Check unmerged commits in dependencies

This adds a script which examines submariner-io dependencies with versions referencing untagged git commits, that is to say commits which haven't been released. It ensures that any such dependencies point to a commit in the relevant branch, to avoid merging PRs with pointers to unmerged commits. Since the project rebases on PR merge, the commit hashes change, and dependent PRs can end up being merged with a reference to an in-development commit; that can break local builds. Since Shipyard doesn't have any submariner-io dependencies, this isn't integrated into CI yet; it will be used in other Submariner projects. Signed-off-by: Stephen Kitt <[email protected]>
submariner-io · Oct 10, 2024 · 60515ef · 60515ef
1 parent ed96522
commit 60515ef
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/scripts/shared/check-non-release-versions.sh b/scripts/shared/check-non-release-versions.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+tmpdir=$(mktemp -d)
+trap 'rm -rf $tmpdir' EXIT
+
+# List all submariner-io dependencies with a - in their version
+# We're looking for versions pointing to commits, of the form
+# vX.Y.Z-0.YYYYMMDDhhmmss-hash
+failed=0
+shopt -s lastpipe
+GOWORK=off go list -m -mod=mod -json all |
+    jq -r 'select(.Path | contains("/submariner-io/")) | select(.Main != true) | select(.Version | contains ("-")) | select(.Version | length > 14) | "\(.Path) \(.Version)"' |
+    while read -r project version; do
+        cd "$tmpdir" || exit 1
+        git clone "https://$project"
+        cd "${project##*/}" || exit 1
+        hash="${version##*-}"
+        branch="${GITHUB_BASE_REF:-devel}"
+        if ! git merge-base --is-ancestor "$hash" "origin/$branch"; then
+            printf "This project depends on %s %s\n" "$project" "$version"
+            printf "but %s branch %s does not contain commit %s\n" "$project" "$branch" "$hash"
+            failed=1
+        fi
+    done
+
+exit $failed