From 2b7350a50f647fdddfa7312e8c76452a4bc9479a Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Mon, 2 Oct 2023 13:05:51 -0700
Subject: [PATCH 1/6] Add code freeze GitHub actions for releasing

---
 .github/workflows/code_freeze.yml |  51 +++++++++++++
 scripts/code-freeze.js            | 117 ++++++++++++++++++++++++++++++
 2 files changed, 168 insertions(+)
 create mode 100644 .github/workflows/code_freeze.yml
 create mode 100644 scripts/code-freeze.js

diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml
new file mode 100644
index 000000000000..3b1d643fdcf3
--- /dev/null
+++ b/.github/workflows/code_freeze.yml
@@ -0,0 +1,51 @@
+on:
+  workflow_dispatch:
+    inputs:
+      type:
+        description: Enable/disable code freeze
+        required: true
+        type: choice
+        options:
+          - enable
+          - disable
+
+    secrets:
+      CODE_FREEZE_TOKEN:
+        required: true
+
+name: Code Freeze
+
+env:
+  NAPI_CLI_VERSION: 2.14.7
+  TURBO_VERSION: 1.10.9
+  NODE_MAINTENANCE_VERSION: 16
+  NODE_LTS_VERSION: 18
+
+jobs:
+  start:
+    runs-on: ubuntu-latest
+    env:
+      NEXT_TELEMETRY_DISABLED: 1
+      # we build a dev binary for use in CI so skip downloading
+      # canary next-swc binaries in the monorepo
+      NEXT_SKIP_NATIVE_POSTINSTALL: 1
+
+    environment: release-${{ github.event.inputs.releaseType }}
+    steps:
+      - name: Setup node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          check-latest: true
+
+      - run: git clone https://github.com/vercel/next.js.git --depth=25 .
+
+      # https://github.com/actions/virtual-environments/issues/1187
+      - name: tune linux network
+        run: sudo ethtool -K eth0 tx off rx off
+
+      - run: corepack enable && pnpm --version
+
+      - run: node ./scripts/code-freeze.js --type ${{ github.event.inputs.type }}
+        env:
+          CODE_FREEZE_TOKEN: ${{ secrets.CODE_FREEZE_TOKEN }}
diff --git a/scripts/code-freeze.js b/scripts/code-freeze.js
new file mode 100644
index 000000000000..d13f83bfb579
--- /dev/null
+++ b/scripts/code-freeze.js
@@ -0,0 +1,117 @@
+const authToken = process.env.CODE_FREEZE_TOKEN
+
+if (!authToken) {
+  throw new Error(`missing CODE_FREEZE_TOKEN env`)
+}
+
+const codeFreezeRule = {
+  context: 'Potentially publish release',
+  app_id: 15368,
+}
+
+async function updateRules(newRules) {
+  const res = await fetch(
+    `https://api.github.com/repos/vercel/next.js/branches/canary/protection`,
+    {
+      method: 'PUT',
+      headers: {
+        Accept: 'application/vnd.github+json',
+        Authorization: `Bearer ${authToken}`,
+        'X-GitHub-Api-Version': '2022-11-28',
+      },
+      body: JSON.stringify(newRules),
+    }
+  )
+
+  if (!res.ok) {
+    throw new Error(
+      `Failed to check for rule ${res.status} ${await res.text()}`
+    )
+  }
+}
+
+async function getCurrentRules() {
+  const res = await fetch(
+    `https://api.github.com/repos/vercel/next.js/branches/canary/protection`,
+    {
+      headers: {
+        Accept: 'application/vnd.github+json',
+        Authorization: `Bearer ${authToken}`,
+        'X-GitHub-Api-Version': '2022-11-28',
+      },
+    }
+  )
+
+  if (!res.ok) {
+    throw new Error(
+      `Failed to check for rule ${res.status} ${await res.text()}`
+    )
+  }
+  const data = await res.json()
+
+  return {
+    required_status_checks: {
+      strict: data.required_status_checks.strict,
+      // checks: data.required_status_checks.checks,
+      contexts: data.required_status_checks.contexts,
+    },
+    enforce_admins: data.enforce_admins.enabled,
+    required_pull_request_reviews: {
+      dismiss_stale_reviews:
+        data.required_pull_request_reviews.dismiss_stale_reviews,
+      require_code_owner_reviews:
+        data.required_pull_request_reviews.require_code_owner_reviews,
+      require_last_push_approval:
+        data.required_pull_request_reviews.require_last_push_approval,
+      required_approving_review_count:
+        data.required_pull_request_reviews.required_approving_review_count,
+    },
+    restrictions: data.restrictions || {
+      users: [],
+      teams: [],
+      apps: [],
+    },
+  }
+}
+
+async function main() {
+  const typeIdx = process.argv.indexOf('--type')
+  const type = process.argv[typeIdx + 1]
+
+  if (type !== 'enable' && type !== 'disable') {
+    throw new Error(`--type should be enable or disable`)
+  }
+  const isEnable = type === 'enable'
+  const currentRules = await getCurrentRules()
+  const hasRule = currentRules.required_status_checks.contexts?.some((ctx) => {
+    return ctx === codeFreezeRule.context
+  })
+
+  console.log(currentRules)
+
+  if (isEnable) {
+    if (hasRule) {
+      console.log(`Already enabled`)
+      return
+    }
+    currentRules.required_status_checks.contexts.push(codeFreezeRule.context)
+    await updateRules(currentRules)
+    console.log('Enabled code freeze')
+  } else {
+    if (!hasRule) {
+      console.log(`Not enabled`)
+      return
+    }
+    currentRules.required_status_checks.contexts =
+      currentRules.required_status_checks.contexts.filter(
+        (ctx) => ctx !== codeFreezeRule.context
+      )
+    await updateRules(currentRules)
+    console.log('Disabled code freeze')
+  }
+}
+
+main().catch((err) => {
+  console.error(err)
+  process.exit(1)
+})

From 39b5b30b1218bf0e2052135ebcb96492389e196b Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Mon, 2 Oct 2023 13:10:10 -0700
Subject: [PATCH 2/6] Apply suggestions from code review

Co-authored-by: Steven <steven@ceriously.com>
---
 .github/workflows/code_freeze.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml
index 3b1d643fdcf3..f6e5c56959a8 100644
--- a/.github/workflows/code_freeze.yml
+++ b/.github/workflows/code_freeze.yml
@@ -38,7 +38,7 @@ jobs:
           node-version: 18
           check-latest: true
 
-      - run: git clone https://github.com/vercel/next.js.git --depth=25 .
+      - run: git clone https://github.com/vercel/next.js.git --depth=1 .
 
       # https://github.com/actions/virtual-environments/issues/1187
       - name: tune linux network

From 5a47143b8c1c89f8750d956b969ca94f168d538e Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Mon, 2 Oct 2023 13:22:06 -0700
Subject: [PATCH 3/6] Apply suggestions from code review

Co-authored-by: Zack Tanner <zacktanner@gmail.com>
---
 .github/workflows/code_freeze.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml
index f6e5c56959a8..fe154493e48e 100644
--- a/.github/workflows/code_freeze.yml
+++ b/.github/workflows/code_freeze.yml
@@ -24,11 +24,6 @@ env:
 jobs:
   start:
     runs-on: ubuntu-latest
-    env:
-      NEXT_TELEMETRY_DISABLED: 1
-      # we build a dev binary for use in CI so skip downloading
-      # canary next-swc binaries in the monorepo
-      NEXT_SKIP_NATIVE_POSTINSTALL: 1
 
     environment: release-${{ github.event.inputs.releaseType }}
     steps:

From d488b2c9d139376d5e873579c4e558faad261672 Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Mon, 2 Oct 2023 13:22:47 -0700
Subject: [PATCH 4/6] Apply suggestions from code review

---
 .github/workflows/code_freeze.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml
index fe154493e48e..ab75c1d14965 100644
--- a/.github/workflows/code_freeze.yml
+++ b/.github/workflows/code_freeze.yml
@@ -39,7 +39,6 @@ jobs:
       - name: tune linux network
         run: sudo ethtool -K eth0 tx off rx off
 
-      - run: corepack enable && pnpm --version
 
       - run: node ./scripts/code-freeze.js --type ${{ github.event.inputs.type }}
         env:

From 321f1fb97973c48ea54f964fbc8c7aa44e29323e Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Mon, 2 Oct 2023 13:42:42 -0700
Subject: [PATCH 5/6] Apply suggestions from code review

Co-authored-by: Steven <steven@ceriously.com>
---
 scripts/code-freeze.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/code-freeze.js b/scripts/code-freeze.js
index d13f83bfb579..6d2d5996d6d3 100644
--- a/scripts/code-freeze.js
+++ b/scripts/code-freeze.js
@@ -99,7 +99,7 @@ async function main() {
     console.log('Enabled code freeze')
   } else {
     if (!hasRule) {
-      console.log(`Not enabled`)
+      console.log(`Already disabled`)
       return
     }
     currentRules.required_status_checks.contexts =

From 772123862e5c14be264b061a058db0f79754dbfc Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Mon, 2 Oct 2023 13:45:50 -0700
Subject: [PATCH 6/6] lint fix

---
 .github/workflows/code_freeze.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml
index ab75c1d14965..513390827cc8 100644
--- a/.github/workflows/code_freeze.yml
+++ b/.github/workflows/code_freeze.yml
@@ -39,7 +39,6 @@ jobs:
       - name: tune linux network
         run: sudo ethtool -K eth0 tx off rx off
 
-
       - run: node ./scripts/code-freeze.js --type ${{ github.event.inputs.type }}
         env:
           CODE_FREEZE_TOKEN: ${{ secrets.CODE_FREEZE_TOKEN }}