-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbootstrap.py
More file actions
249 lines (202 loc) · 8.45 KB
/
bootstrap.py
File metadata and controls
249 lines (202 loc) · 8.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
#!/usr/bin/env python3
"""
Bootstrap tool for the bidirectional mirror system.
For each repo pair in repos.yaml:
1. Creates repos on GitHub/GitLab if they don't exist
2. Copies CI template files into each repo
3. Sets secrets/variables on both platforms (including MIRROR_BOT_USER)
Prerequisites:
- gh CLI (https://cli.github.com/) authenticated
- glab CLI (https://gitlab.com/gitlab-org/cli) authenticated
- GITLAB_TOKEN and GITHUB_TOKEN envvars set (values to store as secrets)
- MIRROR_BOT_USER_GITHUB and MIRROR_BOT_USER_GITLAB envvars set
"""
import logging
import os
import shutil
import subprocess
import sys
import tempfile
from pathlib import Path
import yaml
SCRIPT_DIR = Path(__file__).resolve().parent
CONFIG_PATH = SCRIPT_DIR / "repos.yaml"
CI_TEMPLATES_DIR = SCRIPT_DIR / "ci-templates"
logging.basicConfig(
level=logging.INFO,
format="%(asctime)s %(levelname)s %(message)s",
)
log = logging.getLogger("bootstrap")
def run(cmd, cwd=None, check=True):
"""Run a command (list form). Returns CompletedProcess."""
log.debug("Running: %s", cmd)
result = subprocess.run(
cmd, cwd=cwd, capture_output=True, text=True, check=False,
)
if check and result.returncode != 0:
raise RuntimeError(
f"Command failed: {' '.join(cmd)}\n"
f"stdout: {result.stdout.strip()}\n"
f"stderr: {result.stderr.strip()}"
)
return result
def check_prerequisites():
"""Verify that required CLI tools are available."""
for tool in ("gh", "glab", "git"):
result = run(["which", tool], check=False)
if result.returncode != 0:
log.error("%s CLI not found. Please install it first.", tool)
sys.exit(1)
# Verify gh is authenticated
result = run(["gh", "auth", "status"], check=False)
if result.returncode != 0:
log.error("gh CLI is not authenticated. Run: gh auth login")
sys.exit(1)
# Verify glab is authenticated
result = run(["glab", "auth", "status"], check=False)
if result.returncode != 0:
log.error("glab CLI is not authenticated. Run: glab auth login")
sys.exit(1)
def ensure_github_repo(repo):
"""Create GitHub repo if it doesn't exist."""
result = run(["gh", "repo", "view", repo], check=False)
if result.returncode == 0:
log.info("GitHub repo %s already exists", repo)
return
log.info("Creating GitHub repo %s", repo)
run(["gh", "repo", "create", repo, "--private", "--confirm"])
def ensure_gitlab_repo(repo):
"""Create GitLab repo if it doesn't exist."""
result = run(["glab", "repo", "view", repo], check=False)
if result.returncode == 0:
log.info("GitLab repo %s already exists", repo)
return
log.info("Creating GitLab repo %s", repo)
# glab repo create takes just the project name for the authenticated user,
# or group/project for group repos
run(["glab", "repo", "create", repo, "--private"])
def set_github_secrets(repo, gitlab_token, gitlab_repo, mirror_bot_user):
"""Set GitHub repository secrets and variables."""
log.info("Setting GitHub secrets for %s", repo)
run(["gh", "secret", "set", "GITLAB_TOKEN",
"--repo", repo, "--body", gitlab_token])
run(["gh", "secret", "set", "GITLAB_REPO",
"--repo", repo, "--body", gitlab_repo])
# MIRROR_BOT_USER as a repository variable (not secret, used in `if:` conditions)
run(["gh", "variable", "set", "MIRROR_BOT_USER",
"--repo", repo, "--body", mirror_bot_user])
def set_gitlab_variables(repo, github_token, github_repo, mirror_bot_user):
"""Set GitLab CI/CD variables."""
log.info("Setting GitLab CI variables for %s", repo)
for var_name, var_value, masked in [
("GITHUB_TOKEN", github_token, True),
("GITHUB_REPO", github_repo, False),
("MIRROR_BOT_USER", mirror_bot_user, False),
]:
# Try to update first, create if it doesn't exist
mask_flag = ["--masked"] if masked else []
result = run(
["glab", "variable", "set", var_name,
"--repo", repo, "--value", var_value] + mask_flag,
check=False,
)
if result.returncode != 0:
log.warning(
"Failed to set GitLab variable %s for %s: %s",
var_name, repo, result.stderr.strip(),
)
def copy_ci_files(repo_slug, gh_token):
"""Clone the repo, copy CI files, commit and push."""
with tempfile.TemporaryDirectory() as tmpdir:
repo_url = f"https://{gh_token}@github.com/{repo_slug}.git"
repo_path = Path(tmpdir) / "repo"
# Clone (might be empty)
result = run(
["git", "clone", repo_url, str(repo_path)],
check=False,
)
if result.returncode != 0:
# Empty repo — init it
run(["git", "init", str(repo_path)])
run(["git", "remote", "add", "origin", repo_url], cwd=str(repo_path))
run(["git", "config", "user.name", "mirror-bootstrap"], cwd=str(repo_path))
run(["git", "config", "user.email", "mirror@bootstrap"], cwd=str(repo_path))
# Copy GitHub Action
gh_workflow_dir = repo_path / ".github" / "workflows"
gh_workflow_dir.mkdir(parents=True, exist_ok=True)
shutil.copy2(
CI_TEMPLATES_DIR / "github-mirror.yml",
gh_workflow_dir / "mirror-to-gitlab.yml",
)
# Copy GitLab CI
gl_ci_dir = repo_path / ".gitlab" / "ci"
gl_ci_dir.mkdir(parents=True, exist_ok=True)
shutil.copy2(
CI_TEMPLATES_DIR / "gitlab-mirror.yml",
gl_ci_dir / "mirror.yml",
)
# Ensure .gitlab-ci.yml includes the mirror job
gitlab_ci_path = repo_path / ".gitlab-ci.yml"
include_line = " - local: .gitlab/ci/mirror.yml"
if gitlab_ci_path.exists():
content = gitlab_ci_path.read_text()
if include_line not in content:
if "include:" not in content:
content += f"\ninclude:\n{include_line}\n"
else:
content = content.replace(
"include:\n",
f"include:\n{include_line}\n",
)
gitlab_ci_path.write_text(content)
else:
gitlab_ci_path.write_text(f"include:\n{include_line}\n")
# Stage, commit, push
run(["git", "add", ".github/workflows/mirror-to-gitlab.yml",
".gitlab/ci/mirror.yml", ".gitlab-ci.yml"],
cwd=str(repo_path))
# Check if there are changes to commit
result = run(["git", "diff", "--cached", "--quiet"], cwd=str(repo_path), check=False)
if result.returncode == 0:
log.info("CI files already up to date in %s", repo_slug)
return
run(["git", "commit", "-m", "Add bidirectional mirror CI configuration"],
cwd=str(repo_path))
run(["git", "push", "origin", "HEAD"], cwd=str(repo_path))
log.info("CI files committed and pushed to %s", repo_slug)
def main():
gh_token = os.environ.get("GITHUB_TOKEN")
gl_token = os.environ.get("GITLAB_TOKEN")
mirror_bot_gh = os.environ.get("MIRROR_BOT_USER_GITHUB")
mirror_bot_gl = os.environ.get("MIRROR_BOT_USER_GITLAB")
missing = []
if not gh_token:
missing.append("GITHUB_TOKEN")
if not gl_token:
missing.append("GITLAB_TOKEN")
if not mirror_bot_gh:
missing.append("MIRROR_BOT_USER_GITHUB")
if not mirror_bot_gl:
missing.append("MIRROR_BOT_USER_GITLAB")
if missing:
log.error("Missing required envvars: %s", ", ".join(missing))
sys.exit(1)
check_prerequisites()
with open(CONFIG_PATH) as f:
config = yaml.safe_load(f)
for repo_pair in config["repos"]:
gh_repo = repo_pair["github"]
gl_repo = repo_pair["gitlab"]
log.info("=== Processing %s <-> %s ===", gh_repo, gl_repo)
# Create repos if needed
ensure_github_repo(gh_repo)
ensure_gitlab_repo(gl_repo)
# Set secrets/variables BEFORE pushing CI files, so the CI job
# triggered by the push already has valid credentials
set_github_secrets(gh_repo, gl_token, gl_repo, mirror_bot_gh)
set_gitlab_variables(gl_repo, gh_token, gh_repo, mirror_bot_gl)
# Copy CI files into the GitHub repo (triggers first mirror via CI)
copy_ci_files(gh_repo, gh_token)
log.info("=== Done: %s <-> %s ===\n", gh_repo, gl_repo)
if __name__ == "__main__":
main()