Skip to content

jenkins: add check for checked out commit #4046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
richardlau merged 3 commits into from
Mar 25, 2025
Merged

jenkins: add check for checked out commit #4046

richardlau merged 3 commits into from
Mar 25, 2025

Conversation

@richardlau
Copy link
Member

@richardlau richardlau commented Mar 21, 2025

Add a check that the gitref being built has not been updated since the build was requested. Requires COMMIT_SHA_CHECK to be set to the SHA of the commit to build/test.

@richardlau
jenkins: add check for checked out commit
90a494e 
Add a check that the gitref being built has not been updated since the
build was requested. Requires `COMMIT_SHA_CHECK` to be set to the SHA
of the commit to build/test.
richardlau
richardlau commented Mar 21, 2025
View reviewed changes
jenkins/scripts/node-test-commit-pre.sh Outdated
Comment on lines 30 to 35
# COMMIT_SHA_CHECK needs to be set in the job. Check that the gitref
# that is checked out hasn't been updated since the job was requested.
if [ "$(git rev-parse HEAD)" != "$(git rev-parse ${COMMIT_SHA_CHECK})" ]; then
echo "HEAD does not match expected COMMIT_SHA_CHECK"
exit 1
fi
Copy link
Member Author

@richardlau richardlau Mar 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might be able to change the checkout on L20 above to checkout $COMMIT_SHA_CHECK but I don't know if anything will break (for example, the subsequent possible rebase?) if the checkout is a "detached HEAD" state and not a checkout of a branch.

Copy link
Member

@UlisesGascon UlisesGascon Mar 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can deploy the change and monitor for errors.

@richardlau
Copy link
Member Author

richardlau commented Mar 24, 2025

I've added an extra check that COMMIT_SHA_CHECK looks like a SHA and not some other gitref (such as a branch, e.g. refs/pull/<pr id>/head).

@richardlau richardlau merged commit a65c8bc into main Mar 25, 2025
4 checks passed
@richardlau richardlau deleted the shacheck branch March 25, 2025 15:55
@UlisesGascon UlisesGascon mentioned this pull request Mar 25, 2025
Merged
richardlau pushed a commit that referenced this pull request Mar 25, 2025
@UlisesGascon
fix: improve support for commit validation in MacOS (#4049)
80238b5 
Refs: #4046
@richardlau richardlau mentioned this pull request Mar 27, 2025
Merged
richardlau added a commit that referenced this pull request Mar 27, 2025
@richardlau
jenkins: relax check for trusted nodejs/node branches (#4052)
a7a185f 
Only enforce the COMMIT_SHA_CHECK verification when:
- The org/repo is not nodejs/node (i.e. outside of our project).
- The org/repo is nodejs/node and the reference is for a pull request.

Refs: #4046
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@UlisesGascon UlisesGascon UlisesGascon approved these changes

Assignees

No one assigned

Labels

jenkins

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@richardlau @UlisesGascon