INFRA-2849:Added auto-create-release-pr workflow to automatically create release cp-13.3.0 (#35589)

XxdpavelxX · web-flow · commit cbaa0e32b075 · 2025-09-03T15:38:50.000Z
## **Description** New Workflow auto-create-release-pr.yml will trigger create-release-pr.yml workflow when a new Branch is created that matches the syntax **Version-v***. The create-release-pr.yml workflow can still be triggered manually as well. Tested Manual Trigger: https://github.com/consensys-test/metamask-extension-test-workflow2/actions/runs/17437706364 Tested Automated Trigger **Version-v**: https://github.com/consensys-test/metamask-extension-test-workflow2/actions/runs/17435684587 Test Automated Trigger **release/**: https://github.com/consensys-test/metamask-extension-test-workflow2/actions/runs/17435734319 Tested Automated w/ Invalid Branch name: https://github.com/consensys-test/metamask-extension-test-workflow2/actions/runs/17409021422/job/49421128206, https://github.com/consensys-test/metamask-extension-test-workflow2/actions/runs/17411139614 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/35589?quickstart=1) ## **Changelog**  CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings**  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
diff --git a/.github/workflows/auto-create-release-pr.yml b/.github/workflows/auto-create-release-pr.yml
@@ -0,0 +1,118 @@
+name: Auto Create Release PR
+
+on:
+  create:
+
+jobs:
+  extract:
+    if: ${{ github.ref_type == 'branch' && (startsWith(github.ref, 'refs/heads/Version-v') || startsWith(github.ref, 'refs/heads/release/')) }}
+    runs-on: ubuntu-latest
+    outputs:
+      semver: ${{ steps.out.outputs.semver }}
+      previous_ref: ${{ steps.out.outputs.previous_ref }}
+    steps:
+      - id: out
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          set -euo pipefail
+
+          ref_name="${GITHUB_REF#refs/heads/}"
+
+          # Extract semver based on prefix
+          if [[ "$ref_name" == Version-v* ]]; then
+            semver="${ref_name#Version-v}"
+          elif [[ "$ref_name" == release/* ]]; then
+            semver="${ref_name#release/}"
+          else
+            echo "Error: Branch name must be Version-vX.Y.Z or release/X.Y.Z where X, Y, Z are numbers. Got: $ref_name" >&2
+            exit 1
+          fi
+          echo "semver=${semver}" >> "$GITHUB_OUTPUT"
+
+          # Validate semver format X.Y.Z where X, Y, Z are numbers
+          if ! [[ "$semver" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Error: Invalid semver in branch name: $ref_name (extracted: $semver; must be numeric X.Y.Z)" >&2
+            exit 1
+          fi
+
+          # Function to paginate and collect refs for a prefix
+          fetch_matching_refs() {
+            local prefix="$1"
+            local temp_file
+            temp_file="$(mktemp)"
+            local page=1
+            echo "Fetching branches matching $prefix* (paginated)..." >&2
+            while :; do
+              echo "Fetching page $page for $prefix..." >&2
+              resp="$(mktemp)"
+              url="https://api.github.com/repos/${GITHUB_REPOSITORY}/git/matching-refs/heads/${prefix}?per_page=100&page=${page}"
+              curl -sS -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$url" -o "$resp"
+
+              cat "$resp" >> "$temp_file"
+
+              count=$(jq length "$resp")
+              if [ "$count" -lt 100 ]; then
+                break
+              fi
+              page=$((page + 1))
+            done
+            echo "$temp_file"
+          }
+
+          # Fetch for each prefix
+          version_v_file=$(fetch_matching_refs "Version-v")
+          release_file=$(fetch_matching_refs "release/")
+
+          # Combine and process: extract {name, semver} for matches, sort desc by semver
+          jq -s 'add | [ .[] | .ref | ltrimstr("refs/heads/") as $name | select($name | test("^Version-v[0-9]+\\.[0-9]+\\.[0-9]+$") or test("^release/[0-9]+\\.[0-9]+\\.[0-9]+$")) | {name: $name, semver: (if $name | test("^Version-v") then $name | ltrimstr("Version-v") else $name | ltrimstr("release/") end) } ] | sort_by( .semver | split(".") | map(tonumber) ) | reverse' "$version_v_file" "$release_file" > all_versions.json
+
+          # Print all found versions (sorted desc)
+          echo "All found versions (sorted desc): $(jq '[ .[].semver ]' all_versions.json)"
+
+          # Print all found matching branches (sorted by semver desc)
+          echo "All found matching branches:"
+          jq -r '.[].name' all_versions.json || echo "No matching branches found."
+
+          # Filter to those with semver strictly lower than current
+          jq --arg semver "$semver" '[ .[] | select( .semver as $v | $semver | split(".") as $c | $v | split(".") as $p | ($p[0] | tonumber) < ($c[0] | tonumber) or (($p[0] | tonumber) == ($c[0] | tonumber) and (($p[1] | tonumber) < ($c[1] | tonumber) or (($p[1] | tonumber) == ($c[1] | tonumber) and ($p[2] | tonumber) < ($c[2] | tonumber)))) ) ]' all_versions.json > filtered_versions.json
+
+          # Print filtered versions (still sorted desc, so [0] is highest lower)
+          echo "Filtered versions (< $semver, sorted desc): $(jq '[ .[].semver ]' filtered_versions.json)"
+
+          # Select the highest lower: first in filtered list
+          if [ "$(jq length filtered_versions.json)" -eq 0 ]; then
+            echo "Error: No versions lower than $semver found. Cannot determine previous-version-ref." >&2
+            exit 1
+          else
+            highest_lower="$(jq -r '.[0].semver' filtered_versions.json)"
+            previous_ref="$(jq -r '.[0].name' filtered_versions.json)"
+            echo "Selected highest version lower than $semver: ${highest_lower}"
+            echo "Selected branch: ${previous_ref}"
+            echo "Passing to previous-version-ref: ${previous_ref}"
+          fi
+          echo "previous_ref=${previous_ref}" >> "$GITHUB_OUTPUT"
+
+          # Print values passed to call-create-release-pr
+          echo "Inputs to call-create-release-pr:"
+          echo "  checkout-base-branch: main"
+          echo "  release-pr-base-branch: stable"
+          echo "  semver-version: ${semver}"
+          echo "  previous-version-ref: ${previous_ref}"
+
+  call-create-release-pr:
+    if: ${{ github.ref_type == 'branch' && (startsWith(github.ref, 'refs/heads/Version-v') || startsWith(github.ref, 'refs/heads/release/')) }}
+    needs: extract
+    permissions:
+      contents: write
+      pull-requests: write
+    uses: ./.github/workflows/create-release-pr.yml
+    secrets:
+      github-token: ${{ secrets.PR_TOKEN }}
+      google-application-creds-base64: ${{ secrets.GCP_RLS_SHEET_ACCOUNT_BASE64 }}
+    with:
+      checkout-base-branch: main
+      release-pr-base-branch: stable
+      semver-version: ${{ needs.extract.outputs.semver }}
+      previous-version-ref: ${{ needs.extract.outputs.previous_ref }}
diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml
@@ -16,21 +16,47 @@ on:
         description: 'Previous release version branch name, tag or commit hash (e.g., Version-vx.y.z, v7.7.0, or 76fbc500034db9779e9ff7ce637ac5be1da0493d)'
         required: true
 
+  workflow_call:
+    inputs:
+      checkout-base-branch:
+        required: true
+        type: string
+      release-pr-base-branch:
+        required: true
+        type: string
+      semver-version:
+        required: true
+        type: string
+      previous-version-ref:
+        required: true
+        type: string
+    secrets:
+      github-token:
+        required: false
+      google-application-creds-base64:
+        required: false
+      PR_TOKEN:
+        required: false
+      GCP_RLS_SHEET_ACCOUNT_BASE64:
+        required: false
+
 jobs:
   create-release-pr:
     name: Create Release Pull Request using Github Tools
-    uses: MetaMask/github-tools/.github/workflows/create-release-pr.yml@914cbff8a8d58cfe0053e8690a3c0d4b281e27d6
+    uses: MetaMask/github-tools/.github/workflows/create-release-pr.yml@ddac3ee395896ff15df6fc561ff710efbb0dd3fa
     with:
       platform: extension
       checkout-base-branch: ${{ inputs.checkout-base-branch }}
       release-pr-base-branch: ${{ inputs.release-pr-base-branch }}
       semver-version: ${{ inputs.semver-version }}
       previous-version-ref: ${{ inputs.previous-version-ref }}
-      github-tools-version: 914cbff8a8d58cfe0053e8690a3c0d4b281e27d6
+      github-tools-version: ddac3ee395896ff15df6fc561ff710efbb0dd3fa
     secrets:
       # This token needs write permissions to metamask-extension & read permissions to metamask-planning
-      github-token: ${{ secrets.PR_TOKEN }}
-      google-application-creds-base64: ${{ secrets.GCP_RLS_SHEET_ACCOUNT_BASE64 }}
+      # If called from auto-create-release-pr use the PR_TOKEN passed in as an input, if called manually use github secret token values
+      # (this is due to github limitations on fetching secrets from called workflows).
+      github-token: ${{ github.event_name == 'workflow_dispatch' && secrets.PR_TOKEN || secrets.github-token }}
+      google-application-creds-base64: ${{ github.event_name == 'workflow_dispatch' && secrets.GCP_RLS_SHEET_ACCOUNT_BASE64 || secrets.google-application-creds-base64 }}
     permissions:
       contents: write
       pull-requests: write
