Skip to content

Commit

Permalink
Add validation for branch protection
Browse files Browse the repository at this point in the history
  • Loading branch information
Donnerbart committed Nov 8, 2024
1 parent 1b8e555 commit 2de72ca
Showing 1 changed file with 66 additions and 0 deletions.
66 changes: 66 additions & 0 deletions release/validate-branch-protection.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/env bash
set -e

SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
cd "${SCRIPT_DIR}" || exit 1

# configuration
OWNER="hivemq"
REPO="helm-charts"
BRANCH="${1:-develop}"
WORKFLOW_FILES=(
"../.github/workflows/hivemq-operator-integration-test.yml"
"../.github/workflows/hivemq-platform-operator-integration-test.yml"
)
MANUAL_CHECKS=("continuous-integration/jenkins/branch" "smoke-test-legacy" "smoke-test-platform" "verify" "verification/cla-signed")

# check bash version
if ((BASH_VERSINFO < 4)); then
echo "Bash >= 4.x must be installed"
exit 1
fi

# check if binaries are installed
IS_GH_INSTALLED=$(which gh >/dev/null 2>&1 || echo "GitHub CLI is not installed")
if [ -n "$IS_GH_INSTALLED" ]; then
echo "$IS_GH_INSTALLED"
exit 1
fi

# check if gh is not authenticated
if ! gh auth status &>/dev/null; then
echo "GitHub CLI is not logged in"
echo "Please run 'gh auth login' to authenticate"
exit 1
fi

# process each specified workflow file
EXPECTED_CHECKS=("${MANUAL_CHECKS[@]}")
for WORKFLOW_FILE in "${WORKFLOW_FILES[@]}"; do
echo "Analyzing $WORKFLOW_FILE..."
# parse each job's name and its specific test-plan matrix
declare -A JOB_TEST_PLANS=()
while IFS= read -r job_name; do
test_plans=$(yq eval ".jobs[\"$job_name\"].strategy.matrix.test-plan[]" "$WORKFLOW_FILE" 2>/dev/null)
JOB_TEST_PLANS["$job_name"]="$test_plans"
done < <(yq eval '.jobs | keys | .[]' "$WORKFLOW_FILE" 2>/dev/null)

# generate expected check names based on each job and its test plans
for job_name in "${!JOB_TEST_PLANS[@]}"; do
while IFS= read -r test_plan; do
echo "Found test: $job_name ($test_plan)"
EXPECTED_CHECKS+=("$job_name ($test_plan)")
done <<< "${JOB_TEST_PLANS[$job_name]}"
done
done
echo

# convert array to newline-separated string and sort it for comparison
EXPECTED_CHECKS_STRING=$(printf "%s\n" "${EXPECTED_CHECKS[@]}" | sort)

# get required checks for both branches
REQUIRED_CHECKS=$(gh api -H "Accept: application/vnd.github.v3+json" "/repos/$OWNER/$REPO/branches/$BRANCH/protection" | jq -r '.required_status_checks.contexts | @csv' | tr ',' '\n' | tr -d '"' | sort)

# compare expected checks with branch required checks
echo "Missing checks in $BRANCH branch protection:"
comm -23 <(echo "$EXPECTED_CHECKS_STRING") <(echo "$REQUIRED_CHECKS")

0 comments on commit 2de72ca

Please sign in to comment.