Skip to content
Upstream-sync → protected master

Upstream-sync → protected master #791

Sign in to view logs

Upstream-sync → protected master

Upstream-sync → protected master #791

Workflow file for this run

.github/workflows/dd-sync.yml at ee2444e
name: Upstream-sync → protected master
on:
schedule: # run every night
- cron: '7 2 * * *'
workflow_dispatch: # (optional) manual trigger
permissions: # minimum perms the job needs
contents: write # push the sync branch
pull-requests: write # open, approve & merge the PR
concurrency: # never let two syncs race
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
sync:
runs-on: ubuntu-latest
steps:
# 1. full clone so we always have the latest tip
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
# 2. fetch upstream & copy it to a side branch
- name: Update upstream-sync branch
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Configure git identity
git config --global user.email "[email protected]"
git config --global user.name "GitHub Action"
git remote add upstream https://github.com/openjdk/jdk17u-dev.git
git fetch upstream master
echo "=== Current branch status ==="
git log --oneline -5
echo "=== Upstream status ==="
git log --oneline -5 upstream/master
# Create sync branch from current master to preserve workflows
git checkout -B upstream-sync origin/master
echo "=== About to merge upstream changes ==="
git log --oneline -1 HEAD
git log --oneline -1 upstream/master
# Simple merge approach - let's see what happens
if git merge upstream/master --no-edit --allow-unrelated-histories; then
echo "=== Merge successful ==="
git log --oneline -5
else
echo "=== Merge failed, trying alternative approach ==="
git merge --abort || true
git reset --hard upstream/master
# Restore our workflow files after taking upstream
git checkout origin/master -- .github/workflows/
git add .github/workflows/
git commit -m "Preserve local workflow files during upstream sync"
echo "=== Alternative approach completed ==="
git log --oneline -5
fi
echo "=== Final branch status before push ==="
git log --oneline -10
git push -f origin upstream-sync
# 3. Open or update the PR `upstream-sync -> master`
- name: Create or update pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Check if PR already exists
PR_NUMBER=$(gh pr list --head upstream-sync --base master --json number --jq '.[0].number' || echo "")
if [ -n "$PR_NUMBER" ]; then
echo "PR #$PR_NUMBER already exists, updating it"
gh pr edit $PR_NUMBER --title "Automated upstream merge" --body "Nightly sync of openjdk/jdk17u-dev:master into this fork"
else
echo "Creating new PR"
PR_NUMBER=$(gh pr create --head upstream-sync --base master --title "Automated upstream merge" --body "Nightly sync of openjdk/jdk17u-dev:master into this fork" --json number --jq '.number')
echo "Created PR #$PR_NUMBER"
fi
echo "pr-number=$PR_NUMBER" >> $GITHUB_OUTPUT
# 4. Auto-approve that PR
- name: Auto-approve PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_NUMBER=$(gh pr list --head upstream-sync --base master --json number --jq '.[0].number')
if [ -n "$PR_NUMBER" ]; then
gh pr review $PR_NUMBER --approve --body "Auto-approved upstream sync"
echo "Approved PR #$PR_NUMBER"
fi
# 5. Enable auto-merge so GitHub merges as soon as
# branch protection requirements are satisfied
- name: Enable auto-merge
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_NUMBER=$(gh pr list --head upstream-sync --base master --json number --jq '.[0].number')
if [ -n "$PR_NUMBER" ]; then
gh pr merge $PR_NUMBER --auto --merge
echo "Enabled auto-merge for PR #$PR_NUMBER"
fi