-
Notifications
You must be signed in to change notification settings - Fork 18
105 lines (90 loc) · 3.78 KB
/
update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
###############################################################################
# _ _ _ _ _____ _
# | | | | | | | | | __ \(_)
# | | ___ | |__ _ __ | |_| |__ ___ | |__) |_ _ __ _ __ ___ _ __
# _ | |/ _ \| '_ \| '_ \ | __| '_ \ / _ \ | _ /| | '_ \| '_ \ / _ \ '__|
# | |__| | (_) | | | | | | | | |_| | | | __/ | | \ \| | |_) | |_) | __/ |
# \____/ \___/|_| |_|_| |_| \__|_| |_|\___| |_| \_\_| .__/| .__/ \___|_|
# | | | |
# |_| |_|
#
# Copyright (c) 2024 Claudio André <[email protected]>
#
# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, as expressed in version 2, seen at
# http://www.gnu.org/licenses/gpl-2.0.html
###############################################################################
# GitHub Action to check if the PR contains the same thing as the main branch
# More info at https://github.com/openwall/john-packages
---
name: Branch updated
"on":
pull_request_target:
permissions:
contents: read
jobs:
fork:
runs-on: ubuntu-latest
name: check-fork
outputs:
commit: ${{ steps.context.outputs.commit }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: ${{ github.event.pull_request.head.repo.full_name != 'openwall/john-packages' }}
with:
fetch-depth: 0
repository: "${{ github.event.pull_request.head.repo.full_name }}"
- name: Get fork context
id: context
if: ${{ github.event.pull_request.head.repo.full_name != 'openwall/john-packages' }}
run: |
BASE_COMMIT=$(git merge-base --fork-point origin/main "${{ github.event.pull_request.head.sha }}" || true)
echo "commit=$BASE_COMMIT" >> "$GITHUB_OUTPUT"
validate:
needs: [fork]
runs-on: ubuntu-latest
name: check-updated
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Validate
run: |
ANCESTOR=1
if [[ "${{ github.event.pull_request.head.repo.full_name }}" == 'openwall/john-packages' ]]; then
BASE_COMMIT="${{ github.event.pull_request.head.sha }}"
else
BASE_COMMIT="${{ needs.fork.outputs.commit }}"
fi
echo "----------- The difference between working tree and index ------------"
git diff-index origin/main
echo "----------------------------------------------------------------------"
echo "The downward commit is: '$BASE_COMMIT'"
echo "----------------------------------------------------------------------"
if [[ -n "$BASE_COMMIT" ]]; then
ANCESTOR=$(git merge-base --is-ancestor origin/main "$BASE_COMMIT"; echo $?)
fi
if [[ "ANCESTOR" -ne 0 ]]; then
echo "This branch is not up to date with main. Please, update!"
exit 1
fi