#!/usr/bin/perl # # buildah-vendor-treadmill - daily vendor of latest-buildah onto latest-podman # package Podman::BuildahVendorTreadmill; use v5.14; use utf8; use open qw( :encoding(UTF-8) :std ); use strict; use warnings; use File::Temp qw(tempfile); use JSON; use LWP::UserAgent; (our $ME = $0) =~ s|.*/||; our $VERSION = '0.1'; # For debugging, show data structures using DumpTree($var) #use Data::TreeDumper; $Data::TreeDumper::Displayaddress = 0; ############################################################################### # BEGIN user-customizable section # github path to buildah our $Buildah = 'github.com/containers/buildah'; # FIXME FIXME FIXME: add 'main'? I hope we never need this script for branches. our $Treadmill_PR_Title = 'DO NOT MERGE: buildah vendor treadmill'; our $API_URL = 'https://api.github.com/graphql'; # Use colors if available and if stdout is a tty our $Highlight = ''; our $Reset = ''; eval ' use Term::ANSIColor; if (-t 1) { $Highlight = color("green"); $Reset = color("reset"); } $SIG{__WARN__} = sub { print STDERR color("bold red"), "@_", $Reset; }; '; # END user-customizable section ############################################################################### ############################################################################### # BEGIN boilerplate args checking, usage messages sub usage { print <<"END_USAGE"; Usage: $ME [OPTIONS] [--sync | --pick ] $ME is (2022-04-20) **EXPERIMENTAL** $ME is intended to solve the problem of vendoring buildah into podman. Call me with one of two options: --sync The usual case. Mostly used by Ed. Called from a development branch, this just updates everything so we vendor in latest-buildah (main) on top of latest-podman (main). With a few sanity checks. --pick Used for really-truly vendoring in a new buildah; will cherry-pick a commit on your buildah-vendor working branch For latest documentation and best practices, please see: https://github.com/containers/podman/wiki/Buildah-Vendor-Treadmill OPTIONS: --help display this message --version display program name and version END_USAGE exit; } # Command-line options. Note that this operates directly on @ARGV ! our %action; our $debug = 0; our $force = 0; our $verbose = 0; our $NOT = ''; # print "blahing the blah$NOT\n" if $debug sub handle_opts { use Getopt::Long; GetOptions( 'sync' => sub { $action{sync}++ }, 'pick' => sub { $action{pick}++ }, 'debug!' => \$debug, 'dry-run|n!' => sub { $NOT = ' [NOT]' }, 'force' => \$force, 'verbose|v' => \$verbose, help => \&usage, version => sub { print "$ME version $VERSION\n"; exit 0 }, ) or die "Try `$ME --help' for help\n"; } # END boilerplate args checking, usage messages ############################################################################### ############################## CODE BEGINS HERE ############################### # The term is "modulino". __PACKAGE__->main() unless caller(); # Main code. sub main { # Note that we operate directly on @ARGV, not on function parameters. # This is deliberate: it's because Getopt::Long only operates on @ARGV # and there's no clean way to make it use @_. handle_opts(); # will set package globals # Fetch command-line arguments. Barf if too many. # FIXME: if called with arg, that's the --sync branch? # FIXME: if called with --pick + arg, that's the PR? die "$ME: Too many arguments; try $ME --help\n" if @ARGV; my @action = keys(%action); die "$ME: Please invoke me with one of --sync or --pick\n" if ! @action; die "$ME: Please invoke me with ONLY one of --sync or --pick\n" if @action > 1; my $handler = __PACKAGE__->can("do_@action") or die "$ME: No handler available for --@action\n"; # We've validated the command-line args. Before running action, check # that repo is clean. None of our actions can be run on a dirty repo. assert_clean_repo(); $handler->(); } ############################################################################### # BEGIN sync and its helpers sub do_sync { # Preserve current branch name, so we can come back after switching to main my $current_branch = git_current_branch(); my $buildah_old = vendored_buildah(); print "-> buildah old = $buildah_old\n"; # If HEAD is a buildah-vendor commit (usual case), drop it now. if (head_is_buildah_vendor_commit()) { if (is_treadmill_commit('HEAD^')) { progress("HEAD is buildah vendor (as expected); dropping it..."); git('reset', '--hard', 'HEAD^'); } else { die "$ME: HEAD is a buildah commit, but HEAD^ is not a treadmill commit! Cannot continue.\n"; } } # HEAD must now be a treadmill commit is_treadmill_commit('HEAD') or die "$ME: HEAD is not a treadmill commit!\n"; # HEAD is now a change to buildah-tests. Now update main and rebase. pull_main(); git('checkout', '-q', $current_branch); my $forkpoint = git('merge-base', '--fork-point', 'main'); my $main_commit = git('rev-parse', 'main'); my $rebased; if ($forkpoint eq $main_commit) { progress("[Already rebased on podman main]"); } else { # --empty=keep may be needed after a --pick commit, when we've # vendored a new buildah into podman and incorporated the treadmill # commit. Since this is a perpetual-motion workflow, in which we # keep an in-progress PR open at all times, we need a baseline # commit even if it's empty. progress("Rebasing on podman main..."); git('rebase', '--empty=keep', 'main'); # FIXME: rebase can fail after --pick. If it does, offer instructions. $rebased = 1; } # We're now back on our treadmill branch, with one commit on top of main. # Now vendor in latest buildah. progress("Vendoring in buildah..."); system('go', 'mod', 'edit', '--require' => "${Buildah}\@main") == 0 or die "$ME: go mod edit failed\n"; system('make', 'vendor') == 0 or die "$ME: make vendor failed\n"; my $buildah_new = vendored_buildah(); print "-> buildah new = $buildah_new\n"; git('commit', '-as', '-m', <<"END_COMMIT_MESSAGE"); [DO NOT MERGE] vendor in buildah \@ $buildah_new This is a JUNK COMMIT from $ME v$VERSION. DO NOT MERGE. This is just a way to keep the buildah-podman vendoring in sync. See script --help for details. END_COMMIT_MESSAGE # if buildah is unchanged, and we did not pull main, exit cleanly my $change_message = ''; if ($buildah_new eq $buildah_old) { if (! $rebased) { progress("Nothing has changed (same buildah, same podman). Bye!"); exit 0; } $change_message = "Podman has bumped, but Buildah is unchanged. There's probably not much point to testing this."; } else { my $samenew = ($rebased ? 'new' : 'same'); $change_message = "New buildah, $samenew podman. Good candidate for pushing."; } progress($change_message); build_and_check_podman(); progress("All OK. It's now up to you to 'git push --force'"); progress(" --- Reminder: $change_message"); } ######################### # is_treadmill_commit # ARG (HEAD or HEAD^) commit message =~ treadmill ######################### sub is_treadmill_commit { my $commit_message = git('log', '-1', '--format=%s', @_); print "[$commit_message]\n" if $verbose; $commit_message =~ /buildah.*treadmill/; } ############### # pull_main # Switch to main, and pull latest from github ############### sub pull_main { progress("Pulling podman main..."); git('checkout', '-q', 'main'); git('pull', '-r', git_upstream(), 'main'); } ############################ # build_and_check_podman # Run quick (local) sanity checks before pushing ############################ sub build_and_check_podman { my $errs = 0; # Confirm that we can still build podman progress("Running 'make' to confirm that podman builds cleanly..."); system('make') == 0 or die "$ME: 'make' failed with new buildah. Cannot continue.\n"; # See if any new options need man pages progress('Cross-checking man pages...'); $errs += system('hack/xref-helpmsgs-manpages'); # Confirm that buildah-bud patches still apply. This requires knowing # the name of the directory created by the bud-tests script. progress("Confirming that buildah-bud-tests patches still apply..."); system('rm -rf test-buildah-*'); $errs += system('test/buildah-bud/run-buildah-bud-tests', '--no-test'); # Clean up system('rm -rf test-buildah-*'); return if !$errs; warn "$ME: Errors found. Please address, then add to HEAD^ commit\n"; die " ...see $ME --help for more information.\n"; } # END sync and its helpers ############################################################################### # BEGIN pick and its helpers # # This is what gets used on a real vendor-new-buildah PR sub do_pick { my $current_branch = git_current_branch(); # Confirm that current branch is a buildah-vendor one head_is_buildah_vendor_commit(1); progress("HEAD is a buildah vendor commit. Good."); # Identify and pull the treadmill PR my $treadmill_pr = treadmill_pr(); my $treadmill_branch = "$ME/pr$treadmill_pr/tmp$$"; progress("Fetching treadmill PR $treadmill_pr into $treadmill_branch"); git('fetch', git_upstream(), "pull/$treadmill_pr/head:$treadmill_branch"); # read buildah go.mod from it, and from current tree, and compare my $buildah_on_treadmill = vendored_buildah($treadmill_branch); my $buildah_here = vendored_buildah(); if ($buildah_on_treadmill ne $buildah_here) { warn "$ME: Warning: buildah version mismatch:\n"; warn "$ME: on treadmill: $buildah_on_treadmill\n"; warn "$ME: on this branch: $buildah_here\n"; # FIXME: should this require --force? A yes/no prompt? # FIXME: I think not, because usual case will be a true tagged version warn "$ME: Continuing anyway\n"; } cherry_pick($treadmill_pr, $treadmill_branch); # Clean up git('branch', '-D', $treadmill_branch); build_and_check_podman(); progress("Looks good! Please 'git commit --amend' before pushing."); } ################## # treadmill_pr # Returns ID of open podman PR with the desired subject ################## sub treadmill_pr { my $query = <<'END_QUERY'; { search( query: "buildah vendor treadmill repo:containers/podman", type: ISSUE, first: 10 ) { edges { node { ... on PullRequest { number state title } } } } } END_QUERY my $ua = LWP::UserAgent->new; $ua->agent("$ME " . $ua->agent); # Identify ourself my %headers = ( 'Accept' => "application/vnd.github.antiope-preview+json", 'Content-Type' => "application/json", ); # Use github token if available, but don't require it. (All it does is # bump up our throttling limit, which shouldn't be an issue) (unless # someone invokes this script hundreds of times per minute). if (my $token = $ENV{GITHUB_TOKEN}) { $headers{Authorization} = "bearer $token"; } $ua->default_header($_ => $headers{$_}) for keys %headers; # Massage the query: escape quotes, put it all in one line, collapse spaces $query =~ s/\"/\\"/g; $query =~ s/\n/\\n/g; $query =~ s/\s+/ /g; # ...and now one more massage my $postquery = qq/{ "query": \"$query\" }/; print $postquery, "\n" if $debug; my $res = $ua->post($API_URL, Content => $postquery); if ((my $code = $res->code) != 200) { print $code, " ", $res->message, "\n"; exit 1; } # Got something. Confirm that it has all our required fields my $content = decode_json($res->content); use Data::Dump; dd $content if $debug; exists $content->{data} or die "$ME: No '{data}' section in response\n"; exists $content->{data}{search} or die "$ME: No '{data}{search}' section in response\n"; exists $content->{data}{search}{edges} or die "$ME: No '{data}{search}{edges}' section in response\n"; # Confirm that there is exactly one such PR my @prs = @{ $content->{data}{search}{edges} }; @prs > 0 or die "$ME: WEIRD! No 'buildah vendor treadmill' PRs found!\n"; @prs = grep { $_->{node}{title} eq $Treadmill_PR_Title } @prs or die "$ME: No PRs found with title '$Treadmill_PR_Title'\n"; @prs = grep { $_->{node}{state} eq 'OPEN' } @prs or die "$ME: Found '$Treadmill_PR_Title' PRs, but none are OPEN\n"; @prs == 1 or die "$ME: Multiple OPEN '$Treadmill_PR_Title' PRs found!\n"; # Yay. Found exactly one. return $prs[0]{node}{number}; } ################# # cherry_pick # cherry-pick a commit, updating its commit message ################# sub cherry_pick { my $treadmill_pr = shift; # e.g., 12345 my $treadmill_branch = shift; # e.g., b-v-p/pr12345/tmpNNN progress("Cherry-picking from $treadmill_pr^"); # Create a temp script. Do so in /var/tmp because sometimes $TMPDIR # (e.g. /tmp) has noexec. my ($fh, $editor) = tempfile( "$ME.edit-commit-message.XXXXXXXX", DIR => "/var/tmp" ); printf { $fh } <<'END_EDIT_SCRIPT', $ME, $VERSION, $treadmill_pr; #!/bin/bash if [[ -z "$1" ]]; then echo "FATAL: Did not get called with an arg" >&2 exit 1 fi msgfile=$1 if [[ ! -e $msgfile ]]; then echo "FATAL: git-commit file does not exist: $msgfile" >&2 exit 1 fi tmpfile=$msgfile.tmp rm -f $tmpfile cat >$tmpfile < The git commit message from that PR is below. Please review it, > edit as necessary, then remove this comment block. \^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ EOF # Strip the "DO NOT MERGE" header from the treadmill PR, print only # the "Changes as of YYYY-MM-DD" and subsequent lines sed -ne '/^Changes as of/,$ p' <$msgfile >>$tmpfile mv $tmpfile $msgfile END_EDIT_SCRIPT close $fh or die "$ME: Error writing $editor: $!\n"; chmod 0755 => $editor; local $ENV{EDITOR} = $editor; git('cherry-pick', '--allow-empty', '--edit', "$treadmill_branch^"); unlink $editor; } # END pick and its helpers ############################################################################### # BEGIN general-purpose helpers ############## # progress # Progris riport Dr Strauss says I shud rite down what I think ############## sub progress { print $Highlight, "|\n+---> @_\n", $Reset; } ####################### # assert_clean_repo # Don't even think of running with local changes ####################### sub assert_clean_repo { my @changed = git('status', '--porcelain', '--untracked=no') or return; warn "$ME: Modified files in repo:\n"; warn " $_\n" for @changed; exit 1; } ######################## # git_current_branch # e.g., 'vendor_buildah' ######################## sub git_current_branch() { my $b = git('rev-parse', '--abbrev-ref=strict', 'HEAD'); # There is no circumstance in which we can ever be called from main die "$ME: must run from side branch, not main\n" if $b eq 'main'; return $b; } ################## # git_upstream # Name of true github upstream ################## sub git_upstream { for my $line (git('remote', '-v')) { my ($remote, $url, $type) = split(' ', $line); if ($url =~ m!github\.com.*containers/(podman|libpod)!) { if ($type =~ /fetch/) { return $remote; } } } die "$ME: did not find a remote with 'github.com/containers/podman'\n"; } ######### # git # Run a git command ######### sub git { my @cmd = ('git', @_); print "\$ @cmd\n" if $verbose || $debug; open my $fh, '-|', @cmd or die "$ME: Cannot fork: $!\n"; my @results; while (my $line = <$fh>) { chomp $line; push @results, $line; } close $fh or die "$ME: command failed: @cmd\n"; return wantarray ? @results : join("\n", @results); } ################################### # head_is_buildah_vendor_commit # Returns 1 if HEAD is buildah vendor ################################### sub head_is_buildah_vendor_commit { my $fatal = shift; # in: if true, die upon anything missing my @deltas = git('diff', '--name-only', 'HEAD^', 'HEAD'); # It's OK if there are more modified files than just these. # It's not OK if any of these are missing. my @expect = qw(go.mod go.sum vendor/modules.txt); my @missing; for my $expect (@expect) { if (! grep { $_ eq $expect } @deltas) { push @missing, "$expect is unchanged"; } } if (! grep { m!^vendor/\Q$Buildah\E/! } @deltas) { push @missing, "no changes under $Buildah"; } if (@missing) { if ($fatal || $verbose) { warn "$ME: HEAD does not look like a buildah vendor commit:\n"; warn "$ME: - $_\n" for @missing; if ($fatal) { die "$ME: Cannot continue\n"; } warn "$ME: ...this might be okay, continuing anyway...\n"; } return; } return 1; } ###################### # vendored_buildah # Returns currently-vendored buildah ###################### sub vendored_buildah { my $gomod_file = 'go.mod'; my @gomod; if (@_) { # Called with a branch argument; fetch that version of go.mod $gomod_file = "@_:$gomod_file"; @gomod = git('show', $gomod_file); } else { # No branch argument, read file open my $fh, '<', $gomod_file or die "$ME: Cannot read $gomod_file: $!\n"; while (my $line = <$fh>) { chomp $line; push @gomod, $line; } close $fh; } for my $line (@gomod) { if ($line =~ m!^\s+\Q$Buildah\E\s+(\S+)!) { return $1; } } die "$ME: Could not find buildah in $gomod_file!\n"; } # END general-purpose helpers ###############################################################################