2018-04-17 12:50:16 -04:00
|
|
|
#!/usr/bin/env ruby
|
2019-01-03 07:24:01 -05:00
|
|
|
|
2021-02-12 07:09:02 -05:00
|
|
|
# frozen_string_literal: true
|
2018-12-18 04:21:29 -05:00
|
|
|
|
|
|
|
require 'active_support/core_ext/object/to_query'
|
2018-04-17 12:50:16 -04:00
|
|
|
require 'optparse'
|
|
|
|
require 'open3'
|
|
|
|
require 'rainbow/refinement'
|
|
|
|
using Rainbow
|
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
module Secpick
|
2021-02-12 07:09:02 -05:00
|
|
|
BRANCH_PREFIX = 'security'
|
|
|
|
STABLE_SUFFIX = 'stable'
|
2019-12-10 04:07:51 -05:00
|
|
|
|
2021-02-12 07:09:02 -05:00
|
|
|
DEFAULT_REMOTE = 'security'
|
2019-12-10 04:07:51 -05:00
|
|
|
|
2021-02-12 07:09:02 -05:00
|
|
|
SECURITY_MR_URL = 'https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/new'
|
2018-04-17 12:50:16 -04:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
class SecurityFix
|
|
|
|
def initialize
|
|
|
|
@options = self.class.options
|
|
|
|
end
|
2018-04-17 12:50:16 -04:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def dry_run?
|
|
|
|
@options[:try] == true
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def source_branch
|
2020-06-03 17:08:23 -04:00
|
|
|
branch = "#{@options[:branch]}-#{@options[:version]}"
|
2021-02-12 07:09:02 -05:00
|
|
|
branch = "#{BRANCH_PREFIX}-#{branch}" unless branch.start_with?("#{BRANCH_PREFIX}-")
|
|
|
|
branch
|
2019-01-03 07:24:01 -05:00
|
|
|
end
|
2018-04-17 12:50:16 -04:00
|
|
|
|
2019-02-06 08:14:55 -05:00
|
|
|
def stable_branch
|
2021-02-12 07:09:02 -05:00
|
|
|
"#{@options[:version]}-#{STABLE_SUFFIX}-ee"
|
2019-01-03 07:24:01 -05:00
|
|
|
end
|
2018-04-17 12:50:16 -04:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def git_commands
|
2019-02-06 08:14:55 -05:00
|
|
|
["git fetch #{@options[:remote]} #{stable_branch}",
|
2019-07-30 06:51:29 -04:00
|
|
|
"git checkout -B #{source_branch} #{@options[:remote]}/#{stable_branch} --no-track",
|
2019-01-03 07:24:01 -05:00
|
|
|
"git cherry-pick #{@options[:sha]}",
|
|
|
|
"git push #{@options[:remote]} #{source_branch}",
|
2020-06-03 17:08:23 -04:00
|
|
|
"git checkout #{@options[:branch]}"]
|
2019-01-03 07:24:01 -05:00
|
|
|
end
|
2018-10-24 13:20:03 -04:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def gitlab_params
|
|
|
|
{
|
2019-02-14 09:11:51 -05:00
|
|
|
issuable_template: 'Security Release',
|
2019-01-03 07:24:01 -05:00
|
|
|
merge_request: {
|
|
|
|
source_branch: source_branch,
|
2019-02-14 09:11:51 -05:00
|
|
|
target_branch: stable_branch
|
2019-01-03 07:24:01 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
2018-04-17 12:50:16 -04:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def new_mr_url
|
2020-06-02 17:08:00 -04:00
|
|
|
SECURITY_MR_URL
|
2019-01-03 07:24:01 -05:00
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def create!
|
|
|
|
if dry_run?
|
2019-12-10 04:07:51 -05:00
|
|
|
puts "\nGit commands:".blue
|
|
|
|
puts git_commands.join("\n")
|
|
|
|
|
|
|
|
puts "\nMerge request URL:".blue
|
|
|
|
puts new_mr_url
|
|
|
|
|
|
|
|
puts "\nMerge request params:".blue
|
2019-01-03 07:24:01 -05:00
|
|
|
pp gitlab_params
|
|
|
|
else
|
|
|
|
cmd = git_commands.join(' && ')
|
|
|
|
stdin, stdout, stderr, wait_thr = Open3.popen3(cmd)
|
|
|
|
|
|
|
|
puts stdout.read&.green
|
|
|
|
puts stderr.read&.red
|
|
|
|
|
|
|
|
if wait_thr.value.success?
|
|
|
|
puts "#{new_mr_url}?#{gitlab_params.to_query}".blue
|
|
|
|
end
|
|
|
|
|
|
|
|
stdin.close
|
|
|
|
stdout.close
|
|
|
|
stderr.close
|
|
|
|
end
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
def self.options
|
|
|
|
{ version: nil, branch: nil, sha: nil }.tap do |options|
|
|
|
|
parser = OptionParser.new do |opts|
|
|
|
|
opts.banner = "Usage: #{$0} [options]"
|
|
|
|
opts.on('-v', '--version 10.0', 'Version') do |version|
|
|
|
|
options[:version] = version&.tr('.', '-')
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
opts.on('-b', '--branch security-fix-branch', 'Original branch name (optional, defaults to current)') do |branch|
|
|
|
|
options[:branch] = branch
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2020-03-20 20:09:18 -04:00
|
|
|
opts.on('-s', '--sha abcd', 'SHA or SHA range to cherry pick (optional, defaults to current)') do |sha|
|
2019-01-03 07:24:01 -05:00
|
|
|
options[:sha] = sha
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2020-03-25 17:08:06 -04:00
|
|
|
opts.on('-r', '--remote dev', "Git remote name of security repo (optional, defaults to `#{DEFAULT_REMOTE}`)") do |remote|
|
2019-01-03 07:24:01 -05:00
|
|
|
options[:remote] = remote
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2019-12-10 04:07:51 -05:00
|
|
|
opts.on('-d', '--dry-run', 'Only show Git commands, without calling them') do
|
2019-01-03 07:24:01 -05:00
|
|
|
options[:try] = true
|
|
|
|
end
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
opts.on('-h', '--help', 'Displays Help') do
|
|
|
|
puts opts
|
2018-12-18 04:21:29 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
exit
|
|
|
|
end
|
|
|
|
end
|
2019-01-03 07:14:09 -05:00
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
parser.parse!
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2020-06-03 17:08:23 -04:00
|
|
|
options[:sha] ||= `git rev-parse HEAD`.strip
|
|
|
|
options[:branch] ||= `git rev-parse --abbrev-ref HEAD`.strip
|
2019-01-03 07:24:01 -05:00
|
|
|
options[:remote] ||= DEFAULT_REMOTE
|
2019-01-03 06:58:41 -05:00
|
|
|
|
2020-03-23 08:09:47 -04:00
|
|
|
nil_options = options.select {|_, v| v.nil? }
|
|
|
|
unless nil_options.empty?
|
|
|
|
abort("Missing: #{nil_options.keys.join(', ')}. Use #{$0} --help to see the list of options available".red)
|
|
|
|
end
|
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
abort("Wrong version format #{options[:version].bold}".red) unless options[:version] =~ /\A\d*\-\d*\Z/
|
2019-01-03 06:58:41 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-12-18 04:21:29 -05:00
|
|
|
end
|
|
|
|
|
2019-01-03 07:24:01 -05:00
|
|
|
Secpick::SecurityFix.new.create!
|