From 205ca69d29a603a4ed75751484cfc50a99a51f09 Mon Sep 17 00:00:00 2001 From: subramaniak Date: Mon, 8 Jun 2026 04:28:08 +0000 Subject: [PATCH 1/5] feat: add module_template_rollout job to daily workflow --- .github/workflows/_local_daily.yml | 63 ++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/.github/workflows/_local_daily.yml b/.github/workflows/_local_daily.yml index 4f4333e..c7c3fd8 100644 --- a/.github/workflows/_local_daily.yml +++ b/.github/workflows/_local_daily.yml @@ -49,3 +49,66 @@ jobs: configurationFile: .github/renovate.json5 env: LOG_LEVEL: debug + + module_template_rollout: + name: Rollout .bazelversion from module_template to all dependent repos + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Create PRs to update .bazelversion in all dependent repos + env: + GH_TOKEN: ${{ secrets.SCORE_BOT_CLASSIC_PAT }} + run: | + set -euo pipefail + + TEMPLATE_REPO="eclipse-score/module_template" + + # Read target Bazel version from the template + BAZEL_VERSION=$(gh api "repos/$TEMPLATE_REPO/contents/.bazelversion" \ + --jq '.content' | base64 --decode | tr -d '[:space:]') + echo "Template .bazelversion: $BAZEL_VERSION" + + # Find all eclipse-score repos that have a .bazelversion file + REPOS=$(gh search code "filename:.bazelversion" \ + --owner eclipse-score --limit 100 \ + --json repository --jq '.[].repository.nameWithOwner' | sort -u) + + for repo in $REPOS; do + [ "$repo" = "$TEMPLATE_REPO" ] && continue + + # Fetch the current .bazelversion of this repo + response=$(gh api "repos/$repo/contents/.bazelversion" 2>/dev/null) || continue + current=$(echo "$response" | jq -r '.content' | base64 --decode | tr -d '[:space:]') + + if [ "$current" = "$BAZEL_VERSION" ]; then + echo "$repo: already up to date ($BAZEL_VERSION), skipping" + continue + fi + echo "$repo: updating $current -> $BAZEL_VERSION" + + default_branch=$(gh api "repos/$repo" --jq '.default_branch') + branch_name="chore/update-bazelversion-to-${BAZEL_VERSION}" + + # Create branch from default branch (ignore error if it already exists) + base_sha=$(gh api "repos/$repo/git/ref/heads/$default_branch" --jq '.object.sha') + gh api "repos/$repo/git/refs" -X POST \ + -f ref="refs/heads/$branch_name" \ + -f sha="$base_sha" 2>/dev/null || true + + # Commit updated .bazelversion on the branch + file_sha=$(gh api "repos/$repo/contents/.bazelversion?ref=$branch_name" --jq '.sha') + new_content=$(printf '%s\n' "$BAZEL_VERSION" | base64 -w0) + gh api "repos/$repo/contents/.bazelversion" -X PUT \ + -f message="chore: update .bazelversion to $BAZEL_VERSION" \ + -f content="$new_content" \ + -f sha="$file_sha" \ + -f branch="$branch_name" + + # Create PR (ignore error if one already exists for this branch) + gh pr create --repo "$repo" \ + --title "chore: update .bazelversion to $BAZEL_VERSION" \ + --body "Automated rollout of [.bazelversion](https://github.com/$TEMPLATE_REPO/blob/main/.bazelversion) from eclipse-score/module_template. Updates Bazel from \`$current\` to \`$BAZEL_VERSION\`." \ + --base "$default_branch" \ + --head "$branch_name" 2>/dev/null || echo "PR already exists for $repo, skipping" + done From 319941cba10fa66ec955476a97efc92735c346f5 Mon Sep 17 00:00:00 2001 From: subramaniak Date: Mon, 8 Jun 2026 04:39:18 +0000 Subject: [PATCH 2/5] fix: correct permissions for module_template_rollout job --- .github/workflows/_local_daily.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/_local_daily.yml b/.github/workflows/_local_daily.yml index c7c3fd8..5f46f23 100644 --- a/.github/workflows/_local_daily.yml +++ b/.github/workflows/_local_daily.yml @@ -54,7 +54,8 @@ jobs: name: Rollout .bazelversion from module_template to all dependent repos runs-on: ubuntu-latest permissions: - contents: read + contents: write + pull-requests: write steps: - name: Create PRs to update .bazelversion in all dependent repos env: From f2176578d07d8b0df04785c7138319945b019a6c Mon Sep 17 00:00:00 2001 From: subramaniak Date: Mon, 8 Jun 2026 04:41:15 +0000 Subject: [PATCH 3/5] feat: add target_repo input to module_template_rollout for targeted testing --- .github/workflows/_local_daily.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/_local_daily.yml b/.github/workflows/_local_daily.yml index 5f46f23..5f3b7e0 100644 --- a/.github/workflows/_local_daily.yml +++ b/.github/workflows/_local_daily.yml @@ -17,6 +17,11 @@ on: schedule: - cron: '0 3 * * *' workflow_dispatch: + inputs: + target_repo: + description: 'Limit rollout to a single repo (e.g. eclipse-score/score_somemodule). Leave empty to run for all repos.' + required: false + default: '' permissions: contents: write @@ -71,9 +76,14 @@ jobs: echo "Template .bazelversion: $BAZEL_VERSION" # Find all eclipse-score repos that have a .bazelversion file - REPOS=$(gh search code "filename:.bazelversion" \ - --owner eclipse-score --limit 100 \ - --json repository --jq '.[].repository.nameWithOwner' | sort -u) + # If target_repo is set (manual trigger), only process that one repo + if [ -n "${{ inputs.target_repo }}" ]; then + REPOS="${{ inputs.target_repo }}" + else + REPOS=$(gh search code "filename:.bazelversion" \ + --owner eclipse-score --limit 100 \ + --json repository --jq '.[].repository.nameWithOwner' | sort -u) + fi for repo in $REPOS; do [ "$repo" = "$TEMPLATE_REPO" ] && continue From 0671f1270b0d8f5db8737042ddc333ff852287a1 Mon Sep 17 00:00:00 2001 From: subramaniak Date: Mon, 8 Jun 2026 05:57:10 +0000 Subject: [PATCH 4/5] fix: address schedule events inputs --- .github/workflows/_local_daily.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/_local_daily.yml b/.github/workflows/_local_daily.yml index 5f3b7e0..78acdca 100644 --- a/.github/workflows/_local_daily.yml +++ b/.github/workflows/_local_daily.yml @@ -65,10 +65,12 @@ jobs: - name: Create PRs to update .bazelversion in all dependent repos env: GH_TOKEN: ${{ secrets.SCORE_BOT_CLASSIC_PAT }} + TARGET_REPO: ${{ github.event.inputs.target_repo || '' }} run: | set -euo pipefail TEMPLATE_REPO="eclipse-score/module_template" + TEMPLATE_DEFAULT_BRANCH=$(gh api "repos/$TEMPLATE_REPO" --jq '.default_branch') # Read target Bazel version from the template BAZEL_VERSION=$(gh api "repos/$TEMPLATE_REPO/contents/.bazelversion" \ @@ -76,9 +78,9 @@ jobs: echo "Template .bazelversion: $BAZEL_VERSION" # Find all eclipse-score repos that have a .bazelversion file - # If target_repo is set (manual trigger), only process that one repo - if [ -n "${{ inputs.target_repo }}" ]; then - REPOS="${{ inputs.target_repo }}" + # If TARGET_REPO is set (manual trigger), only process that one repo + if [ -n "$TARGET_REPO" ]; then + REPOS="$TARGET_REPO" else REPOS=$(gh search code "filename:.bazelversion" \ --owner eclipse-score --limit 100 \ @@ -119,7 +121,7 @@ jobs: # Create PR (ignore error if one already exists for this branch) gh pr create --repo "$repo" \ --title "chore: update .bazelversion to $BAZEL_VERSION" \ - --body "Automated rollout of [.bazelversion](https://github.com/$TEMPLATE_REPO/blob/main/.bazelversion) from eclipse-score/module_template. Updates Bazel from \`$current\` to \`$BAZEL_VERSION\`." \ + --body "Automated rollout of [.bazelversion](https://github.com/$TEMPLATE_REPO/blob/${TEMPLATE_DEFAULT_BRANCH}/.bazelversion) from $TEMPLATE_REPO. Updates Bazel from \`$current\` to \`$BAZEL_VERSION\`." \ --base "$default_branch" \ --head "$branch_name" 2>/dev/null || echo "PR already exists for $repo, skipping" done From 9c257c672754a5a54613ff7129c582d345b1eb1b Mon Sep 17 00:00:00 2001 From: subramaniak Date: Mon, 8 Jun 2026 06:15:26 +0000 Subject: [PATCH 5/5] revert: remove single-repo target_repo input, process all repos --- .github/workflows/_local_daily.yml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/_local_daily.yml b/.github/workflows/_local_daily.yml index 78acdca..d7fb67b 100644 --- a/.github/workflows/_local_daily.yml +++ b/.github/workflows/_local_daily.yml @@ -17,11 +17,6 @@ on: schedule: - cron: '0 3 * * *' workflow_dispatch: - inputs: - target_repo: - description: 'Limit rollout to a single repo (e.g. eclipse-score/score_somemodule). Leave empty to run for all repos.' - required: false - default: '' permissions: contents: write @@ -65,7 +60,6 @@ jobs: - name: Create PRs to update .bazelversion in all dependent repos env: GH_TOKEN: ${{ secrets.SCORE_BOT_CLASSIC_PAT }} - TARGET_REPO: ${{ github.event.inputs.target_repo || '' }} run: | set -euo pipefail @@ -78,14 +72,9 @@ jobs: echo "Template .bazelversion: $BAZEL_VERSION" # Find all eclipse-score repos that have a .bazelversion file - # If TARGET_REPO is set (manual trigger), only process that one repo - if [ -n "$TARGET_REPO" ]; then - REPOS="$TARGET_REPO" - else - REPOS=$(gh search code "filename:.bazelversion" \ - --owner eclipse-score --limit 100 \ - --json repository --jq '.[].repository.nameWithOwner' | sort -u) - fi + REPOS=$(gh search code "filename:.bazelversion" \ + --owner eclipse-score --limit 100 \ + --json repository --jq '.[].repository.nameWithOwner' | sort -u) for repo in $REPOS; do [ "$repo" = "$TEMPLATE_REPO" ] && continue