theohbrothers · leojonathanoh · Sep 14, 2023 · Sep 14, 2023
diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
@@ -0,0 +1,25 @@
+name: cron
+on:
+  schedule:
+    # Run daily
+    - cron: '0 0 * * *'
+jobs:
+  update-versions:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+    # Admin user must generate a Personal Access Token with 'workflow' permissions, and used to populate the secret named WORKFLOW_TOKEN.
+    # See: https://stackoverflow.com/questions/68811838/refusing-to-allow-a-personal-access-token-to-create-or-update-workflow
+    # See: https://stackoverflow.com/questions/66643917/refusing-to-allow-a-github-app-to-create-or-update-workflow
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        token: ${{ secrets.WORKFLOW_TOKEN }}  # This configures the git repo to use this token
+        fetch-depth: 0  # Fetch all branches and tags
+    - shell: pwsh
+      run: |
+        ./Update-Versions.ps1 -PR -AutoMergeQueue -AutoRelease
+      env:
+        GITHUB_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
diff --git a/Update-Versions.ps1 b/Update-Versions.ps1
@@ -0,0 +1,65 @@
+# This script is to update versions in version.json, create PR(s) for each bumped version, merge PRs, and release
+# It may be run manually or as a cron
+# Use -WhatIf for dry run
+[CmdletBinding(SupportsShouldProcess)]
+param (
+    [Parameter(HelpMessage="Whether to clone a temporary repo before opening PRs. Useful in development")]
+    [switch]$CloneTempRepo
+,
+    [Parameter(HelpMessage="Whether to open a PR for each updated version in version.json")]
+    [switch]$PR
+,
+    [Parameter(HelpMessage="Whether to merge each PR one after another (note that this is not GitHub merge queue which cannot handle merge conflicts). The queue ensures each PR is rebased to prevent merge conflicts")]
+    [switch]$AutoMergeQueue
+,
+    [Parameter(HelpMessage="Whether to create a tagged release and closing milestone, after merging all PRs")]
+    [switch]$AutoRelease
+,
+    [Parameter(HelpMessage="-AutoRelease tag convention")]
+    [ValidateSet('calver', 'semver')]
+    [string]$AutoReleaseTagConvention = 'calver'
+)
+$ErrorActionPreference = 'Stop'
+Set-StrictMode -Version Latest
+
+# Install modules
+@(
+    'Generate-DockerImageVariantsHelpers'
+    'Powershell-Yaml'
+) | % {
+    if (! (Get-InstalledModule $_ -ErrorAction SilentlyContinue) ) {
+        Install-Module $_ -Scope CurrentUser -Force
+    }
+}
+# Override with development module if it exists
+if (Test-Path ../Generate-DockerImageVariantsHelpers/src/Generate-DockerImageVariantsHelpers) {
+    Import-module ../Generate-DockerImageVariantsHelpers/src/Generate-DockerImageVariantsHelpers -Force
+}
+
+try {
+    if ($CloneTempRepo) {
+        $repo = Clone-TempRepo
+        Push-Location $repo
+    }
+
+    $env:GITHUB_TOKEN = if ($env:GITHUB_TOKEN) { $env:GITHUB_TOKEN } else { (Get-Content ~/.git-credentials -Encoding utf8 -Force) -split "`n" | % { if ($_ -match '^https://[^:]+:([^:]+)@github.com') { $matches[1] } } | Select-Object -First 1 }
+
+    # Get my versions from generate/definitions/versions.json
+    $versions = Get-Content $PSScriptRoot/generate/definitions/versions.json -Encoding utf8 | ConvertFrom-Json
+    # Get new versions
+    $versionsNew = Invoke-WebRequest https://api.github.com/repos/OpenVPN/easy-rsa/git/refs/tags | ConvertFrom-Json | % { $_.ref -replace 'refs/tags/v', ''} | ? { $_ -match '^\d+\.\d+\.\d+$' } | Sort-Object { [version]$_ } -Descending
+    # Get changed versions
+    $scope = 'patch'
+    $versionsChanged = Get-VersionsChanged -Versions $versions -VersionsNew $versionsNew -ChangeScope $scope -AsObject -Descending
+    # Update versions.json, and open PRs with CI disabled
+    $prs = Update-DockerImageVariantsVersions -VersionsChanged $versionsChanged -CommitPreScriptblock { Move-Item .github .github.disabled -Force } -PR:$PR -WhatIf:$WhatIfPreference
+    # Update versions.json, update PRs with CI, merge PRs one at a time, release and close milestone
+    $return = Update-DockerImageVariantsVersions -VersionsChanged $versionsChanged -PR:$PR -AutoMergeQueue:$AutoMergeQueue -AutoRelease:$AutoRelease -AutoReleaseTagConvention $AutoReleaseTagConvention -WhatIf:$WhatIfPreference
+}catch {
+    throw
+}finally {
+    if ($CloneTempRepo) {
+        Pop-Location
+    }
+}
+
diff --git a/generate/definitions/FILES.ps1 b/generate/definitions/FILES.ps1
@@ -1,6 +1,7 @@
 # Files' definition
 $FILES = @(
     '.github/workflows/ci-master-pr.yml'
+    '.github/workflows/cron.yml'
     '.github/release-drafter.yml'
     'README.md'
 )
diff --git a/generate/templates/.github/workflows/cron.yml.ps1 b/generate/templates/.github/workflows/cron.yml.ps1
@@ -0,0 +1,28 @@
+@'
+name: cron
+on:
+  schedule:
+    # Run daily
+    - cron: '0 0 * * *'
+jobs:
+  update-versions:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+    # Admin user must generate a Personal Access Token with 'workflow' permissions, and used to populate the secret named WORKFLOW_TOKEN.
+    # See: https://stackoverflow.com/questions/68811838/refusing-to-allow-a-personal-access-token-to-create-or-update-workflow
+    # See: https://stackoverflow.com/questions/66643917/refusing-to-allow-a-github-app-to-create-or-update-workflow
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        token: ${{ secrets.WORKFLOW_TOKEN }}  # This configures the git repo to use this token
+        fetch-depth: 0  # Fetch all branches and tags
+    - shell: pwsh
+      run: |
+        ./Update-Versions.ps1 -PR -AutoMergeQueue -AutoRelease
+      env:
+        GITHUB_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
+
+'@