push_branch unconditionally deleted the remote branch before pushing.
On the force-update path for an existing bot-only PR, deleting the
branch closes the PR on GitHub, so the PR was lost instead of updated.
Force-push in place on that path and keep the delete only for the
fresh-PR path.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
When a repo_sync PR is already open, the sync script skipped the repo
entirely, so the PR went stale whenever the source files changed again.
Now, if the open PR carries only the single bot commit, the branch is
rebuilt from the target default branch (staying current with the base)
and force-pushed, but only when the synced files actually differ from
the PR branch. PRs that a maintainer has committed to (more than one
commit) are left untouched.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
The scripts/dependabot.yml -> .github/dependabot.yml remapping was present
in the detection loop but missing from the copy loop, so downstream repos
received a stray scripts/dependabot.yml that Dependabot never reads while
.github/dependabot.yml was never created.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
check_no_sync received the fetched file contents but grepped them as a
filename, so the marker was never detected and repos opting out via
no_prometheus_repo_sync were synced anyway. Feed the contents on stdin
with a here-string, matching check_license, and log the filename instead
of the whole file body.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Add `.github/dependabot.yml` to the repo sync script.
* Sync is optional.
* Add feature to skip files that contain the string `no_prometheus_repo_sync`.
* Add generic dependabot config for Go and GitHub Actions ecosystems.
Signed-off-by: SuperQ <superq@gmail.com>
Derive the npm dist-tag from the Prometheus version (VERSION file) and
download.json so pre-releases and old patches never move the "latest"
tag: pre-releases publish under their channel (rc/beta/alpha/next), the
latest stable under "latest", the newest LTS under "lts", and older
stable or LTS patches under "oldstable". Fail the publish if
download.json cannot be fetched.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
checkPackage read each workspace package's version via `pnpm run env | grep
npm_package_version`, an npm-ism. pnpm has no built-in `env` script, so it
fails with ERR_PNPM_NO_SCRIPT and returns an empty string, making
`ui_release.sh --check-package` report a false version mismatch for every
package.
Read the version with `pnpm pkg get version` instead. Leftover from the
npm-to-pnpm migration (#18797).
Signed-off-by: György Krajcsovits <gyorgy.krajcsovits@grafana.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
You get
[ERR_PNPM_VERSION_NOT_CHANGED] Version was not changed: 0.313.0-rc.0
error if you try.
Signed-off-by: György Krajcsovits <gyorgy.krajcsovits@grafana.com>
react-app is not part of the pnpm workspace, so it pulled
@prometheus-io/codemirror-promql from the npm registry by exact version.
During a release, `make ui-bump-version` rewrote that pin to the new,
not-yet-published version, so the subsequent `pnpm install` failed with
ERR_PNPM_NO_MATCHING_VERSION.
Use pnpm's "link:" protocol to consume the locally built workspace package
instead. There is no version to publish or rewrite, react-app always builds
against the in-tree codemirror-promql, and its lockfile stays isolated (which
is why react-app was separated from the workspace in the first place).
build_ui.sh --all already builds the modules before react-app, so dist/ is
present at build time; `make ui-build` passes. Drop the dependency-rewriting
sed from ui_release.sh's bumpVersion accordingly.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Set maintainer_can_modify on the create-pull-request API call so that
target-repo maintainers can push directly to the repo_sync branch from
the GitHub UI instead of only via the local checkout workaround.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Switch the UI workspace from npm to pnpm. Declare jest as a direct
devDependency in lezer-promql (pnpm's strict isolation requires every
binary to be an explicit dependency), fix the moduleNameMapper path in
codemirror-promql's jest config to reflect pnpm's per-package
node_modules layout, and add a localStorage mock to mantine-ui's test
setup so module-level Redux slice initializers work under Node.js v22+,
which pre-defines localStorage as undefined on globalThis.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
The check_license guard ran before target_file was fetched, so it always
tested the previous iteration's file content (CODE_OF_CONDUCT.md) instead
of the target repo's LICENSE. This caused the LICENSE file to be silently
skipped on every run regardless of the actual license.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Read the fork's actual full_name from the fork API response instead of
constructing it. Pass the fork full_name to post_pull_request so the checkout
hint uses the correct repo name.
Use newly-created scoped PROMBOT_REPOSYNC_TOKEN in the workflow.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Open the sync PRs from a prombot-owned fork instead of pushing the branch
to the upstream repo. The fork name is prefixed with the upstream org
(e.g. prometheus_node_exporter) so repos with the same name in
different orgs do not collide. The GitHub forks API is idempotent and
returns the existing fork on subsequent calls.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Add a CI job to run govulncheck.
* Run daily.
* Run when touching go.{mod,sum}.on PRs and merge to the default branch.
* Cleanup unused / broken govulncheck in Makefile.common.
* Add status badge.
* Add to repo sync for all Go projects.
* Reduce green lines in sync script to make it easier to read the log.
Signed-off-by: SuperQ <superq@gmail.com>
Promote the Prometheus container archs settings to common so they
are used by default on other projects.
* Add `.dockerignore` to sync script to include docker archs.
Signed-off-by: SuperQ <superq@gmail.com>
Adds `scripts/generate_release_notes.sh` to produce a structured CHANGELOG.md starting point using the Kubernetes release-notes tool. It handles both minor and patch releases.
`RELEASE.md` is updated to reference the script and drop the manual instructions.
Version examples are updated from 2.x to 3.x.
The `check_release_notes` CI workflow is extended to also run on `release-*` branches in order for the script to catch commits added to the release note , and the PR template wording is tightened.
Signed-off-by: machine424 <ayoubmrini424@gmail.com>
* Bump promu to latest release.
* Update actions/checkout.
* Update Go to 1.26.x for golangci-lint in synced repos.
* Improve golangci-lint push filter for synced repos.
Signed-off-by: SuperQ <superq@gmail.com>
Update check-go-mod-version.sh to use git ls-files instead of find for
better performance and to respect .gitignore. Also include go.work files
in the version check to ensure consistency across workspace files and
modules.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Improve the repo sync logging output and add some additional logging.
This should help debugging some failed updates.
Signed-off-by: SuperQ <superq@gmail.com>