From b8a2e0cdcad7ff7706e6f3df2808c21fc2e9c723 Mon Sep 17 00:00:00 2001
From: Callum Styan <callumstyan@gmail.com>
Date: Fri, 5 Apr 2024 11:13:11 -0700
Subject: [PATCH] ci: add github action to ensure drone is not broken (#12480)

Signed-off-by: Callum Styan <callumstyan@gmail.com>
---
 .github/workflows/verify-drone.yml | 52 ++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 .github/workflows/verify-drone.yml

diff --git a/.github/workflows/verify-drone.yml b/.github/workflows/verify-drone.yml
new file mode 100644
index 000000000000..9847ddac2914
--- /dev/null
+++ b/.github/workflows/verify-drone.yml
@@ -0,0 +1,52 @@
+name: Verify drone updates
+on: [pull_request]
+jobs:
+  check-drone-changes:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Get changed files
+      # we need continue on error because the git diff | grep pipe can return a non-zero error code if no result is found
+      continue-on-error: true
+      id: changed-files
+      run: |
+            echo "changed_files=$(git diff --name-only .drone/ | xargs)" >> $GITHUB_OUTPUT
+            git diff | grep +hmac
+            echo "sha_updated=$?" >> $GITHUB_OUTPUT
+    - name: Check that drone was updated properly
+      if: always()
+      run: |
+          jsonnetChanged=false
+          yamlChanged=false
+
+          # check whether the drone jsonnet and yaml files were updated
+          for file in ${{ steps.changed-files.outputs.changed_files }}; do
+              echo "$file was changed"
+            if [ "$file" == ".drone/drone.jsonnet" ]; then
+              echo "$file was changed"
+              jsonnetChanged=true
+            fi
+            if [ "$file" == ".drone/drone.yml" ]; then
+              echo "$file was changed"
+              yamlChanged=true
+            fi
+          done
+
+          # if niether file was changed we're okay
+          if { [ "$yamlChanged" = false ] && [ "$jsonnetChanged" = false ]; } then
+            echo "neither file was changed"
+            exit 0
+          fi
+          # if both files were changed then we should ensure that the sha in the yaml was also updated
+          if { [ "$yamlChanged" = true ] && [ "$jsonnetChanged" = true ]; } then
+            # annoyingly, the return value is a string
+            if [ "${{ steps.changed-files.outputs.sha_updated }}" = "0" ]; then
+              echo "both files were changed and sha was updated"
+              exit 0
+            fi
+            echo "both drone yaml and jsonnet were updated but the sha in the yaml file was not updated"
+            exit 1
+          fi
+          # only one of the two files was updated
+          echo "if one of the drone files (yaml or jsonnet) was changed then bothy files must be updated"
+          exit 1
\ No newline at end of file