diff --git a/bin/secpick b/bin/secpick index 11acdd82226..fa1c4003e75 100755 --- a/bin/secpick +++ b/bin/secpick @@ -8,7 +8,7 @@ require 'rainbow/refinement' using Rainbow BRANCH_PREFIX = 'security'.freeze -REMOTE = 'dev'.freeze +DEFAULT_REMOTE = 'dev'.freeze NEW_MR_URL = 'https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/new'.freeze options = { version: nil, branch: nil, sha: nil } @@ -27,6 +27,14 @@ parser = OptionParser.new do |opts| options[:sha] = sha end + opts.on('-r', '--remote abcd', 'Git remote name of dev.gitlab.org (optional, default to `dev`)') do |remote| + options[:remote] = remote + end + + opts.on('-d', '--dry-run', 'Show resulting Git commands without calling them') do |remote| + options[:try] = true + end + opts.on('-h', '--help', 'Displays Help') do puts opts @@ -37,39 +45,82 @@ end parser.parse! options[:branch] ||= `git rev-parse --abbrev-ref HEAD` +options[:remote] ||= DEFAULT_REMOTE abort("Missing options. Use #{$0} --help to see the list of options available".red) if options.values.include?(nil) abort("Wrong version format #{options[:version].bold}".red) unless options[:version] =~ /\A\d*\-\d*\Z/ -ee = File.exist?('./CHANGELOG-EE.md') -original_branch = options[:branch].strip -branch = "#{original_branch}-#{options[:version]}" -branch.prepend("#{BRANCH_PREFIX}-") unless branch.start_with?("#{BRANCH_PREFIX}-") -branch = branch.freeze -stable_branch = "#{BRANCH_PREFIX}-#{options[:version]}".tap do |name| - name << "-ee" if ee -end.freeze +class SecurityFix + def initialize(options) + @options = options + end -command = "git fetch #{REMOTE} #{stable_branch} && git checkout #{stable_branch} && git pull #{REMOTE} #{stable_branch} && git checkout -B #{branch} && git cherry-pick #{options[:sha]} && git push #{REMOTE} #{branch} && git checkout #{original_branch}" + def ee? + File.exist?('./CHANGELOG-EE.md') + end -stdin, stdout, stderr, wait_thr = Open3.popen3(command) + def dry_run? + @options[:try] == true + end -puts stdout.read&.green -puts stderr.read&.red + def original_branch + @options[:branch].strip + end -if wait_thr.value.success? - params = { - merge_request: { - source_branch: branch, - target_branch: stable_branch, - title: "WIP: [#{options[:version].tr('-', '.')}] ", - description: '/label ~security' + def source_branch + branch = "#{original_branch}-#{@options[:version]}" + branch.prepend("#{BRANCH_PREFIX}-") unless branch.start_with?("#{BRANCH_PREFIX}-") + branch = branch.freeze + end + + def security_branch + "#{BRANCH_PREFIX}-#{@options[:version]}".tap do |name| + name << "-ee" if ee? + end.freeze + end + + def git_commands + ["git fetch #{@options[:remote]} #{security_branch}", + "git checkout #{security_branch}", + "git pull #{@options[:remote]} #{security_branch}", + "git checkout -B #{source_branch}", + "git cherry-pick #{@options[:sha]}", + "git push #{@options[:remote]} #{source_branch}", + "git checkout #{original_branch}"] + end + + def gitlab_params + { + merge_request: { + source_branch: source_branch, + target_branch: security_branch, + title: "WIP: [#{@options[:version].tr('-', '.')}] ", + description: '/label ~security' + } } - } + end - puts "#{NEW_MR_URL}?#{params.to_query}".blue + def create! + if dry_run? + puts git_commands.join("\n").green + puts "\nMerge request params: ".blue + pp gitlab_params + else + cmd = git_commands.join(' && ') + stdin, stdout, stderr, wait_thr = Open3.popen3(cmd) + + puts stdout.read&.green + puts stderr.read&.red + + if wait_thr.value.success? + puts "#{NEW_MR_URL}?#{gitlab_params.to_query}".blue + end + + stdin.close + stdout.close + stderr.close + end + end end -stdin.close -stdout.close -stderr.close +SecurityFix.new(options).create!