Merge pull request #25678 from ashley-cui/mach-os-pr

GHA: Open PR to podman-machine-os on releases

.github/workflows/machine-os-pr.yml

@@ -0,0 +1,145 @@
+name: "Machine OS PR"
+
+on:
+  pull_request_target:
+    # prevent action from running on older release-process branches
+    # TODO: remove when we move to new release flow
+    branches:
+      - 'v5.5'
+      - 'main'
+    paths:
+      - 'version/rawversion/version.go'
+
+concurrency:
+  # Cancel other in-progress runs on re-pushes
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  podman-image-build-pr:
+    name: Open PR on podman-machine-os
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    env:
+      SHA: ${{github.event.pull_request.head.sha}}
+      UPSTREAM_MACHINE_OS: "containers/podman-machine-os"
+      PODMAN_REPO: "containers/podman"
+    steps:
+
+      - name: Get version
+        id: getversion
+        run: |
+          VERSION=$(curl "https://raw.githubusercontent.com/$PODMAN_REPO/$SHA/version/rawversion/version.go" | sed -n 's/^const RawVersion = \"\(.*\)\"$/\1/p')
+          # ignore -dev version bumps unless on main
+          if [[ ${{github.base_ref}} != "main" ]] && [[ $VERSION == *-dev ]] ; then
+            echo "::warning:: SKIPPING: dev bump not on main"
+          elif [[ ${{github.base_ref}} == *-rhel ]] ; then
+            echo "::warning:: SKIPPING: rhel branch"
+          else
+            echo "update=true" >> "$GITHUB_OUTPUT"
+          fi
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Check machine-os-branch
+        if: steps.getversion.outputs.update == 'true'
+        run: |
+          if ! (curl -s https://api.github.com/repos/$UPSTREAM_MACHINE_OS/branches| jq -e --arg branch "${{github.base_ref}}" '.[] | select(.name==$branch)') ; then
+            echo "::error:: Release branch does not exist."
+            echo "::error:: Please push $branch to $UPSTREAM_MACHINE_OS, then re-run this task."
+            exit 1
+          fi
+
+      - name: Label
+        if: steps.getversion.outputs.update == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+        run: |
+          gh pr edit --add-label do-not-merge/wait-machine-os-build ${{github.event.number}}
+
+      - name: Install wait-for-copr
+        if: steps.getversion.outputs.update == 'true'
+        run: |
+          pip3 install git+https://github.com/packit/wait-for-copr.git@main
+
+      - uses: actions/checkout@v4
+        if: steps.getversion.outputs.update == 'true'
+        id: checkout
+        with:
+          repository: containers/podman-machine-os
+          ref: ${{github.base_ref}}
+          token: ${{secrets.PODMANBOT_TOKEN}}
+
+      - name: Bump version
+        if: steps.getversion.outputs.update == 'true'
+        run: |
+          echo ${{steps.getversion.outputs.version}}
+          sed -i 's/export PODMAN_VERSION=".*"/export PODMAN_VERSION="${{steps.getversion.outputs.version}}"/g' podman-rpm-info-vars.sh
+          sed -i 's/export PODMAN_PR_NUM=".*"/export PODMAN_PR_NUM="${{github.event.number}}"/g' podman-rpm-info-vars.sh
+          echo "Updated file:"
+          cat podman-rpm-info-vars.sh
+
+      - name: Wait for COPR build
+        if: steps.getversion.outputs.update == 'true'
+        run: |
+          wait-for-copr \
+          --owner packit \
+          --project containers-podman-${{github.event.number}} \
+          podman \
+          ${SHA::9}
+
+      - name: Push
+        if: steps.getversion.outputs.update == 'true'
+        run: |
+          # Make committer the user who triggered the action, either through cutting a release or manual trigger
+          # GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
+          git config --local user.name ${{ github.actor }}
+          git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
+          bumpbranch="pr${{github.event.number}}"
+          git checkout -b $bumpbranch
+          git add podman-rpm-info-vars.sh
+          git commit --signoff -m "Bump Podman to v${{ steps.getversion.outputs.version }}"
+          git remote add podmanbot https://github.com/podmanbot/podman-machine-os
+          git push -f podmanbot "$bumpbranch"
+
+      - name: Check open PRs
+        id: checkpr
+        if: steps.getversion.outputs.update == 'true'
+        run: |
+          prs=$(gh pr list \
+            --repo $UPSTREAM_MACHINE_OS \
+            --head "pr${{github.event.number}}" \
+            --state open \
+            --json title \
+            --jq 'length')
+          if ((prs > 0)); then
+            echo "::notice:: SKIPPING: PR already exists. Re-pushed to re-trigger build."
+          else
+            echo "openpr=true" >> "$GITHUB_OUTPUT"
+          fi
+        env:
+          GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
+
+      - name: Open PR
+        if: steps.getversion.outputs.update == 'true' && steps.checkpr.outputs.openpr == 'true'
+        id: pr
+        run: |
+          bumpbranch="pr${{github.event.number}}"
+          uri=`gh pr create \
+            --title "Bump Podman to v${{ steps.getversion.outputs.version }}" \
+            --body  "Triggered by https://github.com/$PODMAN_REPO/pull/${{github.event.number}}" \
+            --head "podmanbot:$bumpbranch" \
+            --base "${{github.base_ref}}" \
+            --repo $UPSTREAM_MACHINE_OS`
+          echo "uri=$uri" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
+
+      - name: Comment PR link
+        if: steps.getversion.outputs.update == 'true' && steps.checkpr.outputs.openpr == 'true'
+        uses: thollander/actions-comment-pull-request@v3
+        with:
+          message: "Building images at: ${{ steps.pr.outputs.uri }}"