From 845fbbc6dd229b79f0fbc561cc6911fd24654d9a Mon Sep 17 00:00:00 2001 From: jrhee17 Date: Wed, 8 Apr 2026 16:59:33 +0900 Subject: [PATCH 1/5] add token --- .github/workflows/xds-apply-updates.yml | 1 + .github/workflows/xds-sync-apis.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/xds-apply-updates.yml b/.github/workflows/xds-apply-updates.yml index 88e70c63ec3..e487d972f57 100644 --- a/.github/workflows/xds-apply-updates.yml +++ b/.github/workflows/xds-apply-updates.yml @@ -38,6 +38,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@v7 with: + token: ${{ secrets.ARMERIAN_PAT }} branch: update-xds-protobuf base: main author: Meri Kim diff --git a/.github/workflows/xds-sync-apis.yml b/.github/workflows/xds-sync-apis.yml index 09a7e9766ff..f6f0d83a9b6 100644 --- a/.github/workflows/xds-sync-apis.yml +++ b/.github/workflows/xds-sync-apis.yml @@ -21,3 +21,4 @@ jobs: uses: ./.github/workflows/xds-apply-updates.yml with: target_version: ${{ needs.envoy-versions.outputs.target_version }} + secrets: inherit From f94ea2b8a6ceded20fe5a8d76489ca77b272e96e Mon Sep 17 00:00:00 2001 From: jrhee17 Date: Wed, 8 Apr 2026 17:37:45 +0900 Subject: [PATCH 2/5] misc --- xds-api/tools/update-sha.sh | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/xds-api/tools/update-sha.sh b/xds-api/tools/update-sha.sh index c5c50f42ca4..3a506310d0b 100755 --- a/xds-api/tools/update-sha.sh +++ b/xds-api/tools/update-sha.sh @@ -7,6 +7,27 @@ set -o pipefail set -o nounset set -o xtrace +# Optional: set GITHUB_TOKEN to avoid API rate limits +# e.g. GITHUB_TOKEN=ghp_xxx ./update-sha.sh v1.36.4 +CURL_AUTH=() +if [[ -n "${GITHUB_TOKEN:-}" ]]; then + CURL_AUTH=(-H "Authorization: token $GITHUB_TOKEN") +fi + +function github_curl() { + local HTTP_CODE BODY TMPFILE + TMPFILE=$(mktemp) + HTTP_CODE=$(curl -s -o "$TMPFILE" -w '%{http_code}' "${CURL_AUTH[@]+"${CURL_AUTH[@]}"}" "$@") + BODY=$(cat "$TMPFILE") + rm -f "$TMPFILE" + if [[ "$HTTP_CODE" -lt 200 || "$HTTP_CODE" -ge 300 ]]; then + echo "error: HTTP $HTTP_CODE from $*" >&2 + echo "$BODY" >&2 + return 1 + fi + echo "$BODY" +} + function find_sha() { local CONTENT=$1 local DEPENDENCY=$2 @@ -21,13 +42,17 @@ function find_date() { function find_envoy_sha_from_tag() { local TAG=$1 - curl -s https://api.github.com/repos/envoyproxy/envoy/tags | grep "$TAG" -A 4 | grep sha | awk '{print $2}' | tr -d '"' | tr -d "," + github_curl https://api.github.com/repos/envoyproxy/envoy/tags | grep "$TAG" -A 4 | grep sha | awk '{print $2}' | tr -d '"' | tr -d "," } CURRENT_ENVOY_RELEASE=$(cat envoy_release) ENVOY_VERSION=$(find_envoy_sha_from_tag "$1") +if [[ -z "$ENVOY_VERSION" ]]; then + echo "error: could not resolve SHA for tag '$1' (tag not found or API rate-limited)" >&2 + exit 1 +fi -CURL_OUTPUT=$(curl -s "https://raw.githubusercontent.com/envoyproxy/envoy/$ENVOY_VERSION/api/bazel/repository_locations.bzl") +CURL_OUTPUT=$(github_curl "https://raw.githubusercontent.com/envoyproxy/envoy/$ENVOY_VERSION/api/bazel/repository_locations.bzl") GOOGLEAPIS_SHA=$(find_sha "$CURL_OUTPUT" com_google_googleapis) GOOGLEAPIS_DATE=$(find_date "$CURL_OUTPUT" com_google_googleapis) From 3a56f9347aee7c4aaefc06caa1482f11b5d6b31a Mon Sep 17 00:00:00 2001 From: jrhee17 Date: Wed, 8 Apr 2026 17:55:23 +0900 Subject: [PATCH 3/5] disable xtrace --- xds-api/tools/update-api.sh | 2 +- xds-api/tools/update-sha.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xds-api/tools/update-api.sh b/xds-api/tools/update-api.sh index e15f9be4c53..deaefd34439 100755 --- a/xds-api/tools/update-api.sh +++ b/xds-api/tools/update-api.sh @@ -4,7 +4,7 @@ set -o errexit set -o pipefail -set -o xtrace +#set -o xtrace __dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" diff --git a/xds-api/tools/update-sha.sh b/xds-api/tools/update-sha.sh index 3a506310d0b..7f2713680e6 100755 --- a/xds-api/tools/update-sha.sh +++ b/xds-api/tools/update-sha.sh @@ -5,7 +5,7 @@ set -o errexit set -o pipefail set -o nounset -set -o xtrace +#set -o xtrace # Optional: set GITHUB_TOKEN to avoid API rate limits # e.g. GITHUB_TOKEN=ghp_xxx ./update-sha.sh v1.36.4 From 309c3d2ddd1b6bf78a8c672ec3bc33cd08521bf6 Mon Sep 17 00:00:00 2001 From: jrhee17 Date: Thu, 9 Apr 2026 10:07:55 +0900 Subject: [PATCH 4/5] Update .github/workflows/xds-sync-apis.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/xds-sync-apis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/xds-sync-apis.yml b/.github/workflows/xds-sync-apis.yml index f6f0d83a9b6..a0365fbd054 100644 --- a/.github/workflows/xds-sync-apis.yml +++ b/.github/workflows/xds-sync-apis.yml @@ -21,4 +21,5 @@ jobs: uses: ./.github/workflows/xds-apply-updates.yml with: target_version: ${{ needs.envoy-versions.outputs.target_version }} - secrets: inherit + secrets: + ARMERIAN_PAT: ${{ secrets.ARMERIAN_PAT }} From 50c8eba2a7f04b5e0c0c0b903b5c1b0ed11820da Mon Sep 17 00:00:00 2001 From: jrhee17 Date: Thu, 9 Apr 2026 16:16:18 +0900 Subject: [PATCH 5/5] Revert "Update .github/workflows/xds-sync-apis.yml" This reverts commit 309c3d2ddd1b6bf78a8c672ec3bc33cd08521bf6. --- .github/workflows/xds-sync-apis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/xds-sync-apis.yml b/.github/workflows/xds-sync-apis.yml index a0365fbd054..f6f0d83a9b6 100644 --- a/.github/workflows/xds-sync-apis.yml +++ b/.github/workflows/xds-sync-apis.yml @@ -21,5 +21,4 @@ jobs: uses: ./.github/workflows/xds-apply-updates.yml with: target_version: ${{ needs.envoy-versions.outputs.target_version }} - secrets: - ARMERIAN_PAT: ${{ secrets.ARMERIAN_PAT }} + secrets: inherit