[autobackport: sssd-2-9] Automatically generate release notes when creating new release#8598
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a suite of scripts to automate the generation and publication of release notes for SSSD. It includes tools to extract fixed issues from git logs, parse commit messages for release-specific tags, and automate the creation of a pull request on the sssd.io repository. Key feedback includes fixing a script name mismatch in the release process, addressing security concerns regarding temporary file usage for tokens and PR messages, and improving the handling of multiline formatting in the Python-based note generator.
| GROUP_END | ||
|
|
||
| GROUP_START "Generate release notes" | ||
| ./scripts/full-release-notes.sh --from "$prev_version" --to HEAD --version "$version" > "/tmp/sssd-$version.rst" |
There was a problem hiding this comment.
The script attempts to call ./scripts/full-release-notes.sh, but the file added in this pull request is named scripts/generate-full-release-notes.sh. This mismatch will cause the release process to fail at this step.
| ./scripts/full-release-notes.sh --from "$prev_version" --to HEAD --version "$version" > "/tmp/sssd-$version.rst" | |
| ./scripts/generate-full-release-notes.sh --from "$prev_version" --to HEAD --version "$version" > "/tmp/sssd-$version.rst" |
| echo $FORK_TOKEN > .token | ||
| gh auth login --with-token < .token | ||
| rm -f .token |
There was a problem hiding this comment.
Writing the GitHub token to a temporary file is a security risk as it could potentially be read by other processes or left behind if the script is interrupted before the rm command. It is safer to pipe the token directly to the gh auth login command.
| echo $FORK_TOKEN > .token | |
| gh auth login --with-token < .token | |
| rm -f .token | |
| echo "$FORK_TOKEN" | gh auth login --with-token |
| import re | ||
| import subprocess | ||
| import sys | ||
| import pypandoc |
There was a problem hiding this comment.
This script introduces a dependency on the pypandoc Python library. If this library is not installed in the environment where the release script runs (e.g., a CI runner or a developer's machine), the script will fail. Consider using the subprocess module to call the pandoc binary directly to avoid an external Python dependency, or ensure it is added to the project's build/release requirements.
| notes = [] | ||
| for match in matches: | ||
| # Join multiline notes, preserving markdown formatting | ||
| note = " ".join([line.strip() for line in match.split("\n")]) |
There was a problem hiding this comment.
Joining multiline notes with spaces will destroy markdown formatting such as bulleted lists, numbered lists, or code blocks that may be present in the commit message's release note section. This results in unreadable release notes when complex formatting is used.
| note = " ".join([line.strip() for line in match.split("\n")]) | |
| note = "\n".join([line.strip() for line in match.split("\n") if line.strip()]) |
| git push --set-upstream "$FORK_USER" "$RN_BRANCH_NAME" --force | ||
|
|
||
| # Prepare pull request message | ||
| BODY_FILE="/tmp/relnotes-message" |
There was a problem hiding this comment.
Using a hardcoded path in /tmp for BODY_FILE can lead to conflicts if multiple instances of the script run on the same host, and it is a potential security risk (symlink attacks). It is better to use the temporary working directory $wd created earlier in the script.
| BODY_FILE="/tmp/relnotes-message" | |
| BODY_FILE="$wd/relnotes-message" |
alexey-tikhonov
added
no-backport
Add a bash script to extract and list resolved GitHub issues from git commit history. The script searches for "Resolves:" references in commit messages between two git refs and outputs a formatted list of closed issues. Features: - Accepts --from <ref> (required) and --to <ref> (defaults to HEAD) - Supports multiple output formats via --format: plain, rst, md - Uses gh CLI to fetch issue details (number, title, state) - Filters to only include closed issues - Outputs formatted list with issue number, URL, and title 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit cb1ef37)
Generate release notes from commit messages: ./scripts/generate-release-notes.py --from FROM --to TO --version VERSION --format md|rst Co-Authored-By: Claude <noreply@anthropic.com> Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 27aac3a)
This scripts prepares a release notes for sssd.io. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 033a81b)
The release workflow is extended to automatically generate release notes and open a draft pull request against sssd.io. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit c8257a3)
|
The pull request was accepted by @alexey-tikhonov with the following PR CI status: 🟢 CodeQL (success) There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging. |
sssd-bot
force-pushed
the
SSSD-sssd-backport-pr8568-to-sssd-2-9
branch
from
a3d8650 to
a994757
Compare
5 participants
This is an automatic backport of PR#8568 Automatically generate release notes when creating new release to branch sssd-2-9, created by @pbrezina.
Please make sure this backport is correct.
Note
The commits were cherry-picked without conflicts.
You can push changes to this pull request
Original commits
cb1ef37 - scripts: add fixed-issues.sh script
27aac3a - scripts: add generate-release-notes.py script
033a81b - scripts: add generate-full-release-notes.sh script
c8257a3 - ci: automatically generate release notes
Backported commits
Original Pull Request Body
This will generate release notes and open a draft pull request against sssd.io
This will make the release process automated, after the workflow is run: