Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ci): go list check versions available for untagged dependencies #12774

Merged
merged 1 commit into from
Dec 18, 2024
Merged

feat(ci): go list check versions available for untagged dependencies #12774

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 32 additions & 7 deletions .github/workflows/dependency-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,18 @@ jobs:
dependency-check:
runs-on: ubuntu-latest
name: Dependency Check
env:
V0_PATTERN: 'v0\.0\.0-[0-9]{14}-[0-9a-f]{7,}(\s*(\/\/.*)?)?$'
RELEASE_PATTERN: 'v[0-9]+\.[0-9]+\.[0-9]+(\+incompatible)?(\s*(\/\/.*)?)?$'
IGNORE_PATTERN: 'dependency-check-ignore:\s'

steps:
- uses: actions/checkout@v3
name: Check out the repository
with:
submodules: 'recursive'
- uses: ./.github/actions/install-go

- id: all
name: Extract all dependencies from go.mod (include indirect dependencies and comments)
run: |
Expand All @@ -38,30 +45,48 @@ jobs:
# Append the result to the file specified by the GITHUB_OUTPUT environment variable.
tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- id: unreleased
name: Find all dependencies that use prerelease versions (i.e., exclude vX.Y.Z and v0.0.0 versions)
env:
DEPENDENCIES: ${{ steps.all.outputs.dependencies }}
run: |
echo "dependencies<<EOF" >> $GITHUB_OUTPUT
grep -Pv '(v0\.0\.0-[0-9]{14}-[0-9a-f]{7,}|v[0-9]+\.[0-9]+\.[0-9]+(\+incompatible)?)( |$)' <<< "$DEPENDENCIES" | tee -a $GITHUB_OUTPUT
grep -Pv "$V0_PATTERN|$RELEASE_PATTERN" <<< "$DEPENDENCIES" | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- id: unexplained
name: Find all unreleased dependencies without a dependency-check-ignore comment
env:
DEPENDENCIES: ${{ steps.unreleased.outputs.dependencies }}
run: |
echo "dependencies<<EOF" >> $GITHUB_OUTPUT
grep -Pv 'dependency-check-ignore:\s' <<< "$DEPENDENCIES" | tee -a $GITHUB_OUTPUT
grep -Pv "$IGNORE_PATTERN" <<< "$DEPENDENCIES" | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- if: steps.unexplained.outputs.dependencies != ''
name: Throw if any unreleased unexplained dependencies exist

- id: v0check
name: Check v0.0.0 dependencies for available tags
run: |
echo "tagged<<EOF" >> $GITHUB_OUTPUT
grep -P "$V0_PATTERN" go.mod | grep -Pv "$IGNORE_PATTERN" | while read -r line; do
dep=$(echo "$line" | cut -d' ' -f1)
if [ ! -z "$(go list -m -versions $dep 2>/dev/null | awk 'NF>1')" ]; then
echo "$dep"
fi
done | tee -a $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- if: steps.unexplained.outputs.dependencies != '' || steps.v0check.outputs.tagged != ''
name: Throw if any unexplained dependencies exist
env:
MESSAGE: |
A new unreleased and unexplained dependency was discovered in this PR. Please do one of the options in [dependency management conventions](https://github.com/filecoin-project/lotus/blob/master/CONTRIBUTING.md#dependency-management).
Dependencies requiring attention found in this PR. Please follow the [dependency management conventions](https://github.com/filecoin-project/lotus/blob/master/CONTRIBUTING.md#dependency-management).

${{ steps.unexplained.outputs.dependencies != '' && 'Unexplained unreleased dependencies:' || '' }}
${{ steps.unexplained.outputs.dependencies }}

Unexplained unreleased dependencies:
${{steps.unexplained.outputs.dependencies}}
${{ steps.v0check.outputs.tagged != '' && 'Unexplained v0.0.0 dependencies with available tags:' || '' }}
${{ steps.v0check.outputs.tagged }}
run: |
echo "::error::${MESSAGE//$'\n'/%0A}"
exit 1
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ require (
github.com/gorilla/websocket v1.5.3
github.com/gregdhill/go-openrpc v0.0.0-20220114144539-ae6f44720487
github.com/hako/durafmt v0.0.0-20200710122514-c0fb7b4da026
github.com/hannahhoward/go-pubsub v0.0.0-20200423002714-8d62886cc36e
github.com/hannahhoward/go-pubsub v0.0.0-20200423002714-8d62886cc36e // dependency-check-ignore: TODO: needs upgrading to tagged version
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/golang-lru/arc/v2 v2.0.7
github.com/hashicorp/golang-lru/v2 v2.0.7
Expand Down Expand Up @@ -352,7 +352,7 @@ require (
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect; dependency-check-ignore: required by github.com/elastic/go-sysinfo
lukechampine.com/blake3 v1.3.0 // indirect
rsc.io/tmplfunc v0.0.3 // indirect
)
Loading