| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| name: Protected Classes |
| |
| on: pull_request_target |
| |
| concurrency: |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} |
| cancel-in-progress: true |
| |
| jobs: |
| check-protected-classes: |
| runs-on: ubuntu-latest |
| name: Rolling Upgrade check |
| permissions: |
| issues: write |
| pull-requests: write |
| checks: write |
| steps: |
| - uses: actions/checkout@v6 |
| with: |
| ref: ${{ github.event.pull_request.head.sha }} |
| fetch-depth: 0 |
| |
| - name: Rolling Upgrade check |
| id: check |
| run: | |
| BASE_SHA=${{ github.event.pull_request.base.sha }} |
| HEAD_SHA=${{ github.event.pull_request.head.sha }} |
| ANNOTATION='org.apache.ignite.internal.Order' |
| HITS_FILE=/tmp/protected-hits.txt |
| |
| # Added/deleted/modified .java files in the PR as "<status>\t<path>" lines. |
| changed_java_files() { |
| git diff --name-status --no-renames --diff-filter=ADM "$BASE_SHA"..."$HEAD_SHA" -- '*.java' |
| } |
| |
| # A protected class carries the @Order annotation; an added file is |
| # defined by the new revision, a deleted/modified one by the base. |
| is_protected_class() { |
| local status=$1 file=$2 ref=$BASE_SHA |
| [ "$status" = A ] && ref=$HEAD_SHA |
| git show "$ref:$file" 2>/dev/null | grep -q "$ANNOTATION" |
| } |
| |
| # Read "<status>\t<path>" lines, emit the paths that are protected. |
| filter_protected() { |
| while IFS=$'\t' read -r status file; do |
| if is_protected_class "$status" "$file"; then |
| echo "$file" |
| fi |
| done |
| } |
| |
| changed_java_files | filter_protected > "$HITS_FILE" |
| |
| if [ -s "$HITS_FILE" ]; then |
| echo "affected=true" >> "$GITHUB_OUTPUT" |
| fi |
| |
| - name: Comment on PR |
| if: steps.check.outputs.affected == 'true' |
| uses: actions/github-script@v8 |
| with: |
| script: | |
| const fs = require('fs'); |
| const hits = fs.readFileSync('/tmp/protected-hits.txt', 'utf8').trim(); |
| const body = [ |
| '## Possible compatibility issues. Please, check rolling upgrade cases', |
| '', |
| 'This PR modifies protected classes (with **Order** annotation).', |
| 'Changes to these classes can break rolling upgrade compatibility.', |
| '', |
| '**Affected files:**', |
| hits.split('\n').map(f => '- `' + f.trim() + '`').join('\n'), |
| '', |
| ].join('\n'); |
| |
| const { data: comments } = await github.rest.issues.listComments({ |
| owner: context.repo.owner, |
| repo: context.repo.repo, |
| issue_number: context.issue.number, |
| }); |
| |
| const existing = comments.find(c => c.body.includes('Possible compatibility issues. Please, check rolling upgrade cases')); |
| |
| if (existing) { |
| await github.rest.issues.deleteComment({ |
| owner: context.repo.owner, |
| repo: context.repo.repo, |
| comment_id: existing.id, |
| }); |
| } |
| |
| await github.rest.issues.createComment({ |
| owner: context.repo.owner, |
| repo: context.repo.repo, |
| issue_number: context.issue.number, |
| body, |
| }); |
| |
| - name: Add label |
| if: steps.check.outputs.affected == 'true' |
| uses: actions/github-script@v8 |
| with: |
| script: | |
| await github.rest.issues.addLabels({ |
| owner: context.repo.owner, |
| repo: context.repo.repo, |
| issue_number: context.issue.number, |
| labels: ['compatibility'], |
| }); |
| |
| - name: Warning check on affected |
| if: steps.check.outputs.affected == 'true' |
| uses: actions/github-script@v8 |
| with: |
| script: | |
| const fs = require('fs'); |
| const hits = fs.readFileSync('/tmp/protected-hits.txt', 'utf8').trim(); |
| await github.rest.checks.create({ |
| owner: context.repo.owner, |
| repo: context.repo.repo, |
| name: 'Rolling upgrade compatibility', |
| head_sha: context.payload.pull_request.head.sha, |
| status: 'completed', |
| conclusion: 'neutral', |
| output: { |
| title: 'Possible compatibility issues', |
| summary: [ |
| 'This PR modifies protected classes (with **Order** annotation).', |
| 'Changes to these classes can break rolling upgrade compatibility.', |
| '', |
| '**Affected files:**', |
| hits.split('\n').map(f => '- `' + f.trim() + '`').join('\n'), |
| ].join('\n'), |
| }, |
| }); |