-
Notifications
You must be signed in to change notification settings - Fork 463
69 lines (62 loc) · 2.59 KB
/
submodule-pin-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: Merge Checks
on:
pull_request_target:
branches: [ master ]
types: [synchronize, opened, reopened]
permissions:
statuses: write
jobs:
submodule-pin-check:
name: Check Submodule Pin
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: true
ref: "${{ github.event.pull_request.merge_commit_sha }}"
- name: Check all submodules are ancestors of origin/HEAD or configured branch
run: |
status_state="pending"
declare -Ar exceptions=(
[contracts]=origin/develop
[nitro-testnode]=origin/master
#TODO Rachel to check these are the intended branches.
[arbitrator/langs/c]=origin/vm-storage-cache
[arbitrator/tools/wasmer]=origin/adopt-v4.2.8
)
divergent=0
for mod in `git submodule --quiet foreach 'echo $name'`; do
branch=origin/HEAD
if [[ -v exceptions[$mod] ]]; then
branch=${exceptions[$mod]}
fi
if ! git -C $mod merge-base --is-ancestor HEAD $branch; then
echo $mod diverges from $branch
divergent=1
fi
done
if [ $divergent -eq 0 ]; then
status_state="success"
else
resp="$(curl -sSL --fail-with-body \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$GITHUB_REPOSITORY/commits/${{ github.event.pull_request.head.sha }}/statuses")"
if ! jq -e '.[] | select(.context == "Submodule Pin Check")' > /dev/null <<< "$resp"; then
# Submodule pin check is failling and no status exists
# Keep it without a status to keep the green checkmark appearing
# Otherwise, the commit and PR's CI will appear to be indefinitely pending
# Merging will still be blocked until the required status appears
exit 0
fi
fi
curl -sSL --fail-with-body \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$GITHUB_REPOSITORY/statuses/${{ github.event.pull_request.head.sha }}" \
-d '{"context":"Submodule Pin Check","state":"'"$status_state"'"}'