check dirty git tree after running CI jobs

[rabi-siddique]

refs: #5140

[cloudflare-workers-and-pages]

Deploying agoric-sdk with    Cloudflare Pages

Latest commit:	6c0f6cf
Status:	✅  Deploy successful!
Preview URL:	https://1dc1fdb1.agoric-sdk.pages.dev
Branch Preview URL:	https://rs-check-dirty-tree-post-ci.agoric-sdk.pages.dev

View logs

[mhofman]

Is there any way we can have some manual tests of this change, maybe as a PR stacked on top of this that creates a dirty file on purpose?

[mhofman]

Let's make sure we keep this explanation (with an update) around

[mhofman]

I'm confused, why do we need to condition on inputs.path?

[rabi-siddique]

The file path can be either . or ./agoric-sdk, which makes it difficult to determine which composite action is being used. Previously, we could specify the path using the working-directory parameter, but this no longer works properly because we now call a separate composite action.

Another option was to concatenate the path value with .github/actions/with-post-step, but it does not work with the uses keyword.

[mhofman]

Oh I totally missed the different uses path. I think it's another reason to use an off-the-shelf action for this, no relative path to deal with.

[mhofman]

Any reason not to use an off the shelf action instead of vendoring something in?

[rabi-siddique]

I wasn't sure about which actions to use. After your suggestion, I checked out run-and-post-run-action, action-post-run, and pytooling actions. I ended up choosing pytooling. Thanks for the help :)

[mhofman]

We want to maintain a check after build and before the test runs too. No need to run the test if the tree is dirty to start with.

[gibson042]

This should be maximally strict, and if it is using separate grep invocations, it might as well improve readability by avoiding regular expressions where possible:

Suggested change

	changes=$(git status --porcelain | grep -vE 'junit.xml$' | grep -vE '^\?\? endo-sha.txt$')
	changes=$(git status --porcelain | grep -vE '/junit\.xml$' | grep -vFx '?? endo-sha.txt')

[gibson042]

Let's ensure directory visibility as well.

Suggested change

	# Navigate to the specified directory
	cd $1
	# Set verbose execution
	set -x
	# Set verbose execution
	set -x
	# Navigate to the specified directory
	cd $1

[gibson042]

These exceptions should be explained.

Suggested change

	# Fail if git status detects changes, ignoring:
	# - Files ending with 'junit.xml'
	# - The untracked file 'endo-sha.txt'
	# Fail if git status detects changes, ignoring:
	# - Files ending with 'junit.xml' (cf. scripts/ci-collect-testruns.sh, invoked by ../post-test/action.yml)
	# - The untracked file 'endo-sha.txt' (cf. ./action.yml)

[rabi-siddique]

@gibson042 Thanks a lot for these handy suggestions. I've made the changes. :)

[rabi-siddique]

@mhofman, we have some failing jobs:

https://github.com/Agoric/agoric-sdk/actions/runs/10198519556/job/28213610832?pr=9804
https://github.com/Agoric/agoric-sdk/actions/runs/10198519552/job/28213741871?pr=9804

Should we ignore these files by adding a regex for them?

[mhofman]

@mhofman, we have some failing jobs:
Should we ignore these files by adding a regex for them?

I think it means you've uncovered some case where we have some missing entries in .gitignore ?

[mhofman]

The failing tests likely indicate we're missing some git ignore entries, and I think it should be the likely fix.

I think junit.xml should also be ignore instead of excluded from the check. I think we made an exception for endo-sha.txt, but I don't remember the exact reason. Possibly because it is staged for some of the flows, but I don't know why we couldn't have forced git add in that case. Maybe @michaelfig can shed some lights.

[michaelfig]

Please use secure bash escaping, and verify that CI passes.

[michaelfig]

Please use defensive shell escaping in case somebody else copies and pastes this code.

Suggested change

	with:
	main: |
	bash ${{ inputs.path }}/.github/actions/restore-node/check-git-status.sh ${{ inputs.path }}
	post: |
	bash ${{ inputs.path }}/.github/actions/restore-node/check-git-status.sh ${{ inputs.path }}
	with:
	main: |
	bash "$SRC/.github/actions/restore-node/check-git-status.sh" "$SRC"
	post: |
	bash "$SRC/.github/actions/restore-node/check-git-status.sh" "$SRC"
	env:
	SRC: ${{ inputs.path }}

[michaelfig]

Here, too.

Suggested change

	cd $1
	cd "$1" || exit $?

[rabi-siddique]

Thanks for the suggestions!

[michaelfig]

we made an exception for endo-sha.txt, but I don't remember the exact reason.

I know you suggested using git add endo-sha.txt and just ignoring all the indexed files in the restore-node dirty check. I don't remember why that didn't work out.

[mhofman]

I know you suggested using git add endo-sha.txt and just ignoring all the indexed files in the restore-node dirty check. I don't remember why that didn't work out.

I'm wondering if we tried simply adding endo-sha.txt to .gitignore?

I know we git stash in some workflows, but I don't think any that relies on endo-sha.txt ?

Even if we needed to support stash, we could do git add -f endo-sha.txt (and any other files needed), followed by git stash --staged

[michaelfig]

I'm wondering if we tried simply adding endo-sha.txt to .gitignore?

I'm pretty sure we didn't do that.

I know we git stash in some workflows, but I don't think any that relies on endo-sha.txt ?

I only see it in our after-merge.yml around lerna publish. lerna updates the package.jsons, but I don't see how a git stash would make a difference there. I believe that just adding endo-sha.txt to .gitignore instead would obviate the need to do the stash.

[michaelfig]

LGTM!

[michaelfig]

I'm not sure about this one, but if you are, I'm still willing to approve.

[rabi-siddique]

I'm still in the process of understanding this, as it appears to be intermittent. Sometimes artifacts are generated when the associated workflow runs, and other times they are not.

[mhofman]

That's definitely too broad. Please revert and use a targeted ignore file inside the proposals/a:upgrade-next folder

You should only have to ignore the generated files.