From a3e9c1f9f89f3dd19148b1535acb83beb5fa4ba6 Mon Sep 17 00:00:00 2001 From: Linwei Shang Date: Tue, 19 May 2026 10:36:39 -0400 Subject: [PATCH 1/4] ci: add workflow to bump network-launcher version Adds a workflow_dispatch workflow that verifies the specified icp-cli-network-launcher release tag exists, updates crates/icp-cli/test-network-launcher-version, and opens a PR via the PR automation bot. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/bump-network-launcher.yml | 69 +++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/bump-network-launcher.yml diff --git a/.github/workflows/bump-network-launcher.yml b/.github/workflows/bump-network-launcher.yml new file mode 100644 index 00000000..11b2bcf7 --- /dev/null +++ b/.github/workflows/bump-network-launcher.yml @@ -0,0 +1,69 @@ +name: Bump network-launcher + +on: + workflow_dispatch: + inputs: + version: + description: 'icp-cli-network-launcher release version (e.g. v12.0.0-2026-04-16-04-20 or 12.0.0-2026-04-16-04-20)' + required: true + +jobs: + bump-network-launcher: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Verify release tag exists + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + VERSION="${{ inputs.version }}" + TAG="v${VERSION#v}" + if ! gh release view "$TAG" --repo dfinity/icp-cli-network-launcher >/dev/null 2>&1; then + echo "::error::Release tag '$TAG' not found in dfinity/icp-cli-network-launcher" + exit 1 + fi + + - name: Update test-network-launcher-version + id: update + run: | + VERSION="${{ inputs.version }}" + VERSION="${VERSION#v}" + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + printf '%s' "$VERSION" > crates/icp-cli/test-network-launcher-version + + if git diff --quiet; then + echo "needs_update=false" >> "$GITHUB_OUTPUT" + else + echo "needs_update=true" >> "$GITHUB_OUTPUT" + fi + + - name: Create GitHub App Token + if: steps.update.outputs.needs_update == 'true' + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + id: app-token + with: + client-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_CLIENT_ID }} + private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} + + - name: Open pull request + if: steps.update.outputs.needs_update == 'true' + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + run: | + VERSION="${{ steps.update.outputs.version }}" + BRANCH="chore/bump-network-launcher-${VERSION}" + TITLE="chore(deps): bump network-launcher to ${VERSION}" + BODY="Updates \`crates/icp-cli/test-network-launcher-version\` to \`${VERSION}\`." + + git config user.name "pr-automation-bot-public[bot]" + git config user.email "pr-automation-bot-public[bot]@users.noreply.github.com" + git checkout -b "$BRANCH" + git add crates/icp-cli/test-network-launcher-version + git commit -m "$TITLE" + git push origin "$BRANCH" --force + + gh pr create --title "$TITLE" --body "$BODY" --base main --head "$BRANCH" \ + || echo "PR already open on $BRANCH, branch updated." From 220b178447b923f3d09a9a51801d43cc82c59ac4 Mon Sep 17 00:00:00 2001 From: Linwei Shang Date: Tue, 19 May 2026 10:48:45 -0400 Subject: [PATCH 2/4] chore: move network-launcher-version to repo root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file is no longer test-only — it pins which release is used for both tests and promotion-to-latest. Move it from crates/icp-cli/test-network-launcher-version to network-launcher-version at the workspace root and update all readers (build.rs, the download script, the bump workflow, and the test module comment). Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/bump-network-launcher.yml | 8 ++++---- crates/icp-cli/build.rs | 9 ++++++--- crates/icp-cli/tests/common/mod.rs | 2 +- ...-network-launcher-version => network-launcher-version | 0 scripts/download_test_network_launcher.sh | 2 +- 5 files changed, 12 insertions(+), 9 deletions(-) rename crates/icp-cli/test-network-launcher-version => network-launcher-version (100%) diff --git a/.github/workflows/bump-network-launcher.yml b/.github/workflows/bump-network-launcher.yml index 11b2bcf7..adf41fc7 100644 --- a/.github/workflows/bump-network-launcher.yml +++ b/.github/workflows/bump-network-launcher.yml @@ -26,13 +26,13 @@ jobs: exit 1 fi - - name: Update test-network-launcher-version + - name: Update network-launcher-version id: update run: | VERSION="${{ inputs.version }}" VERSION="${VERSION#v}" echo "version=$VERSION" >> "$GITHUB_OUTPUT" - printf '%s' "$VERSION" > crates/icp-cli/test-network-launcher-version + printf '%s' "$VERSION" > network-launcher-version if git diff --quiet; then echo "needs_update=false" >> "$GITHUB_OUTPUT" @@ -56,12 +56,12 @@ jobs: VERSION="${{ steps.update.outputs.version }}" BRANCH="chore/bump-network-launcher-${VERSION}" TITLE="chore(deps): bump network-launcher to ${VERSION}" - BODY="Updates \`crates/icp-cli/test-network-launcher-version\` to \`${VERSION}\`." + BODY="Updates \`network-launcher-version\` to \`${VERSION}\`." git config user.name "pr-automation-bot-public[bot]" git config user.email "pr-automation-bot-public[bot]@users.noreply.github.com" git checkout -b "$BRANCH" - git add crates/icp-cli/test-network-launcher-version + git add network-launcher-version git commit -m "$TITLE" git push origin "$BRANCH" --force diff --git a/crates/icp-cli/build.rs b/crates/icp-cli/build.rs index fd0aa2ac..1e317f9d 100644 --- a/crates/icp-cli/build.rs +++ b/crates/icp-cli/build.rs @@ -16,11 +16,14 @@ fn define_git_sha() { } fn define_test_network_launcher_version() { - let raw = std::fs::read_to_string("test-network-launcher-version") - .expect("missing test-network-launcher-version file"); + let path = concat!( + env!("CARGO_MANIFEST_DIR"), + "/../../network-launcher-version" + ); + let raw = std::fs::read_to_string(path).expect("missing network-launcher-version file"); let version = raw.trim().trim_start_matches('v'); println!("cargo:rustc-env=TEST_NETWORK_LAUNCHER_VERSION={version}"); - println!("cargo:rerun-if-changed=test-network-launcher-version"); + println!("cargo:rerun-if-changed=../../network-launcher-version"); let out_dir = std::env::var("OUT_DIR").unwrap(); diff --git a/crates/icp-cli/tests/common/mod.rs b/crates/icp-cli/tests/common/mod.rs index ee46d029..a74a3cb1 100644 --- a/crates/icp-cli/tests/common/mod.rs +++ b/crates/icp-cli/tests/common/mod.rs @@ -18,7 +18,7 @@ pub(crate) const PATH_SEPARATOR: &str = ":"; pub(crate) const PATH_SEPARATOR: &str = ";"; // NETWORK_RANDOM_PORT, NETWORK_DOCKER, NETWORK_DOCKER_ENGINE are generated by build.rs -// with the version from test-network-launcher-version injected. +// with the version from network-launcher-version injected. include!(concat!(env!("OUT_DIR"), "/network_constants.rs")); /// An environment manifest utilizing the above network diff --git a/crates/icp-cli/test-network-launcher-version b/network-launcher-version similarity index 100% rename from crates/icp-cli/test-network-launcher-version rename to network-launcher-version diff --git a/scripts/download_test_network_launcher.sh b/scripts/download_test_network_launcher.sh index bc0749ad..f44f1855 100755 --- a/scripts/download_test_network_launcher.sh +++ b/scripts/download_test_network_launcher.sh @@ -4,7 +4,7 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" WORKSPACE_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" -VERSION_FILE="$WORKSPACE_ROOT/crates/icp-cli/test-network-launcher-version" +VERSION_FILE="$WORKSPACE_ROOT/network-launcher-version" TARGET_DIR="$WORKSPACE_ROOT/target/test-fixture" VERSION_CACHE="$TARGET_DIR/network-launcher-version" From 06f4f4a31fe910741d248076216c6b6d6545d0dc Mon Sep 17 00:00:00 2001 From: Linwei Shang Date: Tue, 19 May 2026 10:50:12 -0400 Subject: [PATCH 3/4] ci: add workflow to promote network-launcher on version bump Triggers on push to main when network-launcher-version changes, reads the file, and dispatches the promote-release workflow in dfinity/icp-cli-network-launcher with the corresponding v-prefixed tag. Uses the pr-automation-bot-public App token scoped to the launcher repo. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../workflows/promote-network-launcher.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/promote-network-launcher.yml diff --git a/.github/workflows/promote-network-launcher.yml b/.github/workflows/promote-network-launcher.yml new file mode 100644 index 00000000..549c5760 --- /dev/null +++ b/.github/workflows/promote-network-launcher.yml @@ -0,0 +1,40 @@ +name: Promote network-launcher + +on: + push: + branches: [main] + paths: + - network-launcher-version + +jobs: + promote-network-launcher: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Read version + id: ver + run: | + VERSION=$(tr -d '[:space:]' < network-launcher-version) + if [[ -z "$VERSION" ]]; then + echo "::error::network-launcher-version is empty" + exit 1 + fi + echo "tag=v${VERSION#v}" >> "$GITHUB_OUTPUT" + + - name: Create GitHub App Token + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + id: app-token + with: + client-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_CLIENT_ID }} + private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} + owner: dfinity + repositories: icp-cli-network-launcher + + - name: Dispatch promote-release workflow + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + run: | + gh workflow run promote-release.yml \ + --repo dfinity/icp-cli-network-launcher \ + -f tag="${{ steps.ver.outputs.tag }}" From d42544f9c17eb3fcc9fc997645313e9f6c3f1463 Mon Sep 17 00:00:00 2001 From: Linwei Shang Date: Tue, 19 May 2026 11:02:00 -0400 Subject: [PATCH 4/4] ci: push as app token and check for existing PR explicitly Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/bump-network-launcher.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bump-network-launcher.yml b/.github/workflows/bump-network-launcher.yml index adf41fc7..22df7e08 100644 --- a/.github/workflows/bump-network-launcher.yml +++ b/.github/workflows/bump-network-launcher.yml @@ -52,6 +52,7 @@ jobs: if: steps.update.outputs.needs_update == 'true' env: GH_TOKEN: ${{ steps.app-token.outputs.token }} + APP_TOKEN: ${{ steps.app-token.outputs.token }} run: | VERSION="${{ steps.update.outputs.version }}" BRANCH="chore/bump-network-launcher-${VERSION}" @@ -60,10 +61,15 @@ jobs: git config user.name "pr-automation-bot-public[bot]" git config user.email "pr-automation-bot-public[bot]@users.noreply.github.com" + git remote set-url origin "https://x-access-token:${APP_TOKEN}@github.com/${{ github.repository }}.git" git checkout -b "$BRANCH" git add network-launcher-version git commit -m "$TITLE" git push origin "$BRANCH" --force - gh pr create --title "$TITLE" --body "$BODY" --base main --head "$BRANCH" \ - || echo "PR already open on $BRANCH, branch updated." + existing=$(gh pr list --head "$BRANCH" --base main --state open --json number --jq 'length') + if [[ "$existing" == "0" ]]; then + gh pr create --title "$TITLE" --body "$BODY" --base main --head "$BRANCH" + else + echo "PR already open on $BRANCH, branch updated." + fi