debian-mirror-gitlab/bin/secpick

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

183 lines
4.6 KiB
Text
Raw Permalink Normal View History

2018-10-15 14:42:47 +05:30
#!/usr/bin/env ruby
2019-03-02 22:35:43 +05:30
2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
2019-02-15 15:39:39 +05:30
require 'active_support/core_ext/object/to_query'
2018-10-15 14:42:47 +05:30
require 'optparse'
require 'open3'
require 'rainbow/refinement'
using Rainbow
2019-03-02 22:35:43 +05:30
module Secpick
2021-03-11 19:13:27 +05:30
BRANCH_PREFIX = 'security'
STABLE_SUFFIX = 'stable'
2020-01-01 13:55:28 +05:30
2021-03-11 19:13:27 +05:30
DEFAULT_REMOTE = 'security'
2020-01-01 13:55:28 +05:30
2021-03-11 19:13:27 +05:30
SECURITY_MR_URL = 'https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/new'
2019-03-02 22:35:43 +05:30
class SecurityFix
def initialize
@options = self.class.options
end
def dry_run?
@options[:try] == true
end
def source_branch
2020-06-23 00:09:42 +05:30
branch = "#{@options[:branch]}-#{@options[:version]}"
2021-03-11 19:13:27 +05:30
branch = "#{BRANCH_PREFIX}-#{branch}" unless branch.start_with?("#{BRANCH_PREFIX}-")
branch
2019-03-02 22:35:43 +05:30
end
def stable_branch
2021-03-11 19:13:27 +05:30
"#{@options[:version]}-#{STABLE_SUFFIX}-ee"
2019-03-02 22:35:43 +05:30
end
def git_commands
2023-03-17 16:20:25 +05:30
[
fetch_stable_branch,
create_backport_branch,
cherry_pick_commit,
push_to_remote,
checkout_original_branch
]
2019-03-02 22:35:43 +05:30
end
def gitlab_params
{
2019-07-07 11:18:12 +05:30
issuable_template: 'Security Release',
2019-03-02 22:35:43 +05:30
merge_request: {
source_branch: source_branch,
2019-07-07 11:18:12 +05:30
target_branch: stable_branch
2019-03-02 22:35:43 +05:30
}
}
end
def new_mr_url
2020-06-23 00:09:42 +05:30
SECURITY_MR_URL
2019-03-02 22:35:43 +05:30
end
def create!
if dry_run?
2020-01-01 13:55:28 +05:30
puts "\nGit commands:".blue
puts git_commands.join("\n")
2023-03-17 16:20:25 +05:30
if !@options[:merge_request]
puts "\nMerge request URL:".blue
puts new_mr_url
end
2020-01-01 13:55:28 +05:30
puts "\nMerge request params:".blue
2019-03-02 22:35:43 +05:30
pp gitlab_params
else
cmd = git_commands.join(' && ')
stdin, stdout, stderr, wait_thr = Open3.popen3(cmd)
puts stdout.read&.green
puts stderr.read&.red
2023-03-17 16:20:25 +05:30
if wait_thr.value.success? && !@options[:merge_request]
2019-03-02 22:35:43 +05:30
puts "#{new_mr_url}?#{gitlab_params.to_query}".blue
end
stdin.close
stdout.close
stderr.close
end
end
def self.options
2023-03-17 16:20:25 +05:30
{ version: nil, branch: nil, sha: nil, merge_request: false }.tap do |options|
2019-03-02 22:35:43 +05:30
parser = OptionParser.new do |opts|
opts.banner = "Usage: #{$0} [options]"
opts.on('-v', '--version 10.0', 'Version') do |version|
options[:version] = version&.tr('.', '-')
end
opts.on('-b', '--branch security-fix-branch', 'Original branch name (optional, defaults to current)') do |branch|
options[:branch] = branch
end
2020-04-22 19:07:51 +05:30
opts.on('-s', '--sha abcd', 'SHA or SHA range to cherry pick (optional, defaults to current)') do |sha|
2019-03-02 22:35:43 +05:30
options[:sha] = sha
end
2020-04-22 19:07:51 +05:30
opts.on('-r', '--remote dev', "Git remote name of security repo (optional, defaults to `#{DEFAULT_REMOTE}`)") do |remote|
2019-03-02 22:35:43 +05:30
options[:remote] = remote
end
2023-03-17 16:20:25 +05:30
opts.on('--mr', '--merge-request', 'Create relevant security Merge Request targeting the stable branch') do
options[:merge_request] = true
end
2020-01-01 13:55:28 +05:30
opts.on('-d', '--dry-run', 'Only show Git commands, without calling them') do
2019-03-02 22:35:43 +05:30
options[:try] = true
end
opts.on('-h', '--help', 'Displays Help') do
puts opts
exit
end
end
parser.parse!
2020-06-23 00:09:42 +05:30
options[:sha] ||= `git rev-parse HEAD`.strip
options[:branch] ||= `git rev-parse --abbrev-ref HEAD`.strip
2019-03-02 22:35:43 +05:30
options[:remote] ||= DEFAULT_REMOTE
2020-04-22 19:07:51 +05:30
nil_options = options.select {|_, v| v.nil? }
unless nil_options.empty?
abort("Missing: #{nil_options.keys.join(', ')}. Use #{$0} --help to see the list of options available".red)
end
2019-03-02 22:35:43 +05:30
abort("Wrong version format #{options[:version].bold}".red) unless options[:version] =~ /\A\d*\-\d*\Z/
end
end
2023-03-17 16:20:25 +05:30
private
def checkout_original_branch
"git checkout #{@options[:branch]}"
end
def push_to_remote
[
"git push #{@options[:remote]} #{source_branch} --no-verify",
*merge_request_push_options
].join(' ')
end
def merge_request_push_options
return [] unless @options[:merge_request]
[
"-o mr.create",
"-o mr.target='#{stable_branch}'",
"-o mr.description='Please apply Security Release template. /milestone %#{milestone}'"
]
end
def cherry_pick_commit
"git cherry-pick #{@options[:sha]}"
end
def create_backport_branch
"git checkout -B #{source_branch} #{@options[:remote]}/#{stable_branch} --no-track"
end
def fetch_stable_branch
"git fetch #{@options[:remote]} #{stable_branch}"
end
def milestone
@options[:version].gsub('-', '.')
end
2018-10-15 14:42:47 +05:30
end
end
2019-03-02 22:35:43 +05:30
Secpick::SecurityFix.new.create!