Skip to content

Forwarder refactor #874

Forwarder refactor

Forwarder refactor #874

name: Merge Checks
on:
pull_request_target:
branches: [ master ]
types: [synchronize, opened, reopened]
permissions:
statuses: write
jobs:
submodule-pin-check:
name: Check Submodule Pin
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: true
- name: Check all submodules are ancestors of origin/HEAD or configured branch
run: |
status_state="pending"
if ${{ github.workspace }}/.github/workflows/submodule-pin-check.sh; then
status_state="success"
else
resp="$(curl -sSL --fail-with-body \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$GITHUB_REPOSITORY/commits/${{ github.event.pull_request.head.sha }}/statuses")"
if ! jq -e '.[] | select(.context == "Submodule Pin Check")' > /dev/null <<< "$resp"; then
# Submodule pin check is failling and no status exists
# Keep it without a status to keep the green checkmark appearing
# Otherwise, the commit and PR's CI will appear to be indefinitely pending
# Merging will still be blocked until the required status appears
exit 0
fi
fi
curl -sSL --fail-with-body \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$GITHUB_REPOSITORY/statuses/${{ github.event.pull_request.head.sha }}" \
-d '{"context":"Submodule Pin Check","state":"'"$status_state"'"}'