-
Notifications
You must be signed in to change notification settings - Fork 1.2k
258 lines (211 loc) · 10.3 KB
/
check-semver.yml
File metadata and controls
258 lines (211 loc) · 10.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
name: Check semver
on:
# for cache
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
workflow_dispatch:
merge_group:
concurrency:
group: check-semver-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
TOOLCHAIN: nightly
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-semver:
runs-on: ubuntu-latest
timeout-minutes: 90
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 2
- name: extra git setup
run: |
git config --global --add safe.directory '*'
git branch old HEAD^1
- name: Comment If Backport
if: ${{ startsWith(github.event.pull_request.base.ref, 'stable') }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.number }}
run: |
echo "This is a backport into stable."
cat > msg.txt <<EOF
This pull request is amending an existing release. Please proceed with extreme caution,
as to not impact downstream teams that rely on the stability of it. Some things to consider:
- Backports are only for 'patch' or 'minor' changes. No 'major' or other breaking change.
- Should be a legit *fix* for some bug, not adding tons of new features.
- Must either be already audited or not need an audit.
<details><summary><i>Emergency Bypass</i></summary>
<p>
If you really need to bypass this check: add <code>validate: false</code> to each crate
in the Prdoc where a breaking change is introduced. This will release a new major
version of that crate and all its reverse dependencies and basically break the release.
</p>
</details>
EOF
gh issue comment $PR --edit-last -F msg.txt || gh issue comment $PR -F msg.txt
echo "PRDOC_EXTRA_ARGS=--max-bump minor" >> $GITHUB_ENV
- name: Rust Cache
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: Rust compilation prerequisites
run: |
rustup default $TOOLCHAIN
rustup target add wasm32-unknown-unknown --toolchain $TOOLCHAIN
rustup component add rust-src --toolchain $TOOLCHAIN
- name: Install parity-publish
run: |
apt-get update && apt-get install -y --no-install-recommends libcurl4-openssl-dev pkg-config
# Set the target dir to cache the build.
CARGO_TARGET_DIR=./target/ cargo install parity-publish@0.10.10 --locked -q
- name: Get original PR number
shell: bash
if: ${{ github.ref != 'refs/heads/master' }}
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
. ./.github/scripts/common/lib.sh
original_pr_number=''
echo "Checking PR title: $PR_TITLE"
if [[ "$PR_TITLE" =~ 'Backport' ]]; then
# Extracting the original PR number from the backport's PR title
original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE")
echo "Extracted PR number: $original_pr_number"
else
original_pr_number=${{ github.event.pull_request.number }}
fi
echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV
- name: Check semver
if: ${{ github.ref != 'refs/heads/master' }}
shell: bash
env:
PRDOC_EXTRA_ARGS: ${{ env.PRDOC_EXTRA_ARGS }}
PR: ${{ env.PR_NUMBER }}
BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
PR_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
run: |
if [ -z "$PR" ]; then
echo "Skipping master/merge queue"
exit 0
fi
# Skip semver check if PR targets stable branch and has R0-no-crate-publish-require label
if [[ "$BASE_BRANCH" =~ ^stable[0-9]{4}$ ]]; then
if echo "$PR_LABELS" | grep -q "R0-no-crate-publish-require"; then
echo "ℹ️ Skipping the SemVer check is not recommended and should only be done in rare cases: PR targets stable branch '$BASE_BRANCH' and has 'R0-no-crate-publish-require' label."
exit 0
fi
fi
export CARGO_TARGET_DIR=target
export RUSTFLAGS='-A warnings -A missing_docs'
export SKIP_WASM_BUILD=1
prdoc_file="prdoc/pr_$PR.prdoc"
# Always run parity-publish to check for all issues (mismatches and missing crates)
# Capture output to check for specific error types
parity_output=$(mktemp)
if ! parity-publish --color always prdoc --since old --validate prdoc/pr_$PR.prdoc $PRDOC_EXTRA_ARGS -v --toolchain $TOOLCHAIN 2>&1 | tee "$parity_output"; then
# Check if there are missing crates (files changed but not listed in prdoc)
if grep -q "Files changed but crate not listed in PR Doc" "$parity_output"; then
rm -f "$parity_output"
cat <<EOF
👋 Hello developer! The SemVer check found crates with changes that are not listed in the prdoc file.
It is recommended to add all changed crates to the prdoc.
Please check the output above and see the following links for more help:
- https://github.com/paritytech/polkadot-sdk/blob/master/docs/contributor/prdoc.md#record-semver-changes
- https://forum.polkadot.network/t/psa-polkadot-sdk-to-use-semver
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
exit 1
fi
rm -f "$parity_output"
# Check if any crate has validate: false to override semver mismatch failures
if grep -q "validate:[[:space:]]*false" "$prdoc_file"; then
echo ""
echo "ℹ️ Found crates with 'validate: false' in prdoc. Semver validation failure is overridden."
echo "⚠️ Please ensure the semver override is justified and documented in the PR description."
else
# No validate: false found, fail with error message
cat <<EOF
👋 Hello developer! The SemVer information that you declared in the prdoc file did not match what the CI detected.
Please check the output above and see the following links for more help:
- https://github.com/paritytech/polkadot-sdk/blob/master/docs/contributor/prdoc.md#record-semver-changes
- https://forum.polkadot.network/t/psa-polkadot-sdk-to-use-semver
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
exit 1
fi
else
rm -f "$parity_output"
fi
# Only enforce SemVer restrictions for backports targeting stable branches
if [[ "$BASE_BRANCH" != stable* && "$BASE_BRANCH" != unstable* ]]; then
echo "ℹ️ Branch '$BASE_BRANCH' is not a (un)stable branch. Skipping SemVer backport-specific enforcements."
exit 0
fi
echo "🔍 Backport branch detected, checking for disallowed semver changes..."
# Check for minor/patch bumps with validate: false
if grep -qE "bump:[[:space:]]*(minor|patch)" "$prdoc_file"; then
minor_patch_temp=$(mktemp)
grep -A1 -E "bump:[[:space:]]*(minor|patch)" "$prdoc_file" > "$minor_patch_temp"
has_validate_false=false
while read -r line; do
if [[ "$line" =~ bump:[[:space:]]*(minor|patch) ]]; then
read -r next_line || true
if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then
has_validate_false=true
break
fi
fi
done < "$minor_patch_temp"
rm -f "$minor_patch_temp"
if [ "$has_validate_false" = true ]; then
echo "ℹ️ Found minor/patch bumps with validate: false override. Semver validation was skipped for these crates by parity-publish."
fi
fi
# Check if there are any major bumps
if ! grep -q "bump:[[:space:]]*major" "$prdoc_file"; then
echo "✅ All semver changes in backport are valid (minor, patch, or none)."
exit 0
fi
# Process each major bump and check the next line
temp_file=$(mktemp)
grep -A1 "bump:[[:space:]]*major" "$prdoc_file" > "$temp_file"
error_found=false
while IFS= read -r line; do
if [[ "$line" =~ bump:[[:space:]]*major ]]; then
# This is the bump line, read the next line
if IFS= read -r next_line; then
if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then
continue # This major bump is properly validated
else
error_found=true
break
fi
else
# No next line, means no validate: false
error_found=true
break
fi
fi
done < "$temp_file"
rm -f "$temp_file"
if [ "$error_found" = true ]; then
echo "❌ Error: Found major bump without 'validate: false'"
echo "📘 See: https://github.com/paritytech/polkadot-sdk/blob/master/docs/contributor/prdoc.md#backporting-prs"
echo "🔧 Add 'validate: false' after the major bump in $prdoc_file with justification."
exit 1
fi
# If we reach here, all major bumps have validate: false
echo "⚠️ Backport contains major bumps, but they are all marked with validate: false."
echo "✅ Semver override accepted. Please ensure justification is documented in the PR description."