Skip to content

Add workflow for automatic rebase. #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
DaniilKl wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add workflow for automatic rebase. #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
8bb75cf
.github: workflows: rebase.yml: add; scripts: rebase.sh: add
DaniilKl Apr 9, 2026
58e44a1
Add CI/CD workflow and a script for triggering Woodpecker workflow via
DaniilKl Apr 13, 2026
382f529
.github: workflows: qubes-dom0-packagev2.yml: add qubes-component-branch
DaniilKl Apr 15, 2026
0de7bf6
README.md: delete "Used by" for qubes-dom0-packagev2
DaniilKl Apr 15, 2026
ed96075
Address review
DaniilKl Apr 21, 2026
9501536
scripts: rebase.sh: add empty commits handling
DaniilKl Apr 21, 2026
2d9d77c
scripts: rebase.sh: add a note about empty commits
DaniilKl Apr 22, 2026
08b43ea
.github: workflows: update actions/checkout to v6
DaniilKl Apr 23, 2026
e51d845
scripts: rebase.sh: Address review
DaniilKl Apr 23, 2026
b70dcd6
.github: workflows: rebase.yml: add rebase-exit-code output, the return
DaniilKl Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/qubes-dom0-package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,11 @@ jobs:
contents: write

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
fetch-depth: 100 # need history for `git format-patch`

- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
repository: TrenchBoot/.github
path: shared
Expand Down
19 changes: 14 additions & 5 deletions .github/workflows/qubes-dom0-packagev2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ on:
Forced version of a package.
required: false
type: string
qubes-component-branch:
description: >
Forced repository branch to build component from
required: false
type: string

jobs:
build-and-package:
Expand All @@ -40,7 +45,7 @@ jobs:
createrepo-c devscripts python3-docker reprepro \
python3-pathspec mktorrent python3-lxml python3-dateutil

- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
repository: QubesOS/qubes-builderv2
ref: 80dd898cc0472dd99f161f1d1c7c44da64de93f2
Expand Down Expand Up @@ -79,6 +84,7 @@ jobs:
PKG_DIR: ${{ inputs.qubes-pkg-src-dir }}
PKG_REV: ${{ inputs.qubes-pkg-revision }}
PKG_VER: ${{ inputs.qubes-pkg-version }}
BUILD_BRANCH: ${{ inputs.qubes-component-branch }}
# Following 2 variables are used in double expansion '${${{ github.ref_type }}}',
# do not change these names even though they don't follow the convention.
branch: ${{ github.head_ref }}
Expand All @@ -88,11 +94,14 @@ jobs:
# Switch from Qubes to Docker executor
sed -i "/^executor:$/,+4d; /^#executor:$/,+3s/#//" builder.yml

branch_name=${${{ github.ref_type }}}
branch_name="${BUILD_BRANCH}"
if [ -z "$branch_name" ]; then
# github.head_ref is set only for pull requests, this should
# handle pushes
branch_name=$(basename "$GITHUB_REF")
branch_name=${${{ github.ref_type }}}
if [ -z "$branch_name" ]; then
# github.head_ref is set only for pull requests, this should
# handle pushes
branch_name=$(basename "$GITHUB_REF")
fi
fi

if [ -n "$PKG_DIR" ]; then
Expand Down
104 changes: 104 additions & 0 deletions .github/workflows/rebase.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
---
name: Try rebasing on updated upstream, report in case of conflicts

on:
workflow_call:
secrets:
first-remote-token:
description: >
Personal access token for performing the following operations on the
downstream-repo: fetch the repository, create a branch, delete a
branch, create commits on a branch, push to a branch, open a PR, close
a PR, get list of PRs.
required: true
inputs:
downstream-repo:
description: >
<first_repo> parameter for the rebase.sh script.
required: true
type: string
downstream-branch:
description: >
<first_repo_branch> parameter for the rebase.sh script.
required: true
type: string
upstream-repo:
description: >
<second_repo> parameter for the rebase.sh script.
required: true
type: string
upstream-branch:
description: >
<second_repo_branch> parameter for the rebase.sh script.
required: true
type: string
commit-user-name:
description: >
NAME parameter for the --commit-user-name option of the rebase.sh
script.
required: true
type: string
commit-user-email:
description: >
EMAIL parameter for the --commit-user-email option of the rebase.sh
script.
required: true
type: string
cicd-trigger-resume:
description: >
MESSAGE parameter for the --cicd-trigger-resume option of the
rebase.sh script.
required: true
type: string
outputs:
rebase-exit-code:
description: >
Exit code returned by the rebase.sh script. See the script's --help
output for the meaning of each code.
value: ${{ jobs.rebase-attempt.outputs.rebase-exit-code }}

jobs:
rebase-attempt:
runs-on: ubuntu-latest
name: Try rebasing on updated upstream, report in case of conflicts
permissions:
# For creation/deletion/pushing to branches and creating PRs
contents: write
outputs:
rebase-exit-code: ${{ steps.rebase.outputs.exit-code }}
steps:
- uses: actions/checkout@v6
with:
repository: TrenchBoot/.github
path: shared
ref: ${{ job.workflow_sha }}
- name: Run script for rebasing
id: rebase
env:
FIRST_REMOTE_TOKEN: ${{ secrets.first-remote-token }}
DOWNSTREAM_REPO: ${{ inputs.downstream-repo }}
DOWNSTREAM_BRANCH: ${{ inputs.downstream-branch }}
UPSTREAM_REPO: ${{ inputs.upstream-repo }}
UPSTREAM_BRANCH: ${{ inputs.upstream-branch }}
NAME: ${{ inputs.commit-user-name }}
EMAIL: ${{ inputs.commit-user-email }}
MESSAGE: ${{ inputs.cicd-trigger-resume }}
run: |
Copy link
Copy Markdown

@m-iwanicki m-iwanicki Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should deal with return code 5 (nothing to rebase). I don't think failing job (red x) would look good. I think in that case rest of the jobs should be skipped

Copy link
Copy Markdown
Author

@DaniilKl DaniilKl Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO differentiating between a rebase success and nothing to rebase could be useful, so instead of modifying the script, I have modified the reusable workflow: b70dcd6 . But now I need to check the rebase-exit-code in the calling workflows.

Copy link
Copy Markdown
Author

@DaniilKl DaniilKl Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have modified all workflows that use this reusable workflow so far:

set +e
shared/scripts/rebase.sh --first-remote-token "$FIRST_REMOTE_TOKEN" \
--commit-user-name "$NAME" \
--commit-user-email "$EMAIL" \
--cicd-trigger-resume "$MESSAGE" \
"$DOWNSTREAM_REPO" \
"$DOWNSTREAM_BRANCH" \
"$UPSTREAM_REPO" \
"$UPSTREAM_BRANCH"
rc=$?
echo "exit-code=${rc}" >> "$GITHUB_OUTPUT"
# The "No rebase needed" return code should be considered a success
# here, as we do not want to show that a job has failed in that case
# to avoid drawing attention of maintainers.
if [ "$rc" -eq "5" ]; then
exit "0"
fi
exit "${rc}"
73 changes: 73 additions & 0 deletions .github/workflows/trigger-woodpecker-pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Trigger a Woodpecker CI/CD pipeline

on:
workflow_call:
inputs:
api-url:
description: >
Base URL of the Woodpecker instance, e.g. https://ci.example.com.
--api-url parameter for the woodpecker-trigger.sh script.
required: true
type: string
owner:
description: >
Repository owner (user or organization).
--owner parameter for the woodpecker-trigger.sh script.
required: true
type: string
repo:
description: >
Repository name.
--repo parameter for the woodpecker-trigger.sh script.
required: true
type: string
ref:
description: >
Branch to trigger the pipeline on.
--ref parameter for the woodpecker-trigger.sh script.
required: false
type: string
default: 'main'
inputs:
description: >
Additional --input flags to pass to woodpecker-trigger.sh, e.g.
"--input KEY=VALUE --input KEY2=VALUE2". Keys must be valid shell
variable names (no hyphens).
required: false
type: string
default: ''
secrets:
woodpecker-token:
description: >
Woodpecker API token for triggering the pipeline.
--token parameter for the woodpecker-trigger.sh script.
required: true

jobs:
trigger-woodpecker:
runs-on: ubuntu-latest
name: Trigger a Woodpecker CI/CD pipeline
permissions:
contents: read
steps:
- uses: actions/checkout@v6
with:
repository: TrenchBoot/.github
path: shared
ref: ${{ job.workflow_sha }}
- name: Trigger Woodpecker CI/CD pipeline
env:
WOODPECKER_TOKEN: ${{ secrets.woodpecker-token }}
WOODPECKER_API_URL: ${{ inputs.api-url }}
WOODPECKER_OWNER: ${{ inputs.owner }}
WOODPECKER_REPO: ${{ inputs.repo }}
WOODPECKER_REF: ${{ inputs.ref }}
WOODPECKER_INPUTS: ${{ inputs.inputs }}
run: |
shared/scripts/woodpecker-trigger.sh \
--token "$WOODPECKER_TOKEN" \
--api-url "$WOODPECKER_API_URL" \
--owner "$WOODPECKER_OWNER" \
--repo "$WOODPECKER_REPO" \
--ref "$WOODPECKER_REF" \
$WOODPECKER_INPUTS
Loading