feat: create pr after library generation

.github/workflows/verify-generation-config.yaml

@@ -2,13 +2,43 @@ name: Verify Generation Configuration
 on:
   schedule:
   - cron: '0 2 * * *' # nightly at 2 am UTC
+  push:
+    branches:
+    - feat/hermetic-pr-creation
   workflow_dispatch:
 
+
 jobs:
   generate-from-configuration:
     runs-on: ubuntu-22.04
+    env:
+      branch_name: generate-libraries
+      repo_volumes: "-v repo-google-cloud-java:/workspace/google-cloud-java"
     steps:
     - uses: actions/checkout@v4
+    - name: get baseline commit
+      id: get-baseline
+      shell: bash
+      run: |
+        echo "baseline_commit=$(grep googleapis_commitish generation_config.yaml | cut -d " " -f2 | xargs)" >> "$GITHUB_ENV"
+    - name: setup branch for pull request
+      id: setup-branch
+      shell: bash
+      run: |
+        [ -z "`git config user.email`" ] && git config --global user.email "cloud-java-bot@google.com"
+        [ -z "`git config user.name`" ] && git config --global user.name "cloud-java-bot"
+        # try to find a open pull request associated with the branch
+        pr_num=$(gh pr list -s open -H "${branch_name}" -q . --json number | jq ".[] | .number")
+        # create a branch if there's no open pull request associated with the
+        # branch; otherwise checkout the pull request.
+        if [ -z "${pr_num}" ]; then
+          git checkout -b "${branch_name}"
+        else
+          gh pr checkout "${pr_num}"
+        fi
+        echo "pr_num=${pr_num}" >> "$GITHUB_ENV"
+      env:
+        GH_TOKEN: ${{ secrets.CLOUD_JAVA_BOT_TOKEN }}
     - name: setup docker environment
       shell: bash
       run: |
@@ -18,10 +48,22 @@ jobs:
           docker volume rm repo-google-cloud-java
         fi
         docker volume create --name "repo-google-cloud-java" --opt "type=none" --opt "device=$(pwd)" --opt "o=bind"
+    - name: update googleapis commit to latest
+      id: update-commit
+      shell: bash
+      run: |
+        mkdir tmp-googleapis
+        # use partial clone because only commit history is needed.
+        git clone --filter=blob:none https://github.com/googleapis/googleapis.git tmp-googleapis
+        pushd tmp-googleapis
+        git pull
+        latest_commit=$(git rev-parse HEAD)
+        popd
+        rm -rf tmp-googleapis
+        sed -i -e "s/^googleapis_commitish.*$/googleapis_commitish: ${latest_commit}/" generation_config.yaml
     - name: generate from configuration
       shell: bash
       run: |
-        repo_volumes="-v repo-google-cloud-java:/workspace/google-cloud-java"
         docker run --rm \
           ${repo_volumes} \
           -v /tmp:/tmp \
@@ -30,3 +72,40 @@ jobs:
           -e "REPO_BINDING_VOLUMES=${repo_volumes}" \
           gcr.io/cloud-devrel-public-resources/java-library-generation:latest \
           python /src/generate_repo.py generate --generation-config-yaml=/workspace/google-cloud-java/generation_config.yaml --repository-path=/workspace/google-cloud-java
+    - name: generate pull request description
+      id: generate-description
+      shell: bash
+      run: |
+        # the pr description (body) will be available in pr-description.txt after
+        # running this command.
+        set -x
+        docker run --rm \
+          ${repo_volumes} \
+          -v /tmp:/tmp \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          -e "RUNNING_IN_DOCKER=true" \
+          -e "REPO_BINDING_VOLUMES=${repo_volumes}" \
+          gcr.io/cloud-devrel-public-resources/java-library-generation:latest \
+          python /src/generate_pr_description.py generate --generation-config-yaml=/workspace/google-cloud-java/generation_config.yaml --baseline-commit="${baseline_commit}"
+      env:
+        baseline_commit: ${{ env.baseline_commit }}
+    - name: create or update the pull request
+      shell: bash
+      run: |
+        title="chore: generate libraries at $(date)"
+        git add java-* pom.xml gapic-libraries-bom/pom.xml versions.txt generation_config.yaml
+        git commit -m "chore: ${title}"
+        if [ -z "${pr_num}" ]; then
+          git remote add monorepo https://cloud-java-bot:${GH_TOKEN}@github.com/${{ github.repository }}.git
+          git fetch -q --unshallow monorepo
+          git push -f monorepo "${branch_name}"
+          set -x
+          gh pr create --title "${title}" --label "owlbot:run" --head "${branch_name}" --body "$(cat pr_description.txt)"
+        else
+          git push
+          gh pr edit "${pr_num}" --title "${title}"
+          gh pr edit "${pr_num}" --body "$(cat pr_description.txt)"
+        fi
+      env:
+        GH_TOKEN: ${{ secrets.CLOUD_JAVA_BOT_TOKEN }}
+        pr_num: ${{ env.pr_num }}

generation_config.yaml

@@ -1,6 +1,6 @@
 gapic_generator_version: 2.37.0
 protobuf_version: '25.2'
-googleapis_commitish: 20c357f6f5c7b995b617b15cab61999e6574bdab
+googleapis_commitish: 6500290663163ba7dc6e0a35231772f5f78c3b62
 owlbot_cli_image: sha256:623647ee79ac605858d09e60c1382a716c125fb776f69301b72de1cd35d49409
 synthtool_commitish: 6612ab8f3afcd5e292aecd647f0fa68812c9f5b5
 template_excludes:
@@ -167,6 +167,14 @@ libraries:
   GAPICs:
   - proto_path: google/appengine/v1
 
+- api_shortname: apphub
+  name_pretty: App Hub API
+  product_documentation: https://cloud.google.com/app-hub/docs/overview
+  api_description: App Hub simplifies the process of building, running, and managing applications on Google Cloud.
+  rpc_documentation: https://cloud.google.com/app-hub/docs/reference/rpc
+  GAPICs:
+  - proto_path: google/cloud/apphub/v1
+
 - api_shortname: area120tables
   name_pretty: Area 120 Tables
   product_documentation: https://area120.google.com/
@@ -434,6 +442,14 @@ libraries:
   GAPICs:
   - proto_path: google/cloud/channel/v1
 
+- api_shortname: chat
+  name_pretty: Google Chat API
+  product_documentation: https://developers.google.com/chat/concepts
+  api_description: The Google Chat API lets you build Chat apps to integrate your services with Google Chat and manage Chat resources such as spaces, members, and messages.
+  rest_documentation: https://developers.google.com/chat/api/reference/rest
+  GAPICs:
+  - proto_path: google/chat/v1
+
 - api_shortname: cloudbuild
   name_pretty: Cloud Build
   product_documentation: https://cloud.google.com/cloud-build/
@@ -459,6 +475,14 @@ libraries:
   - proto_path: google/cloud/commerce/consumer/procurement/v1
   - proto_path: google/cloud/commerce/consumer/procurement/v1alpha1
 
+- api_shortname: cloudcontrolspartner
+  name_pretty: Cloud Controls Partner API
+  product_documentation: https://cloud.google.com/sovereign-controls-by-partners/docs/sovereign-partners
+  api_description: Provides insights about your customers and their Assured Workloads based on your Sovereign Controls by Partners offering.
+  GAPICs:
+  - proto_path: google/cloud/cloudcontrolspartner/v1
+  - proto_path: google/cloud/cloudcontrolspartner/v1beta
+
 - api_shortname: cloudquotas
   name_pretty: Cloud Quotas API
   product_documentation: https://cloud.google.com/cloudquotas/docs/
@@ -490,7 +514,6 @@ libraries:
   excluded_dependencies: grpc-google-cloud-compute-v1
   GAPICs:
   - proto_path: google/cloud/compute/v1
-  - proto_path: google/cloud/compute/v1small
 
 - api_shortname: confidentialcomputing
   name_pretty: Confidential Computing API
@@ -922,7 +945,6 @@ libraries:
   GAPICs:
   - proto_path: google/cloud/gkehub/v1
   - proto_path: google/cloud/gkehub/v1alpha
-  - proto_path: google/cloud/gkehub/v1alpha2
   - proto_path: google/cloud/gkehub/v1beta
   - proto_path: google/cloud/gkehub/v1beta1
 
@@ -1336,6 +1358,7 @@ libraries:
   api_id: policy-troubleshooter.googleapis.com
   GAPICs:
   - proto_path: google/cloud/policytroubleshooter/v1
+  - proto_path: google/cloud/policytroubleshooter/iam/v3
 
 - api_shortname: policysimulator
   name_pretty: Policy Simulator API
@@ -1530,7 +1553,7 @@ libraries:
   - proto_path: google/cloud/security/privateca/v1
   - proto_path: google/cloud/security/privateca/v1beta1
 
- # duplicated api_shortname
+# duplicated api_shortname
 - api_shortname: securitycenter
   name_pretty: Security Command Center
   product_documentation: https://cloud.google.com/security-command-center
@@ -1549,6 +1572,7 @@ libraries:
   - proto_path: google/cloud/securitycenter/v1
   - proto_path: google/cloud/securitycenter/v1beta1
   - proto_path: google/cloud/securitycenter/v1p1beta1
+  - proto_path: google/cloud/securitycenter/v2
 
 - api_shortname: securitycenter
   name_pretty: Security Command Center Settings API
@@ -1570,6 +1594,13 @@ libraries:
   GAPICs:
   - proto_path: google/cloud/securitycentermanagement/v1
 
+- api_shortname: securityposture
+  name_pretty: Security Posture API
+  product_documentation: https://cloud.google.com/security-command-center/docs/security-posture-overview
+  api_description: Security Posture is a comprehensive framework of policy sets that empowers organizations to define, assess early, deploy, and monitor their security measures in a unified way and helps simplify governance and reduces administrative toil.
+  GAPICs:
+  - proto_path: google/cloud/securityposture/v1
+
 - api_shortname: servicecontrol
   name_pretty: Service Control API
   product_documentation: https://cloud.google.com/service-infrastructure/docs/overview/
@@ -1964,6 +1995,14 @@ libraries:
   - proto_path: google/cloud/workflows/v1
   - proto_path: google/cloud/workflows/v1beta
 
+- api_shortname: workspaceevents
+  name_pretty: Google Workspace Events API
+  product_documentation: https://developers.google.com/workspace/events
+  api_description: The Google Workspace Events API lets you subscribe to events and manage change notifications across Google Workspace applications.
+  rest_documentation: https://developers.google.com/workspace/events/reference/rest
+  GAPICs:
+  - proto_path: google/apps/events/subscriptions/v1
+
 - api_shortname: workstations
   name_pretty: Cloud Workstations
   product_documentation: https://cloud.google.com/workstations