ci: add a rebase check to the merge-pr script (#28250)

Adds a check to verify that each PR branch to be merged upstream contains SHAs of commits that significantly changed our CI infrastructure.

This check is used to enforce that we don't merge PRs that have not been rebased recently and could result in merging of non-approved or otherwise bad changes.

PR Close #28250
This commit is contained in:
Igor Minar 2019-01-18 07:44:56 -08:00 committed by Alex Rickabaugh
parent 73dcd72afb
commit 9dabeea807
1 changed files with 32 additions and 2 deletions

View File

@ -1,6 +1,9 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -u -e -o pipefail # https://www.tldp.org/LDP/abs/html/options.html#AEN19601
# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
set -u -e -E -o pipefail
BASEDIR=$(dirname "$0") BASEDIR=$(dirname "$0")
BASEDIR=`(cd $BASEDIR; pwd)` BASEDIR=`(cd $BASEDIR; pwd)`
@ -107,11 +110,26 @@ REWRITE_MESSAGE="git filter-branch -f --msg-filter \"$BASEDIR/utils/github_close
PUSH_BRANCHES="git push git@github.com:angular/angular.git merge_pr_master:$MASTER_BRANCH merge_pr_patch:$PATCH_BRANCH" PUSH_BRANCHES="git push git@github.com:angular/angular.git merge_pr_master:$MASTER_BRANCH merge_pr_patch:$PATCH_BRANCH"
CHERRY_PICK_PR="git cherry-pick merge_pr_base..merge_pr" CHERRY_PICK_PR="git cherry-pick merge_pr_base..merge_pr"
# Checks that each PR branch to be merged upstream contains SHAs of commits that significantly changed our CI infrastructure.
#
# This check is used to enforce that we don't merge PRs that have not been rebased recently and could result in merging
# of non-approved or otherwise bad changes.
REQUIRED_BASE_SHA_MASTER="3fba6eff79a9b50909199eaa4ebf754c1c4adba6" # pullapprove => CODEOWNERS migration
REQUIRED_BASE_SHA_PATCH="e3853e842ea5c10fafbc310a76a4a7f47ed8c65e" # pullapprove => CODEOWNERS migration
if [[ $MERGE_MASTER == 1 ]]; then
REQUIRED_BASE_SHA="$REQUIRED_BASE_SHA_MASTER"
# check patch only if patch-only PR
elif [[ $MERGE_PATCH == 1 ]]; then
REQUIRED_BASE_SHA="$REQUIRED_BASE_SHA_PATCH"
fi
CHECK_IF_PR_REBASED="git branch --quiet merge_pr --contains $REQUIRED_BASE_SHA"
echo "======================" echo "======================"
echo "GitHub Merge PR Steps" echo "GitHub Merge PR Steps"
echo "======================" echo "======================"
echo " $FETCH_PR" echo " $FETCH_PR"
echo " $BASE_PR" echo " $BASE_PR"
echo " $CHECK_IF_PR_REBASED"
echo " $SQUASH_PR" echo " $SQUASH_PR"
echo " $REWRITE_MESSAGE" echo " $REWRITE_MESSAGE"
if [[ $MERGE_MASTER == 1 ]]; then if [[ $MERGE_MASTER == 1 ]]; then
@ -127,6 +145,19 @@ echo ">>> Fetch PR: $FETCH_PR"
$FETCH_PR $FETCH_PR
echo ">>> Mark base: $BASE_PR" echo ">>> Mark base: $BASE_PR"
$BASE_PR $BASE_PR
echo ">>> Check if PR rebased: $CHECK_IF_PR_REBASED"
if [[ $($CHECK_IF_PR_REBASED) != "" ]]; then
echo "The PR is sufficiently rebased!"
else
echo ""
echo ""
echo "Failed to merge pull request #${PR_NUMBER} because it hasn't been rebased recently and could be bypassing new or updated CI checks!"
echo ""
echo "Please rebase the PR and try again."
echo ""
$RESTORE_BRANCH
exit 1
fi
echo ">>> Autosquash: $SQUASH_PR" echo ">>> Autosquash: $SQUASH_PR"
GIT_EDITOR=echo $SQUASH_PR GIT_EDITOR=echo $SQUASH_PR
echo ">>> Rewrite message: $REWRITE_MESSAGE" echo ">>> Rewrite message: $REWRITE_MESSAGE"
@ -153,4 +184,3 @@ if [[ $PUSH_UPSTREAM == 1 ]]; then
fi fi
echo echo
echo ">>>>>> SUCCESS <<<<<< PR#$PR_NUMBER merged." echo ">>>>>> SUCCESS <<<<<< PR#$PR_NUMBER merged."