GEODE-7281: UpdatePassingTokens only moves git sha forward. (#4134)
* GEODE-7281: UpdatePassingTokens only moves git sha forward.
Use `git merge-base --is-ancestor <old> <new>` to check that the SHA we
publish as 'passing' is moving forward in git history.
* force git behavior in attach-sha-to-branch
diff --git a/ci/pipelines/geode-build/jinja.template.yml b/ci/pipelines/geode-build/jinja.template.yml
index 116099c..3d3f2e9 100644
--- a/ci/pipelines/geode-build/jinja.template.yml
+++ b/ci/pipelines/geode-build/jinja.template.yml
@@ -379,20 +379,26 @@
run:
path: bash
args:
- - -ecx
+ - -cx
- |-
pushd geode
GEODE_SHA=$(git rev-parse HEAD)
popd
GEODE_SEMVER=$(cat geode-build-version/number)
- cat > geode-passing-tokens/passing-build-tokens.json <<JSON
+ GS_PATH=gs://((artifact-bucket))/semvers/((pipeline-prefix))((geode-build-branch))/passing-build-tokens.json
+ CURRENT_PASSING_SHA=$(gsutil cat ${GS_PATH} | jq -r .ref)
+ set -e
+ # Check that the incoming GEODE_SHA is a descendent of the currently stored value.
+ # Keeps us from winding back the repository in the case of an out-of-order pipeline pass
+ if [ -z "${CURRENT_PASSING_SHA}" ] || (cd geode; git merge-base --is-ancestor ${CURRENT_PASSING_SHA} ${GEODE_SHA}); then
+ cat > geode-passing-tokens/passing-build-tokens.json <<JSON
{
"ref": "${GEODE_SHA}",
"semver": "${GEODE_SEMVER}"
}
JSON
- echo "${GEODE_SHA}" > geode-passing-tokens/sha
+ fi
- aggregate:
- put: geode-passing-tokens
params:
diff --git a/ci/scripts/attach_sha_to_branch.sh b/ci/scripts/attach_sha_to_branch.sh
index dc20f96..06223f8 100755
--- a/ci/scripts/attach_sha_to_branch.sh
+++ b/ci/scripts/attach_sha_to_branch.sh
@@ -23,6 +23,6 @@
pushd ${REPO_DIR}
DESIRED_SHA=$(git rev-parse HEAD)
- git checkout ${DESIRED_BRANCH}
+ git checkout --force ${DESIRED_BRANCH}
git reset --hard ${DESIRED_SHA}
popd