendor. This
8
# requires a human to run those steps.
9
#
10
# This script automates that, with a few safety checks.
11
#
12
ME=$(basename $0)
13
missing=" argument is missing; see $ME --help for details"
14
usage="Usage: $ME [--help] [-v|--verbose]
15

16
$ME performs a series of magical steps to get dependabot PRs
17
ready for merge. The important one is 'make vendor-in-container',
18
everything else is scaffolding to check out the PR and push it back.
19

20
Flags:
21
  --help          display usage message
22
  -v, --verbose   verbose output
23
"
24

25
verbose=
26
for i
27
do
28
    value=$(expr "$i" : '[^=]*=\(.*\)')
29
    case "$i" in
30
    -h*|--help)	echo "$usage"; exit 0;;
31
    -v|--verbose)	verbose=$i; shift;;
32
    -*)	echo "$ME: unrecognized option $i" >&2
33
	echo "$usage" >&2
34
	exit 1;;
35
    *)	break;;
36
    esac
37
done
38

39
die () {
40
    echo "$ME: $*" >&2
41
    exit 1
42
}
43

44
function branch_dance() {
45
    local branch="$1"
46

47
    # User will appreciate seeing 'git' and 'make' commands, but nothing else
48
    set -x
49
    git checkout -t $branch
50
    set +x
51

52
    # Commit must be from dependabot
53
    author=$(git show --no-patch --format='format:%an' HEAD)
54
    if ! [[ $author =~ dependabot ]]; then
55
        echo
56
        echo "Commit author is '$author' (expected 'dependabot')"
57
        echo -n "Continue? [y/N] "
58
        read answer
59
        case "$answer" in
60
            [yY]*) ;;
61
            *) exit 1;;
62
        esac
63
    fi
64

65
    # This is what does all the work
66
    set -x
67
    make vendor-in-container
68
    set +x
69

70
    # Now make sure at least *something* changed under vendor
71
    modified=$(git ls-files -m vendor)
72
    if [[ -z "$modified" ]]; then
73
        echo "No files changed under 'vendor' -- nothing to do!"
74
        return
75
    fi
76

77
    # Okay, here we go
78
    set -x
79
    git add vendor
80
    git commit -a --amend -s --no-edit
81
    git push --force
82
    set +x
83

84
    # Try to leave things in relatively clean state; remove local branch copy
85
    local tracking_branch=$(git branch --show-current)
86
    git checkout main
87
    git branch -d $tracking_branch
88
}
89

90

91

92

93
# Make sure we're cd'ed to the top level of a podman repo
94
test -d .git || die "No .git subdirectory (please cd to top level)"
95

96
# Clear all dependabot remote branches
97
git branch -r | grep /dependabot/go_modules/ \
98
    | xargs --no-run-if-empty git branch -r -d
99

100
# ...and pull new ones
101
git pull --all
102

103
# Abort on any error from here on
104
set -e
105

106
# We cannot have any git-modified files
107
modified=$(git ls-files -m)
108
test -z "$modified" || die "Modified files exist: $modified"
109

110
for branch in $(git branch -r | grep /dependabot/go_modules/); do
111
    echo
112
    echo ">>>>> $branch"
113
    branch_dance $branch
114
done
115