From a41447eacd1f9bf02f8ff6967357abe399a7cdff Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 13:16:58 -0400 Subject: [PATCH 01/16] add auth as github action bot --- .github/workflows/update-platform-branch.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index fe6833d7..7b34bfd8 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -35,6 +35,14 @@ jobs: with: persist-credentials: true + - name: Set up GitHub CLI as Actions bot + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh auth setup-git + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + - name: Fetch latest semver tag for protocol/go id: fetch-latest-tag run: | From 794f6b70251fb590d8c47749f46843726df4e547 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 13:17:44 -0400 Subject: [PATCH 02/16] temp comment out to demo --- .github/workflows/update-platform-branch.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 7b34bfd8..eda25638 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -18,8 +18,8 @@ on: inputs: tag: description: "The new tag or branch to update the platform.branch property to use for targeting the RPC protocol buffers." - required: true - default: "protocol/go/v0.3.0" + # required: true + # default: "protocol/go/v0.3.0" jobs: update-platform-branch: From beebad9a7e338de417e6d07a55ce8a83450cda89 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 13:24:32 -0400 Subject: [PATCH 03/16] try switching to gh cli for pr creation --- .github/workflows/update-platform-branch.yaml | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index eda25638..f46f2faf 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -112,17 +112,21 @@ jobs: - name: Create New PR if: steps.check-pr.outputs.EXISTING_PR == '' - uses: peter-evans/create-pull-request@v7.0.8 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "fix(sdk): Updates to proto version $LATEST_TAG" - branch: update-platform-branch - title: "fix(sdk): Updates to proto version $LATEST_TAG" - body: | - This PR updates the platform.branch property in all pom.xml files to the new tag or branch: $LATEST_TAG. + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + cat < pr_body.txt + This PR updates the platform.branch property in all pom.xml files to the new tag or branch: $LATEST_TAG. + + See the release: https://github.com/opentdf/platform/releases/tag/$LATEST_TAG - See the release: https://github.com/opentdf/platform/releases/tag/$LATEST_TAG + Release Notes: + $RELEASE_NOTES + EOF + gh pr create \ + --title "fix(sdk): Updates to proto version $LATEST_TAG" \ + --body-file pr_body.txt \ + --head update-platform-branch \ + --base main \ + --label "automated-update" - Release Notes: - $RELEASE_NOTES - labels: "automated-update" From 5fb36b4856d986e920ad59bd28326333ade0a5bc Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 13:28:01 -0400 Subject: [PATCH 04/16] pull first --- .github/workflows/update-platform-branch.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index f46f2faf..a72b339c 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -99,6 +99,7 @@ jobs: if: steps.check-pr.outputs.EXISTING_PR == '' run: | git checkout -b update-platform-branch + git pull || true git add . git commit -m "fix(sdk): Updates to proto version $LATEST_TAG" git push origin update-platform-branch From 03d7c5729b575967abfd87ac32f8df2739c99dd4 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 13:30:01 -0400 Subject: [PATCH 05/16] remove pull and label --- .github/workflows/update-platform-branch.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index a72b339c..780a2903 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -99,7 +99,6 @@ jobs: if: steps.check-pr.outputs.EXISTING_PR == '' run: | git checkout -b update-platform-branch - git pull || true git add . git commit -m "fix(sdk): Updates to proto version $LATEST_TAG" git push origin update-platform-branch @@ -129,5 +128,4 @@ jobs: --body-file pr_body.txt \ --head update-platform-branch \ --base main \ - --label "automated-update" From a9605087e8f77faaf8cc29f39b1ff04347d5bea7 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 14:04:35 -0400 Subject: [PATCH 06/16] include release notes --- .github/workflows/update-platform-branch.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 780a2903..952ad2b3 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -115,10 +115,11 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + RELEASE_NOTES=$(gh release view protocol/go/$LATEST_TAG --repo opentdf/platform --json body --jq '.body') cat < pr_body.txt This PR updates the platform.branch property in all pom.xml files to the new tag or branch: $LATEST_TAG. - See the release: https://github.com/opentdf/platform/releases/tag/$LATEST_TAG + See the release: https://github.com/opentdf/platform/releases/tag/protocol%2Fgo%2F$LATEST_TAG Release Notes: $RELEASE_NOTES From 9d9c2994ec913a3d81b3e02ef4500845316fd2e2 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 14:08:24 -0400 Subject: [PATCH 07/16] try exit 0 --- .github/workflows/update-platform-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 952ad2b3..d2cd90f4 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -90,7 +90,7 @@ jobs: if [ -z "$CHANGED_FILES" ]; then echo "No changes detected in pom.xml files." | tee -a $GITHUB_STEP_SUMMARY find . -name "pom.xml.bak" -delete - exit 1 + exit 0 fi echo "The following pom.xml files were updated: $CHANGED_FILES" find . -name "pom.xml.bak" -delete From 494db1e4ce9cb22efbeab2e209f2e6295bc171b9 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 14:14:11 -0400 Subject: [PATCH 08/16] add check for no updates --- .github/workflows/update-platform-branch.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index d2cd90f4..11e972d7 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -84,19 +84,21 @@ jobs: git checkout update-platform-branch - name: Update platform.branch in pom.xml files + id: update-platform-branch run: | find . -name "pom.xml" -exec sed -i.bak "s|.*|${LATEST_TAG}|g" {} \; CHANGED_FILES=$(find . -name "pom.xml" -exec diff -u {} {}.bak \;) if [ -z "$CHANGED_FILES" ]; then echo "No changes detected in pom.xml files." | tee -a $GITHUB_STEP_SUMMARY find . -name "pom.xml.bak" -delete + echo "no_updates=true" >> $GITHUB_OUTPUT exit 0 fi echo "The following pom.xml files were updated: $CHANGED_FILES" find . -name "pom.xml.bak" -delete - name: Create new branch - if: steps.check-pr.outputs.EXISTING_PR == '' + if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.no_updates != 'true' run: | git checkout -b update-platform-branch git add . @@ -104,14 +106,14 @@ jobs: git push origin update-platform-branch - name: Update existing PR - if: steps.check-pr.outputs.EXISTING_PR != '' + if: steps.check-pr.outputs.EXISTING_PR != '' && steps.update-platform-branch.outputs.no_updates != 'true' run: | git add . git commit --amend --no-edit git push origin update-platform-branch --force - name: Create New PR - if: steps.check-pr.outputs.EXISTING_PR == '' + if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.no_updates != 'true' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | From 5c740a61170d2f2a74d5b775bf14bfa3f51b3e07 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 14:16:23 -0400 Subject: [PATCH 09/16] uncomment --- .github/workflows/update-platform-branch.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 11e972d7..38c99369 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -18,8 +18,8 @@ on: inputs: tag: description: "The new tag or branch to update the platform.branch property to use for targeting the RPC protocol buffers." - # required: true - # default: "protocol/go/v0.3.0" + required: true + default: "protocol/go/v0.3.0" jobs: update-platform-branch: From b8e8606627bf563747a8bcbd66003f93c93c050e Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 20 Oct 2025 14:18:02 -0400 Subject: [PATCH 10/16] suggested change --- .github/workflows/update-platform-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 38c99369..e198d67f 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -130,5 +130,5 @@ jobs: --title "fix(sdk): Updates to proto version $LATEST_TAG" \ --body-file pr_body.txt \ --head update-platform-branch \ - --base main \ + --base main From ec52ec62f12dac7b9008bd8de2bb6aca80597ca2 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 21 Oct 2025 14:10:01 -0400 Subject: [PATCH 11/16] signed commits test --- .github/workflows/update-platform-branch.yaml | 60 ++++++++++++++----- 1 file changed, 45 insertions(+), 15 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index e198d67f..84283296 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -20,6 +20,8 @@ on: description: "The new tag or branch to update the platform.branch property to use for targeting the RPC protocol buffers." required: true default: "protocol/go/v0.3.0" + pull_request: + jobs: update-platform-branch: @@ -63,11 +65,13 @@ jobs: CURRENT_TAG=$(grep -oP '\K.*(?=)' pom.xml | head -n1) if [ "$CURRENT_TAG" = "$LATEST_TAG" ]; then echo "Platform branch is already up-to-date." - exit 1 + echo "no_updates=true" >> "$GITHUB_OUTPUT" + exit 0 fi echo "CURRENT_TAG=$CURRENT_TAG" >> "$GITHUB_ENV" - name: Check for existing PR + if: steps.check-update.outputs.no_updates != 'true' id: check-pr run: | EXISTING_PR=$(gh pr list --head update-platform-branch --json number --jq '.[0].number') @@ -78,12 +82,13 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check out existing PR - if: steps.check-pr.outputs.EXISTING_PR != '' + if: steps.check-pr.outputs.EXISTING_PR != '' && steps.check-update.outputs.no_updates != 'true' run: | git fetch origin update-platform-branch:update-platform-branch git checkout update-platform-branch - name: Update platform.branch in pom.xml files + if: steps.check-update.outputs.no_updates != 'true' id: update-platform-branch run: | find . -name "pom.xml" -exec sed -i.bak "s|.*|${LATEST_TAG}|g" {} \; @@ -91,31 +96,56 @@ jobs: if [ -z "$CHANGED_FILES" ]; then echo "No changes detected in pom.xml files." | tee -a $GITHUB_STEP_SUMMARY find . -name "pom.xml.bak" -delete - echo "no_updates=true" >> $GITHUB_OUTPUT exit 0 fi + # otherwise output that changes were made + echo "changes=true" >> $GITHUB_OUTPUT echo "The following pom.xml files were updated: $CHANGED_FILES" find . -name "pom.xml.bak" -delete - name: Create new branch - if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.no_updates != 'true' + if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.changes == 'true' run: | - git checkout -b update-platform-branch - git add . - git commit -m "fix(sdk): Updates to proto version $LATEST_TAG" - git push origin update-platform-branch + git checkout -b $BRANCH_NAME + git push origin $BRANCH_NAME + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRANCH_NAME: update-platform-branch - - name: Update existing PR - if: steps.check-pr.outputs.EXISTING_PR != '' && steps.update-platform-branch.outputs.no_updates != 'true' + - name: Update files + working-directory: ./web-sdk + if: steps.update-platform-branch.outputs.changes == 'true' run: | - git add . - git commit --amend --no-edit - git push origin update-platform-branch --force + echo "Committing changes..." + FILES_CHANGED=$(git status --porcelain | awk '{print $2}') + for file in $FILES_CHANGED; do + echo "Committing file: $file" + + CONTENT=$(base64 -i $file) + FILENAME=$(basename $file) + MESSAGE="Update $FILENAME to match platform tag $LATEST_TAG" + + SHA=$( git rev-parse $BRANCH_NAME:$file 2>/dev/null | grep -E '^[0-9a-f]{40}$' || echo "" ) + if [ -z "$SHA" ]; then + SHA="" + fi + + gh api --method PUT /repos/opentdf/web-sdk/contents/$file \ + --field message="$MESSAGE" \ + --field content="$CONTENT" \ + --field encoding="base64" \ + --field branch="$BRANCH_NAME" \ + --field sha="$SHA" + done + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRANCH_NAME: update-platform-branch - name: Create New PR - if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.no_updates != 'true' + if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-branch.outputs.changes == 'true' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRANCH_NAME: update-platform-branch run: | RELEASE_NOTES=$(gh release view protocol/go/$LATEST_TAG --repo opentdf/platform --json body --jq '.body') cat < pr_body.txt @@ -129,6 +159,6 @@ jobs: gh pr create \ --title "fix(sdk): Updates to proto version $LATEST_TAG" \ --body-file pr_body.txt \ - --head update-platform-branch \ + --head $BRANCH_NAME \ --base main From c6caa092c08ae8154e2b8f0794f5664de54c8ba6 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 21 Oct 2025 14:11:29 -0400 Subject: [PATCH 12/16] remove web_sdk copy --- .github/workflows/update-platform-branch.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 84283296..fcea1269 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -113,7 +113,6 @@ jobs: BRANCH_NAME: update-platform-branch - name: Update files - working-directory: ./web-sdk if: steps.update-platform-branch.outputs.changes == 'true' run: | echo "Committing changes..." @@ -130,7 +129,7 @@ jobs: SHA="" fi - gh api --method PUT /repos/opentdf/web-sdk/contents/$file \ + gh api --method PUT /repos/{{ github.repository }}/contents/$file \ --field message="$MESSAGE" \ --field content="$CONTENT" \ --field encoding="base64" \ From ff04b734c55748e0f11e0e64c21b6233139f8c38 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 21 Oct 2025 14:14:30 -0400 Subject: [PATCH 13/16] correct formatting --- .github/workflows/update-platform-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index fcea1269..26bbe5d3 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -129,7 +129,7 @@ jobs: SHA="" fi - gh api --method PUT /repos/{{ github.repository }}/contents/$file \ + gh api --method PUT /repos/${{ github.repository }}/contents/$file \ --field message="$MESSAGE" \ --field content="$CONTENT" \ --field encoding="base64" \ From 6f1e2768a6669012bc3c6f6db81fb4e46746b397 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 21 Oct 2025 14:16:45 -0400 Subject: [PATCH 14/16] remove testing stuff --- .github/workflows/update-platform-branch.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 26bbe5d3..9ffdf312 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -20,8 +20,6 @@ on: description: "The new tag or branch to update the platform.branch property to use for targeting the RPC protocol buffers." required: true default: "protocol/go/v0.3.0" - pull_request: - jobs: update-platform-branch: From 1102d519fda67f84d11e56492eee54cc7ac14603 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 21 Oct 2025 14:17:21 -0400 Subject: [PATCH 15/16] change file name in message --- .github/workflows/update-platform-branch.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 9ffdf312..8439e180 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -119,8 +119,7 @@ jobs: echo "Committing file: $file" CONTENT=$(base64 -i $file) - FILENAME=$(basename $file) - MESSAGE="Update $FILENAME to match platform tag $LATEST_TAG" + MESSAGE="Update $file to match platform tag $LATEST_TAG" SHA=$( git rev-parse $BRANCH_NAME:$file 2>/dev/null | grep -E '^[0-9a-f]{40}$' || echo "" ) if [ -z "$SHA" ]; then From 3135c59c577e345c19029d0bd04639d48f3ce73f Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 21 Oct 2025 16:50:16 -0400 Subject: [PATCH 16/16] run slightly after midnight --- .github/workflows/update-platform-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-platform-branch.yaml b/.github/workflows/update-platform-branch.yaml index 8439e180..60545527 100644 --- a/.github/workflows/update-platform-branch.yaml +++ b/.github/workflows/update-platform-branch.yaml @@ -8,7 +8,7 @@ name: "Update Platform Branch" on: schedule: - - cron: "0 0 * * *" # Runs daily at midnight UTC + - cron: "17 0 * * *" # Runs daily at 00:17 UTC workflow_call: inputs: tag: