build: auto-push patch file changes (#26235) (#26434)

* build: auto-push patch file changes

* chore: change patch for testing purposes

* build: remove stray log

* build: push as electron bot

* build: suppress all output of the push-patch script

* chore: fix linting

.circleci/config.yml

@@ -237,16 +237,25 @@ step-gclient-sync: &step-gclient-sync
           if ! git diff-index --quiet HEAD --; then
             # There are changes to the patches. Make a git commit with the updated patches
             git add patches
-            GIT_COMMITTER_NAME="Electron Bot" GIT_COMMITTER_EMAIL="anonymous@electronjs.org" git commit -m "update patches" --author="Electron Bot <anonymous@electronjs.org>"
+            GIT_COMMITTER_NAME="Electron Bot" GIT_COMMITTER_EMAIL="electron@github.com" git commit -m "update patches" --author="Electron Bot <electron@github.com>"
             # Export it
             mkdir -p ../../patches
             git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
-            echo
-            echo "======================================================================"
-            echo "There were changes to the patches when applying."
-            echo "Check the CI artifacts for a patch you can apply to fix it."
-            echo "======================================================================"
-            exit 1
+            if (node ./script/push-patch.js 2> /dev/null > /dev/null); then
+              echo
+              echo "======================================================================"
+              echo "Changes to the patches when applying, we have auto-pushed the diff to the current branch"
+              echo "A new CI job will kick off shortly"
+              echo "======================================================================"
+              exit 1
+            else
+              echo
+              echo "======================================================================"
+              echo "There were changes to the patches when applying."
+              echo "Check the CI artifacts for a patch you can apply to fix it."
+              echo "======================================================================"
+              exit 1
+            fi
           fi
         fi
       fi

package.json

@@ -6,6 +6,7 @@
   "devDependencies": {
     "@electron/docs-parser": "^0.4.2",
     "@electron/typescript-definitions": "^8.6.4",
+    "@octokit/auth-app": "^2.10.0",
     "@octokit/rest": "^16.3.2",
     "@primer/octicons": "^9.1.1",
     "@types/basic-auth": "^1.1.2",
@@ -144,4 +145,4 @@
   "dependencies": {
     "@types/temp": "^0.8.34"
   }
-}
+}

script/push-patch.js

@@ -0,0 +1,41 @@
+const { createAppAuth } = require('@octokit/auth-app');
+const cp = require('child_process');
+
+if (!process.env.CIRCLE_BRANCH) {
+  console.error('Not building for a specific branch, can\'t autopush a patch');
+  process.exit(1);
+}
+
+if (process.env.CIRCLE_PR_NUMBER) {
+  console.error('Building for a forked PR, can\'t autopush a patch');
+  process.exit(1);
+}
+
+const auth = createAppAuth({
+  appId: process.env.PATCH_UP_APP_ID,
+  privateKey: Buffer.from(process.env.PATCH_UP_PRIVATE_KEY, 'base64').toString('utf8'),
+  installationId: process.env.PATCH_UP_INSTALLATION_ID,
+  clientId: process.env.PATCH_UP_CLIENT_ID,
+  clientSecret: process.env.PATCH_UP_CLIENT_SECRET
+});
+
+async function main () {
+  const installationAuth = await auth({ type: 'installation' });
+  const remoteURL = `https://x-access-token:${installationAuth.token}@github.com/electron/electron.git`;
+  // NEVER LOG THE OUTPUT OF THIS COMMAND
+  // GIT LEAKS THE ACCESS CREDENTIALS IN CONSOLE LOGS
+  const { status } = cp.spawnSync('git', ['push', '--set-upstream', remoteURL], {
+    stdio: 'ignore'
+  });
+  if (status !== 0) {
+    console.error('Failed to push to target branch');
+    process.exit(1);
+  }
+}
+
+if (process.mainModule === module) {
+  main().catch((err) => {
+    console.error(err);
+    process.exit(1);
+  });
+}