Upstream-sync → protected master #795
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upstream-sync → protected master | |
| on: | |
| schedule: # run every night | |
| - cron: '7 2 * * *' | |
| workflow_dispatch: # (optional) manual trigger | |
| permissions: # minimum perms the job needs | |
| contents: write # push the sync branch | |
| pull-requests: write # open, approve & merge the PR | |
| concurrency: # never let two syncs race | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| sync: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # 1. full clone so we always have the latest tip | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # 2. fetch upstream & copy it to a side branch | |
| - name: Update upstream-sync branch | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Configure git identity | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Action" | |
| git remote add upstream https://github.com/openjdk/jdk17u-dev.git | |
| git fetch upstream master | |
| echo "=== Current branch status ===" | |
| git log --oneline -5 | |
| echo "=== Upstream status ===" | |
| git log --oneline -5 upstream/master | |
| # Create sync branch from current master to preserve workflows | |
| git checkout -B upstream-sync origin/master | |
| echo "=== About to merge upstream changes ===" | |
| git log --oneline -1 HEAD | |
| git log --oneline -1 upstream/master | |
| # Simple merge approach - let's see what happens | |
| if git merge upstream/master --no-edit --allow-unrelated-histories; then | |
| echo "=== Merge successful ===" | |
| git log --oneline -5 | |
| else | |
| echo "=== Merge failed, trying alternative approach ===" | |
| git merge --abort || true | |
| git reset --hard upstream/master | |
| # Restore our workflow files after taking upstream | |
| git checkout origin/master -- .github/workflows/ | |
| git add .github/workflows/ | |
| git commit -m "Preserve local workflow files during upstream sync" | |
| echo "=== Alternative approach completed ===" | |
| git log --oneline -5 | |
| fi | |
| echo "=== Final branch status before push ===" | |
| git log --oneline -10 | |
| git push -f origin upstream-sync | |
| # 3. Push the sync branch (manual PR creation required due to repo settings) | |
| - name: Push sync branch and provide instructions | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo "=== Sync branch created successfully ===" | |
| echo "Branch 'upstream-sync' has been pushed with upstream changes." | |
| echo "" | |
| echo "Due to repository settings, GitHub Actions cannot create pull requests automatically." | |
| echo "Please create a PR manually:" | |
| echo "1. Go to: https://github.com/${{ github.repository }}/compare/master...upstream-sync" | |
| echo "2. Click 'Create pull request'" | |
| echo "3. Title: 'Automated upstream merge'" | |
| echo "4. Description: 'Nightly sync of openjdk/jdk17u-dev:master into this fork'" | |
| echo "" | |
| echo "=== Branch status ===" | |
| git log --oneline -10 upstream-sync || echo "Branch details not available in this context" | |
| echo "" | |
| echo "=== To enable automatic PR creation ===" | |
| echo "Go to Settings → Actions → General → Workflow permissions" | |
| echo "Check: 'Allow GitHub Actions to create and approve pull requests'" |