From 845bd3d5703961a894d90985f3ad0e86965b1630 Mon Sep 17 00:00:00 2001 From: Etan Kissling Date: Wed, 14 Jun 2023 03:34:49 +0200 Subject: [PATCH] ensure that submodule bumps are reachable (#5070) It occurs sometimes that a submodule is bumped to a PR commit instead of the corresponding canonical branch (as registered in `.gitmodules`). Because we typically use `squash`, that PR commit can subsequently become unreachable, randomly breaking the build of `nimbus-eth2`. Prevent these accidents by only allowing submodule bumps to commits on the branch registered in `.gitmodules`. On private branches, simply update `.gitmodules` to match the personal dev branch. --- .github/workflows/ci.yml | 19 +++++++++++++++++++ .gitmodules | 8 +++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4895cfaa7..9426f263e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -163,6 +163,25 @@ jobs: ${make_cmd} -j ${ncpu} NIM_COMMIT=${{ matrix.branch }} ARCH_OVERRIDE=${PLATFORM} QUICK_AND_DIRTY_COMPILER=1 update ./env.sh nim --version + - name: Check submodules (Linux) + if: github.event_name == 'pull_request' && runner.os == 'Linux' + run: | + while read -r file; do + commit="$(git -C "$file" rev-parse HEAD)" + if ! branch="$(git config -f .gitmodules --get "submodule.$file.branch")"; then + echo "Submodule '$file': '.gitmodules' lacks 'branch' entry" + exit 2 + fi + if ! error="$(git -C "$file" fetch -q origin "$branch")"; then + echo "Submodule '$file': Failed to fetch '$branch': $error" + exit 2 + fi + if ! git -C "$file" merge-base --is-ancestor "$commit" "origin/$branch"; then + echo "Submodule '$file': '$commit' is not on '$branch'" + exit 2 + fi + done < <(git diff --name-only --diff-filter=AM HEAD^ HEAD | grep -f <(git config --file .gitmodules --get-regexp path | awk '{ print $2 }') || true) + - name: Get latest fixtures commit hash id: fixtures_version run: | diff --git a/.gitmodules b/.gitmodules index 1b480d921..64b753892 100644 --- a/.gitmodules +++ b/.gitmodules @@ -203,9 +203,15 @@ [submodule "vendor/gnosis-chain-configs"] path = vendor/gnosis-chain-configs url = https://github.com/gnosischain/configs.git + ignore = untracked + branch = main [submodule "vendor/sepolia"] path = vendor/sepolia url = https://github.com/eth-clients/sepolia.git + ignore = untracked + branch = main [submodule "vendor/nim-kzg4844"] path = vendor/nim-kzg4844 - url = https://github.com/status-im/nim-kzg4844/ + url = https://github.com/status-im/nim-kzg4844.git + ignore = untracked + branch = master