Experiment to backpropagate Cargo.lock updates to all lock files

solana-labs · Mar 31, 2020 · 7d0a648 · 7d0a648
1 parent 24d887a
commit 7d0a648
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 1 deletion.
diff --git a/ci/docker-run.sh b/ci/docker-run.sh
@@ -76,6 +76,19 @@ ARGS+=(
   --env CRATES_IO_TOKEN
 )
 
+if [[ $BUILDKITE_LABEL == "checks" ]] && echo "$BUILDKITE_BRANCH" | grep -E '^pull/[0-9]+/head$'; then
+  api_base="https://api.github.com/repos/solana-labs/solana/pulls"
+  pr_num=$(echo "$BUILDKITE_BRANCH" | grep -Eo '[0-9]+')
+  branch=$(curl -s "$api_base/$pr_num" | ruby -r json -e 'puts JSON.parse(STDIN.read())["head"]["ref"]')
+  source_repo=$(curl -s "$api_base/$pr_num" | ruby -r json -e 'puts JSON.parse(STDIN.read())["head"]["repo"]["full_name"]')
+
+  if [[ $source_repo == "solana-labs/solana" ]] && echo "$branch" | grep "^dependabot/cargo/"; then
+    export CI_WITH_DEPENDABOT=true
+    ARGS+=(--env CI_WITH_DEPENDABOT)
+  fi
+fi
+
+
 # Also propagate environment variables needed for codecov
 # https://docs.codecov.io/docs/testing-with-docker#section-codecov-inside-docker
 # We normalize CI to `1`; but codecov expects it to be `true` to detect Buildkite...
@@ -96,4 +109,28 @@ fi
 
 set -x
 # shellcheck disable=SC2086
-exec docker run "${ARGS[@]}" $CODECOV_ENVS "$IMAGE" "$@"
+if docker run "${ARGS[@]}" $CODECOV_ENVS "$IMAGE" "$@"; then
+  docker_status=0
+else
+  docker_status=$?
+fi
+
+if [[ -n $CI_WITH_DEPENDABOT && $(git status --short :**/Cargo.lock | wc -l) -gt 0 ]]; then
+  (
+    echo --- "(FAILING) Backpropagating dependabot-triggered Cargo.lock updates"
+    set -x
+
+    git add :**/Cargo.lock
+    NAME="dependabot-buildkite"
+    GIT_AUTHOR_NAME="$NAME" \
+      GIT_COMMITTER_NAME="$NAME" \
+      EMAIL="[email protected]" \
+      git commit -m "Update all Cargo lock files"
+    git push origin "HEAD:$branch"
+
+    echo "Source branch is updated; failing this build for the next"
+    exit 1
+  )
+fi
+
+exit $docker_status
diff --git a/ci/test-checks.sh b/ci/test-checks.sh
@@ -15,6 +15,30 @@ _ git show HEAD --check --oneline
 
 _ cargo +"$rust_stable" fmt --all -- --check
 
+(
+  set -x
+  if [[ -n $CI_WITH_DEPENDABOT ]]; then
+    commit_range="$(git merge-base HEAD origin/master)..HEAD"
+    parsed_update_args="$(
+      git log "$commit_range" --author "dependabot-preview" --oneline -n1 |
+        grep -o 'Bump.*$' |
+        sed -r 's/Bump ([^ ]+) from [^ ]+ to ([^ ]+)/-p \1 --precise \2/'
+    )"
+    if [[ -n $parsed_update_args ]]; then
+      # shellcheck disable=SC2086
+      _ scripts/cargo-for-all-lock-files.sh update $parsed_update_args
+    fi
+  fi
+  if _ scripts/cargo-for-all-lock-files.sh check --locked; then
+    true
+  else
+    check_status=$?
+    echo "Some Cargo.lock is outdated; please update them as well"
+    echo "protip: you can use ./scripts/cargo-for-all-lock-files.sh update ..."
+    exit "$check_status"
+  fi
+)
+
 # Clippy gets stuck for unknown reasons if sdk-c is included in the build, so check it separately.
 # See https://github.com/solana-labs/solana/issues/5503
 _ cargo +"$rust_stable" clippy --version

diff --git a/scripts/cargo-for-all-lock-files.sh b/scripts/cargo-for-all-lock-files.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -ex
+
+for lock_file in $(git ls-files :**/Cargo.lock)
+do
+  (
+    cd "$(dirname "$lock_file")"
+    cargo "$@"
+  )
+done