Google Git
Sign in
flutter / recipes / cc105b6c3d32f766defa56a4531fdc62e1940081^! / .
commitcc105b6c3d32f766defa56a4531fdc62e1940081[log] [tgz]
authorJesse Seales <jseales@google.com>Fri Mar 03 21:48:43 2023 +0000
committerCQ Bot Account <flutter-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Mar 03 21:48:43 2023 +0000
tree1c5634da6db09f87357e288538644c4e821645c2
parent134df4a220080e83670e42b008685f017c46aa67 [diff]
Use dry run flag in recipe to avoid accidental tag push

The dry run tag will be passed from the tool-proxy invocation. The value should be True/False, and if not provided will default to True in order to protect accidental tag pushing.

Led run showing success up until dry-run creates failure at git push https://chromium-swarm.appspot.com/task?id=60c1847e7dfe0410


Bug: b/270144322

Change-Id: Id92f7110680fbfe238610f8cc5a9e9462a789910
Reviewed-on: https://flutter-review.googlesource.com/c/recipes/+/39860
Commit-Queue: Jesse Seales <jseales@google.com>
Reviewed-by: Drew Roen <drewroen@google.com>
Reviewed-by: Godofredo Contreras <godofredoc@google.com>

diff --git a/recipes/release/release_publish.py b/recipes/release/release_publish.py
index ec76f6f..38a5b1e 100644
--- a/recipes/release/release_publish.py
+++ b/recipes/release/release_publish.py

@@ -38,13 +38,14 @@
 It is expected that a valid release branch, tag, and release_channel are passed
 to the recipe.
 
-The recipe will tag and push to github unless triggered 
+The recipe will tag and push to github unless triggered
 from an experimental run.
 """
 def RunSteps(api):
   branch = api.properties.get('branch')
-  tag = api.properties.get("tag")
-  release_channel = api.properties.get("release_channel")
+  tag = api.properties.get('tag')
+  release_channel = api.properties.get('release_channel')
+  dry_run = api.runtime.is_experimental or api.properties.get('dry_run', True) # default to True dry run
   assert branch and tag and release_channel
 
   checkout_path = api.path['start_dir'].join('flutter')
@@ -88,7 +89,7 @@
 
     api.git('tag release', 'tag', tag, release_git_hash)
 
-    # output tag for debug clarity, testing
+    # output tag for debug clarity & testing
     api.git('find commit',
       'rev-list',
       '-n',
@@ -96,11 +97,8 @@
       f'origin/{branch}',
       stdout=api.raw_io.output_text(add_output_log=True)).stdout.rstrip()
 
-    push_args = ['push']
-    if api.runtime.is_experimental:
-      # guard tag from being pushed on experimental runs
-      push_args.append('--dry-run')
-    push_args += ['origin', tag]
+    dry_run_arg = '--dry-run' if dry_run else None
+    push_args = ['push', dry_run_arg, 'origin', tag]
     api.git('push tag', *push_args)