feat: use git remote for branch related config

lukekarrys · lukekarrys · commit d68ad53831fc · 2023-07-10T12:19:42.000-07:00
This will check the origin remote if it exists and use that to determine which branches exist. These branches are then used to populate CI branches, branch protections, and dependabot. Using this for dependabot is a new feature which allows old release branches to get dependency updates for template-oss only. This also updates the dependabot config to only update the root directory instead of each workspace directory. The previous way was an attempt to get it to work with workspaces, but wasn't used in any our repos. Dependabot should now be able to update workspaces when configured to use a single root directory. Fixes #329
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -7,18 +7,7 @@ updates:
     directory: /
     schedule:
       interval: daily
-    allow:
-      - dependency-type: direct
-    versioning-strategy: increase-if-necessary
-    commit-message:
-      prefix: deps
-      prefix-development: chore
-    labels:
-      - "Dependencies"
-  - package-ecosystem: npm
-    directory: workspace/test-workspace/
-    schedule:
-      interval: daily
+    target-branch: "main"
     allow:
       - dependency-type: direct
     versioning-strategy: increase-if-necessary
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -25,31 +25,3 @@ branches:
         apps: []
         users: []
         teams: [ "cli-team" ]
-  - name: latest
-    protection:
-      required_status_checks: null
-      enforce_admins: true
-      block_creations: true
-      required_pull_request_reviews:
-        required_approving_review_count: 1
-        require_code_owner_reviews: true
-        require_last_push_approval: true
-        dismiss_stale_reviews: true
-      restrictions:
-        apps: []
-        users: []
-        teams: [ "cli-team" ]
-  - name: release/v*
-    protection:
-      required_status_checks: null
-      enforce_admins: true
-      block_creations: true
-      required_pull_request_reviews:
-        required_approving_review_count: 1
-        require_code_owner_reviews: true
-        require_last_push_approval: true
-        dismiss_stale_reviews: true
-      restrictions:
-        apps: []
-        users: []
-        teams: [ "cli-team" ]
diff --git a/.github/workflows/ci-test-workspace.yml b/.github/workflows/ci-test-workspace.yml
@@ -10,8 +10,6 @@ on:
   push:
     branches:
       - main
-      - latest
-      - release/v*
     paths:
       - workspace/test-workspace/**
   schedule:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,8 +10,6 @@ on:
   push:
     branches:
       - main
-      - latest
-      - release/v*
     paths-ignore:
       - workspace/test-workspace/**
   schedule:
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -6,13 +6,9 @@ on:
   push:
     branches:
       - main
-      - latest
-      - release/v*
   pull_request:
     branches:
       - main
-      - latest
-      - release/v*
   schedule:
     # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
     - cron: "0 10 * * 1"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,8 +11,6 @@ on:
   push:
     branches:
       - main
-      - latest
-      - release/v*
 
 permissions:
   contents: write
diff --git a/lib/config.js b/lib/config.js
@@ -2,7 +2,8 @@ const { relative, dirname, join, extname, posix, win32 } = require('path')
 const { defaults, pick, omit, uniq } = require('lodash')
 const semver = require('semver')
 const parseCIVersions = require('./util/parse-ci-versions.js')
-const getGitUrl = require('./util/get-git-url.js')
+const parseDependabot = require('./util/dependabot.js')
+const git = require('./util/git.js')
 const gitignore = require('./util/gitignore.js')
 const { mergeWithArrays } = require('./util/merge.js')
 const { FILE_KEYS, parseConfig: parseFiles, getAddedFiles, mergeFiles } = require('./util/files.js')
@@ -11,6 +12,7 @@ const CONFIG_KEY = 'templateOSS'
 const getPkgConfig = (pkg) => pkg[CONFIG_KEY] || {}
 
 const { name: NAME, version: LATEST_VERSION } = require('../package.json')
+const { minimatch } = require('minimatch')
 const MERGE_KEYS = [...FILE_KEYS, 'defaultContent', 'content']
 const DEFAULT_CONTENT = require.resolve(NAME)
 
@@ -153,6 +155,11 @@ const getFullConfig = async ({
   const publicPkgs = pkgs.filter(p => !p.pkgJson.private)
   const allPrivate = pkgs.every(p => p.pkgJson.private)
 
+  const branches = uniq([...pkgConfig.branches ?? [], pkgConfig.releaseBranch]).filter(Boolean)
+  const gitBranches = await git.getBranches(rootPkg.path, branches)
+  const currentBranch = await git.currentBranch(rootPkg.path)
+  const isReleaseBranch = currentBranch ? minimatch(currentBranch, pkgConfig.releaseBranch) : false
+
   // all derived keys
   const derived = {
     isRoot,
@@ -170,6 +177,13 @@ const getFullConfig = async ({
     allPrivate,
     // controls whether we are in a monorepo with any public workspaces
     isMonoPublic: isMono && !!publicPkgs.filter(p => p.path !== rootPkg.path).length,
+    // git
+    defaultBranch: isReleaseBranch ? currentBranch : await git.defaultBranch(rootPkg.path),
+    branches: gitBranches.branches,
+    branchPatterns: gitBranches.patterns,
+    isReleaseBranch,
+    // dependabot
+    dependabot: parseDependabot(pkgConfig, defaultConfig, gitBranches.branches),
     // repo
     repoDir: rootPkg.path,
     repoFiles,
@@ -261,7 +275,7 @@ const getFullConfig = async ({
     }
   }
 
-  const gitUrl = await getGitUrl(rootPkg.path)
+  const gitUrl = await git.getUrl(rootPkg.path)
   if (gitUrl) {
     derived.repository = {
       type: 'git',
diff --git a/lib/content/_on-ci.yml b/lib/content/_on-ci.yml
@@ -12,7 +12,7 @@ pull_request:
   {{/if}}
 push:
   branches:
-    {{#each branches}}
+    {{#each branchPatterns}}
     - {{ . }}
     {{/each}}
   {{#if isWorkspace}}
diff --git a/lib/content/codeql-analysis.yml b/lib/content/codeql-analysis.yml
@@ -3,12 +3,12 @@ name: CodeQL
 on:
   push:
     branches:
-      {{#each branches}}
+      {{#each branchPatterns}}
       - {{ . }}
       {{/each}}
   pull_request:
     branches:
-      {{#each branches}}
+      {{#each branchPatterns}}
       - {{ . }}
       {{/each}}
   schedule:
diff --git a/lib/content/dependabot.yml b/lib/content/dependabot.yml
@@ -1,15 +1,24 @@
 version: 2
 
 updates:
+  {{#each dependabot}}
   - package-ecosystem: npm
-    directory: {{ pkgDir }}
+    directory: /
     schedule:
       interval: daily
+    target-branch: "{{ branch }}"
     allow:
       - dependency-type: direct
-    versioning-strategy: {{ dependabot }}
+        {{#each allowNames }}
+        dependency-name: "{{ . }}"
+        {{/each}}
+    versioning-strategy: {{ strategy }}
     commit-message:
       prefix: deps
       prefix-development: chore
     labels:
       - "Dependencies"
+      {{#each labels }}
+      - "{{ . }}"
+      {{/each}}
+  {{/each}}
diff --git a/lib/content/index.js b/lib/content/index.js
@@ -38,28 +38,24 @@ const sharedRootAdd = (name) => ({
   '.github/dependabot.yml': {
     file: 'dependabot.yml',
     filter: (p) => p.config.dependabot,
-    clean: (p) => p.config.isRoot,
-    // dependabot takes a single top level config file. this parser
-    // will run for all configured packages and each one will have
-    // its item replaced in the updates array based on the directory
-    parser: (p) => class extends p.YmlMerge {
-      key = 'updates'
-      id = 'directory'
-    },
   },
   '.github/workflows/post-dependabot.yml': {
     file: 'post-dependabot.yml',
     filter: (p) => p.config.dependabot,
   },
   '.github/settings.yml': {
     file: 'settings.yml',
+    filter: (p) => !p.config.isReleaseBranch,
   },
 })
 
 const sharedRootRm = () => ({
   '.github/workflows/pull-request.yml': {
     filter: (p) => p.config.allPrivate,
   },
+  '.github/settings.yml': {
+    filter: (p) => p.config.isReleaseBranch,
+  },
 })
 
 // Changes applied to the root of the repo
@@ -139,8 +135,8 @@ module.exports = {
   workspaceModule,
   windowsCI: true,
   macCI: true,
-  branches: ['main', 'latest', 'release/v*'],
-  defaultBranch: 'main',
+  branches: ['main', 'latest'],
+  releaseBranch: 'release/v*',
   distPaths: [
     'bin/',
     'lib/',
diff --git a/lib/content/release.yml b/lib/content/release.yml
@@ -8,7 +8,7 @@ on:
         type: string
   push:
     branches:
-      {{#each branches}}
+      {{#each branchPatterns}}
       - {{ . }}
       {{/each}}
 
diff --git a/lib/util/dependabot.js b/lib/util/dependabot.js
@@ -0,0 +1,27 @@
+const { name: NAME } = require('../../package.json')
+const { minimatch } = require('minimatch')
+
+const parseDependabotConfig = (v) => typeof v === 'string' ? { strategy: v } : (v ?? {})
+
+module.exports = (config, defaultConfig, branches) => {
+  const { dependabot } = config
+  const { dependabot: defaultDependabot } = defaultConfig
+
+  if (!dependabot) {
+    return false
+  }
+
+  return branches
+    .filter((b) => dependabot[b] !== false)
+    .map(branch => {
+      const isReleaseBranch = minimatch(branch, config.releaseBranch)
+      return {
+        branch,
+        allowNames: isReleaseBranch ? [NAME] : [],
+        labels: isReleaseBranch ? ['Backport', branch] : [],
+        ...parseDependabotConfig(defaultDependabot),
+        ...parseDependabotConfig(dependabot),
+        ...parseDependabotConfig(dependabot[branch]),
+      }
+    })
+}
diff --git a/lib/util/get-git-url.js b/lib/util/get-git-url.js
diff --git a/lib/util/git.js b/lib/util/git.js
@@ -0,0 +1,83 @@
+const hgi = require('hosted-git-info')
+const git = require('@npmcli/git')
+const { minimatch } = require('minimatch')
+
+const cache = new Map()
+
+const tryGit = async (path, ...args) => {
+  if (!await git.is({ cwd: path })) {
+    throw new Error('no git')
+  }
+  const key = [path, ...args].join(',')
+  if (cache.has(key)) {
+    return cache.get(key)
+  }
+  const res = git.spawn(args, { cwd: path }).then(r => r.stdout.trim())
+  cache.set(key, res)
+  return res
+}
+
+// parse a repo from a git origin into a format
+// for a package.json#repository object
+const getUrl = async (path) => {
+  try {
+    const urlStr = await tryGit(path, 'remote', 'get-url', 'origin')
+    const { domain, user, project } = hgi.fromUrl(urlStr)
+    const url = new URL(`https://${domain}`)
+    url.pathname = `/${user}/${project}.git`
+    return url.toString()
+  } catch {
+    // errors are ignored
+  }
+}
+
+const getBranches = async (path, branchPatterns) => {
+  let matchingBranches = new Set()
+  let matchingPatterns = new Set()
+
+  try {
+    const res = await tryGit(path, 'ls-remote', '--heads', 'origin').then(r => r.split('\n'))
+    const remotes = res.map((h) => h.match(/refs\/heads\/(.*)$/)).filter(Boolean).map(h => h[1])
+    for (const branch of remotes) {
+      for (const pattern of branchPatterns) {
+        if (minimatch(branch, pattern)) {
+          matchingBranches.add(branch)
+          matchingPatterns.add(pattern)
+        }
+      }
+    }
+  } catch {
+    matchingBranches = new Set(branchPatterns.filter(b => !b.includes('*')))
+    matchingPatterns = new Set(branchPatterns)
+  }
+
+  return {
+    branches: [...matchingBranches],
+    patterns: [...matchingPatterns],
+  }
+}
+
+const defaultBranch = async (path) => {
+  try {
+    const remotes = await tryGit(path, 'remote', 'show', 'origin')
+    const branch = remotes.match(/HEAD branch: (.*)$/m)
+    return branch[1]
+  } catch {
+    return 'main'
+  }
+}
+
+const currentBranch = async (path) => {
+  try {
+    return await tryGit(path, 'rev-parse', '--abbrev-ref', 'HEAD')
+  } catch {
+    // ignore errors
+  }
+}
+
+module.exports = {
+  getUrl,
+  getBranches,
+  defaultBranch,
+  currentBranch,
+}
diff --git a/tap-snapshots/test/apply/source-snapshots.js.test.cjs b/tap-snapshots/test/apply/source-snapshots.js.test.cjs
diff --git a/test/apply/dependabot.js b/test/apply/dependabot.js
diff --git a/test/apply/merge-yml.js b/test/apply/merge-yml.js
diff --git a/test/fixtures/yml-merge.js b/test/fixtures/yml-merge.js
diff --git a/test/setup.js b/test/setup.js
