starlingx/root
Code Issues Proposed changes

Add access-token option to branching tools

Browse Source 
Github now requires the use of an access token for the
automated push of branches and tags.  The alternative
is a password prompt for each git in the middle of the
tool run.

Closes-bug: 1997483
Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: Ife396dfed48a941df4c1e82eef7860017a4ff213
This commit is contained in:
Scott Little 2022-09-09 11:03:14 -04:00
parent a221b7a99a
commit 422f89cec1
3 changed files with 66 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
build-tools/branching/push_branches_tags.sh
View File

@ -25,7 +25,7 @@ usage () {
echo " [ --exclude-projects=<projects> ]" echo " [ --exclude-projects=<projects> ]"
echo " [ --manifest [ --manifest-file=<file.xml> ] ]" echo " [ --manifest [ --manifest-file=<file.xml> ] ]"
echo " [ --bypass-gerrit] [--safe-gerrit-host=<host>]" echo " [ --bypass-gerrit] [--safe-gerrit-host=<host>]"
echo " [ --dry-run ]" echo " [ --access-token=<remote>:<token> ] [ --dry-run ]"
echo "" echo ""
echo "Push a pre-existing branch and tag into all listed projects, and all" echo "Push a pre-existing branch and tag into all listed projects, and all"
echo "projects hosted by all listed remotes, minus excluded projects." echo "projects hosted by all listed remotes, minus excluded projects."
@ -42,10 +42,13 @@ usage () {
echo "--safe-gerrit-host allows one to specify host names of gerrit servers" echo "--safe-gerrit-host allows one to specify host names of gerrit servers"
echo "that are safe to push reviews to." echo "that are safe to push reviews to."
echo "" echo ""
echo "--access-token can be used to supply an access token for direct (non-gerrit) push attempts"
echo " to specific remotes. e.g. github now requires this"
echo ""
echo "--dry-run will print out git push commands without executing them" echo "--dry-run will print out git push commands without executing them"
} }
TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,branch:,tag:,bypass-gerrit,manifest,manifest-file:,safe-gerrit-host:,help,dry-run -n 'push_branches_tags.sh' -- "$@") TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,branch:,tag:,bypass-gerrit,manifest,manifest-file:,safe-gerrit-host:,help,access-token:,dry-run -n 'push_branches_tags.sh' -- "$@")
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo_stderr "ERROR: getopt failure" echo_stderr "ERROR: getopt failure"
usage usage
@ -64,6 +67,7 @@ branch=""
tag="" tag=""
manifest="" manifest=""
repo_root_dir="" repo_root_dir=""
declare -A access_token
safe_gerrit_hosts=() safe_gerrit_hosts=()
while true ; do while true ; do
@ -79,6 +83,15 @@ while true ; do
--manifest) MANIFEST=1 ; shift ;; --manifest) MANIFEST=1 ; shift ;;
--manifest-file) repo_set_manifest_file "$2" ; shift 2;; --manifest-file) repo_set_manifest_file "$2" ; shift 2;;
--safe-gerrit-host) safe_gerrit_hosts+=("$2") ; shift 2;; --safe-gerrit-host) safe_gerrit_hosts+=("$2") ; shift 2;;
--access-token) val=$2
at_remote=$(echo "$val" | cut -d ':' -f 1)
at_token=$(echo "$val" | cut -d ':' -f 2)
if [ -z "$at_token" ]; then
usage
exit 1
fi
access_token["$at_remote"]="$at_token"
shift 2 ;;
--) shift ; break ;; --) shift ; break ;;
*) usage; exit 1 ;; *) usage; exit 1 ;;
esac esac
@ -252,12 +265,26 @@ for subgit in $SUBGITS; do
echo "git review --topic=${branch/\//.}" && \ echo "git review --topic=${branch/\//.}" && \
$DRY_RUN_CMD with_retries -d 45 -t 15 -k 5 5 git review --topic="${branch/\//.}" $DRY_RUN_CMD with_retries -d 45 -t 15 -k 5 5 git review --topic="${branch/\//.}"
else else
if [ "${access_token[${review_remote}]}" != "" ]; then
git_set_push_url_with_access_token "${review_remote}" "${access_token[${review_remote}]}"
if [ $? != 0 ]; then
echo_stderr "ERROR: Failed to set url with access token for remote '${review_remote}' in ${subgit}"
exit 1
fi
fi
echo "git push ${review_remote} ${branch}:${branch} $DRY_RUN" && \ echo "git push ${review_remote} ${branch}:${branch} $DRY_RUN" && \
with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${branch}:${branch} $DRY_RUN && \ with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${branch}:${branch} $DRY_RUN && \
echo "git push ${review_remote} ${tag}:${tag} $DRY_RUN" && \ echo "git push ${review_remote} ${tag}:${tag} $DRY_RUN" && \
with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${tag}:${tag} $DRY_RUN with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${tag}:${tag} $DRY_RUN
fi fi
else else
if [ "${access_token[${remote}]}" != "" ]; then
git_set_push_url_with_access_token "${remote}" "${access_token[${remote}]}"
if [ $? != 0 ]; then
echo_stderr "ERROR: Failed to set url with access token for remote '${remote}' in ${subgit}"
exit 1
fi
fi
echo "git push ${remote} ${branch}:${branch} $DRY_RUN" && \ echo "git push ${remote} ${branch}:${branch} $DRY_RUN" && \
with_retries -d 45 -t 15 -k 5 5 git push ${remote} ${branch}:${branch} $DRY_RUN && \ with_retries -d 45 -t 15 -k 5 5 git push ${remote} ${branch}:${branch} $DRY_RUN && \
echo "git push ${remote} ${tag}:${tag} $DRY_RUN" && \ echo "git push ${remote} ${tag}:${tag} $DRY_RUN" && \

27
build-tools/branching/push_tags.sh
View File

@ -23,12 +23,15 @@ usage () {
echo " [ --exclude-projects=<projects> ]" echo " [ --exclude-projects=<projects> ]"
echo " [ --manifest [ --manifest-file=<manifest.xml> ] [--manifest-prefix <prefix>]]" echo " [ --manifest [ --manifest-file=<manifest.xml> ] [--manifest-prefix <prefix>]]"
echo " [ --bypass-gerrit ] [--safe-gerrit-host=<host>]" echo " [ --bypass-gerrit ] [--safe-gerrit-host=<host>]"
echo " [ --dry-run ]" echo " [ --access-token=<remote>:<token> ] [ --dry-run ]"
echo " " echo " "
echo "Push a pre-existing git tag into all listed projects, and all projects" echo "Push a pre-existing git tag into all listed projects, and all projects"
echo "hosted by all listed remotes, minus excluded projects." echo "hosted by all listed remotes, minus excluded projects."
echo "Lists are comma separated." echo "Lists are comma separated."
echo "" echo ""
echo "--access-token can be used to supply an access token for direct (non-gerrit) push attempts"
echo " to specific remotes. e.g. github now requires this"
echo ""
echo "A manifest push can also be requested." echo "A manifest push can also be requested."
echo "" echo ""
echo "--manifest-file may be used to override the manifest file to be updated." echo "--manifest-file may be used to override the manifest file to be updated."
@ -38,7 +41,7 @@ usage () {
} }
TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,tag:,manifest,manifest-file:,manifest-prefix:,bypass-gerrit,safe-gerrit-host:,help,dry-run -n 'push_tags.sh' -- "$@") TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,tag:,manifest,manifest-file:,manifest-prefix:,bypass-gerrit,safe-gerrit-host:,access-token:,help,dry-run -n 'push_tags.sh' -- "$@")
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo_stderr "ERROR: getopt failure" echo_stderr "ERROR: getopt failure"
usage usage
@ -58,6 +61,7 @@ manifest=""
manifest_prefix="" manifest_prefix=""
new_manifest="" new_manifest=""
repo_root_dir="" repo_root_dir=""
declare -A access_token
safe_gerrit_hosts=() safe_gerrit_hosts=()
while true ; do while true ; do
@ -73,6 +77,15 @@ while true ; do
--manifest-file) repo_set_manifest_file "$2"; shift 2;; --manifest-file) repo_set_manifest_file "$2"; shift 2;;
--manifest-prefix) manifest_prefix=$2; shift 2;; --manifest-prefix) manifest_prefix=$2; shift 2;;
--safe-gerrit-host) safe_gerrit_hosts+=("$2") ; shift 2 ;; --safe-gerrit-host) safe_gerrit_hosts+=("$2") ; shift 2 ;;
--access-token) val=$2
at_remote=$(echo "$val" | cut -d ':' -f 1)
at_token=$(echo "$val" | cut -d ':' -f 2)
if [ -z "$at_token" ]; then
usage
exit 1
fi
access_token["$at_remote"]="$at_token"
shift 2 ;;
--) shift ; break ;; --) shift ; break ;;
*) usage; exit 1 ;; *) usage; exit 1 ;;
esac esac
@ -202,8 +215,16 @@ for subgit in $SUBGITS; do
echo "git push ${review_remote} ${tag}" echo "git push ${review_remote} ${tag}"
with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${tag} ${DRY_RUN} with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${tag} ${DRY_RUN}
else else
if [ "${access_token[${remote}]}" != "" ]; then
echo "Trying remote '${remote}' with access token"
git_set_push_url_with_access_token "${remote}" "${access_token[${remote}]}"
if [ $? != 0 ]; then
echo_stderr "ERROR: Failed to set url with access token for remote '${remote}' in ${subgit}"
exit 1
fi
fi
echo "git push ${remote} ${tag}" echo "git push ${remote} ${tag}"
with_retries -d 45 -t 15 -k 5 5 git push ${remote} ${tag} ${DRY_RUN} with_retries -d 45 -t 15 -k 5 2 git push ${remote} ${tag} ${DRY_RUN}
fi fi
if [ $? != 0 ] ; then if [ $? != 0 ] ; then

13
build-tools/git-utils.sh
View File

@ -585,3 +585,16 @@ git_review_remote () {
git_remote git_remote
fi fi
} }
git_set_push_url_with_access_token () {
local remote="$1"
local access_token="$2"
local push_url=""
# Get url of remote. Insert 'access_token@ into the url
push_url=$(git remote get-url ${remote} | sed "s#://#://${access_token}@#")
if [ $? != 0 ] || [ "$push_url" == "" ] ; then
return 1
fi
git remote set-url --push ${remote} ${push_url}
}