Skip to content

chore: bulletproofing crypto box to cc migration (WPB-14250) #6526

chore: bulletproofing crypto box to cc migration (WPB-14250)

chore: bulletproofing crypto box to cc migration (WPB-14250) #6526

name: "Validate Kalium References"
on:
pull_request:
types: [ opened, synchronize ] # Don't rerun on `edited` to save time
paths:
- 'kalium'
jobs:
validate-kalium-ref:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive # Needed in order to fetch Kalium sources for building
fetch-depth: 0
- name: Run git merge-base
id: validate_kalium
env:
GH_BASE_REF: ${{github.base_ref}}
continue-on-error: true
# git merge-base --is-ancestor A B returns 0 when A is ancestor of B
# In our case, if FROM is not an ancestor of TO, then it returns 1
run: |
KALIUM_TO_REF="$(git rev-parse HEAD:kalium)"
git fetch
git checkout "$GH_BASE_REF"
git pull
git submodule update
KALIUM_FROM_REF="$(git rev-parse HEAD:kalium)"
echo "kalium_from=$KALIUM_FROM_REF" >> $GITHUB_OUTPUT
echo "kalium_to=$KALIUM_TO_REF" >> $GITHUB_OUTPUT
cd kalium
git merge-base --is-ancestor "$KALIUM_FROM_REF" "$KALIUM_TO_REF" || echo "is_kalium_rollback=$?" >> $GITHUB_OUTPUT
unset KALIUM_TO_REF
unset KALIUM_FROM_REF
- name: Leave a comment
if: ${{ steps.validate_kalium.outputs.is_kalium_rollback == 1 }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
KALIUM_FROM: ${{ steps.validate_kalium.outputs.kalium_from }}
KALIUM_TO: ${{ steps.validate_kalium.outputs.kalium_to }}
GH_BASE_REF: ${{github.base_ref}}
GH_HEAD_REF: ${{github.head_ref}}
run: |
gh pr comment "$GH_HEAD_REF" --body "@$PR_AUTHOR looks like you are rolling back kalium to a previous commitish.
This means that the PR's target branch ($GH_BASE_REF) is using a newer version of Kalium, and the changes in this PR will rollback Kalium to an older version.
| $GH_BASE_REF | This PR |
| ------------ | ------- |
| [$KALIUM_FROM](https://github.com/wireapp/kalium/tree/$KALIUM_FROM) | [$KALIUM_TO](https://github.com/wireapp/kalium/tree/$KALIUM_TO) |
Is this intentional?"