ensure that submodule bumps are reachable (#5070)

It occurs sometimes that a submodule is bumped to a PR commit instead of
the corresponding canonical branch (as registered in `.gitmodules`).
Because we typically use `squash`, that PR commit can subsequently
become unreachable, randomly breaking the build of `nimbus-eth2`.
Prevent these accidents by only allowing submodule bumps to commits
on the branch registered in `.gitmodules`. On private branches, simply
update `.gitmodules` to match the personal dev branch.
This commit is contained in:
Etan Kissling 2023-06-14 03:34:49 +02:00 committed by GitHub
parent 6671965fd9
commit 845bd3d570
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 1 deletions

View File

@ -163,6 +163,25 @@ jobs:
${make_cmd} -j ${ncpu} NIM_COMMIT=${{ matrix.branch }} ARCH_OVERRIDE=${PLATFORM} QUICK_AND_DIRTY_COMPILER=1 update ${make_cmd} -j ${ncpu} NIM_COMMIT=${{ matrix.branch }} ARCH_OVERRIDE=${PLATFORM} QUICK_AND_DIRTY_COMPILER=1 update
./env.sh nim --version ./env.sh nim --version
- name: Check submodules (Linux)
if: github.event_name == 'pull_request' && runner.os == 'Linux'
run: |
while read -r file; do
commit="$(git -C "$file" rev-parse HEAD)"
if ! branch="$(git config -f .gitmodules --get "submodule.$file.branch")"; then
echo "Submodule '$file': '.gitmodules' lacks 'branch' entry"
exit 2
fi
if ! error="$(git -C "$file" fetch -q origin "$branch")"; then
echo "Submodule '$file': Failed to fetch '$branch': $error"
exit 2
fi
if ! git -C "$file" merge-base --is-ancestor "$commit" "origin/$branch"; then
echo "Submodule '$file': '$commit' is not on '$branch'"
exit 2
fi
done < <(git diff --name-only --diff-filter=AM HEAD^ HEAD | grep -f <(git config --file .gitmodules --get-regexp path | awk '{ print $2 }') || true)
- name: Get latest fixtures commit hash - name: Get latest fixtures commit hash
id: fixtures_version id: fixtures_version
run: | run: |

8
.gitmodules vendored
View File

@ -203,9 +203,15 @@
[submodule "vendor/gnosis-chain-configs"] [submodule "vendor/gnosis-chain-configs"]
path = vendor/gnosis-chain-configs path = vendor/gnosis-chain-configs
url = https://github.com/gnosischain/configs.git url = https://github.com/gnosischain/configs.git
ignore = untracked
branch = main
[submodule "vendor/sepolia"] [submodule "vendor/sepolia"]
path = vendor/sepolia path = vendor/sepolia
url = https://github.com/eth-clients/sepolia.git url = https://github.com/eth-clients/sepolia.git
ignore = untracked
branch = main
[submodule "vendor/nim-kzg4844"] [submodule "vendor/nim-kzg4844"]
path = vendor/nim-kzg4844 path = vendor/nim-kzg4844
url = https://github.com/status-im/nim-kzg4844/ url = https://github.com/status-im/nim-kzg4844.git
ignore = untracked
branch = master