implement "fail-closed" mode

bitdriftlabs · Sep 9, 2024 · f43625b · f43625b
1 parent b3ac74c
commit f43625b
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 19 deletions.
diff --git a/.github/workflows/android.yaml b/.github/workflows/android.yaml
@@ -21,11 +21,49 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: check for relevant changes
-        id: check_changes
+      - name: Check for Bazel build file changes
+        id: bazel_check
+        run: ./ci/check_bazel.sh //examples/android:android_app
+        continue-on-error: true
+
+      - name: Check for workflow file changes
+        id: workflow_check
+        run: ./ci/files_changed.sh .github/workflows/android.yaml
+        continue-on-error: true
+
+      - name: Check for relevant Gradle changes
+        id: gradle_check
+        run: ./ci/files_changed.sh "^platform/jvm/gradle-test-app/.*\.(gradle|kts|kt|xml)$"
+        continue-on-error: true
+
+      - name: Determine if tests should run
+        id: check_changes_separate
         run: |
-          ./ci/check_bazel.sh //examples/android:android_app || ./ci/files_changed.sh .github/workflows/android.yaml || ./ci/files_changed.sh "^platform/jvm/gradle-test-app/.*\.(gradle|kts|kt|xml)$" && ./ci/run_tests.sh
-          true
+          bazel_status="${{ steps.bazel_check.outputs.check_result }}"
+          workflow_status="${{ steps.workflow_check.outputs.check_result }}"
+          gradle_status="${{ steps.gradle_check.outputs.check_result }}"
+
+          # Check if any status indicates a relevant change or error
+          if [[ "$bazel_status" == "1" || "$workflow_status" == "1" || "$gradle_status" == "1" ]]; then
+            echo "An unexpected issue occurred during checks."
+            exit 1          
+          elif [[ "$bazel_status" == "0" || "$workflow_status" == "0" || "$gradle_status" == "0" ]]; then
+            echo "Changes detected in one or more checks. Running tests."
+            echo "run_tests=true" >> $GITHUB_ENV
+          elif [[ "$bazel_status" == "2" && "$workflow_status" == "2" && "$gradle_status" == "2" ]]; then
+            echo "No relevant changes found."
+            echo "run_tests=false" >> $GITHUB_ENV
+          else
+            echo "Unknown issue."
+            exit 1
+          fi
+        shell: bash
+
+      - name: Run downstream tests if changes are detected
+        id: check_changes
+        if: env.run_tests == 'true'
+        run: ./ci/run_tests.sh
+
   build_apk:
     runs-on: ubuntu-latest
     if: needs.pre_check.outputs.should_run == 'true'
@@ -178,7 +216,7 @@ jobs:
   # job completing, we are able to gate it on all the previous jobs without explicitly enumerating them.
   verify_android:
     runs-on: ubuntu-latest
-    needs: ["build_apk", "verify_android_hello_world_per_version", "gradle_tests"]
+    needs: ["pre_check", "build_apk", "verify_android_hello_world_per_version", "gradle_tests"]
     if: always()
     steps:
     # Checkout repo to Github Actions runner
@@ -187,4 +225,4 @@ jobs:
       with:
         fetch-depth: 1
     - name: check result
-      run: ./ci/check_result.sh ${{ needs.build_apk.result }} && ./ci/check_result.sh ${{ needs.verify_android_hello_world_per_version.result }} && ./ci/check_result.sh ${{ needs.gradle_tests.result }}
+      run: ./ci/check_result.sh ${{ needs.pre_check.result }} && ./ci/check_result.sh ${{ needs.build_apk.result }} && ./ci/check_result.sh ${{ needs.verify_android_hello_world_per_version.result }} && ./ci/check_result.sh ${{ needs.gradle_tests.result }}
diff --git a/ci/check_bazel.sh b/ci/check_bazel.sh
@@ -2,21 +2,30 @@
 
 set -euo pipefail
 
-# Compares $GITHUB_HEAD_REF and $GITHUB_BASE_REF (PR branch + target branch, usually main) to 
-# determine which Bazel targets have changed. This is done by analysizing the cache keys and 
-# should be authoritive assuming the builds are hermietic.
+# Compares the head ref and $GITHUB_BASE_REF (PR branch + target branch, usually main) to
+# determine which Bazel targets have changed. This is done by analyzing the cache keys and
+# should be authoritative assuming the builds are hermetic.
 #
 # Usage ./ci/check_bazel.sh <list of targets to check for in the changeset>
 
+# Trap to handle unexpected errors and log them
+trap 'echo "An unexpected error occurred during Bazel check."; echo "check_result=1" >> "$GITHUB_OUTPUT"; exit 1' ERR
+
+# Ensure we fetch the base branch (main) to make it available
+git fetch origin "$GITHUB_BASE_REF":"$GITHUB_BASE_REF"
+
+# Get the latest commit SHA for the base branch (target branch of the PR)
+base_sha=$(git rev-parse "$GITHUB_BASE_REF")
+# Get the latest commit SHA for the PR branch (the head ref in the forked repository)
+final_revision=$GITHUB_SHA
+
+# Use git merge-base to find the common ancestor of the two commits
+previous_revision=$(git merge-base "$base_sha" "$final_revision")
+
 # Path to your Bazel WORKSPACE directory
 workspace_path=$(pwd)
 # Path to your Bazel executable
 bazel_path=$(pwd)/bazelw
-# Starting Revision SHA. We use the merge-base to better handle the case where HEAD is not ahead of main.
-base_sha=$(git rev-parse "origin/$GITHUB_BASE_REF")
-previous_revision=$(git merge-base "$base_sha" "origin/$GITHUB_HEAD_REF")
-# Final Revision SHA
-final_revision=$GITHUB_HEAD_REF
 
 starting_hashes_json="/tmp/starting_hashes.json"
 final_hashes_json="/tmp/final_hashes.json"
@@ -53,14 +62,22 @@ pattern_impacted() {
   grep -q "$1" /tmp/impacted_targets.txt
 }
 
+changes_detected=false
+
 for pattern in "$@"
 do
   if pattern_impacted "$pattern"; then
     echo "$pattern changed!"
-    exit 0
+    changes_detected=true
+    break
   fi
 done
 
-# No relevant changes detected via Bazel.
-echo "Nothing changed"
-exit 1
+# Exit code based on whether changes were detected
+if [ "$changes_detected" = true ]; then
+  echo "check_result=0" >> "$GITHUB_OUTPUT"
+  exit 0  # Changes found
+else
+  echo "No changes detected."
+  echo "check_result=2" >> "$GITHUB_OUTPUT"
+fi
diff --git a/ci/files_changed.sh b/ci/files_changed.sh
@@ -7,4 +7,15 @@
 
 set -e
 
-git rev-parse --abbrev-ref HEAD | grep -q ^main$ || git diff --name-only "origin/$GITHUB_BASE_REF" | grep -E "$1"
+# Trap to handle unexpected errors and log them
+trap 'echo "An unexpected error occurred during file change check."; echo "check_result=1" >> "$GITHUB_OUTPUT"; exit 1' ERR
+
+# Check for file changes
+if git rev-parse --abbrev-ref HEAD | grep -q ^main$ || git diff --name-only "origin/$GITHUB_BASE_REF" | grep -E "$1" ; then
+  echo "Relevant file changes detected!"
+  echo "check_result=0" >> "$GITHUB_OUTPUT"
+  exit 0  # Relevant changes detected
+else
+  echo "No relevant changes found."
+  echo "check_result=2" >> "$GITHUB_OUTPUT"
+fi