-
Notifications
You must be signed in to change notification settings - Fork 3.5k
52 lines (50 loc) · 2.13 KB
/
verify-drone.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Verify drone updates
on: [pull_request]
jobs:
check-drone-changes:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get changed files
# we need continue on error because the git diff | grep pipe can return a non-zero error code if no result is found
continue-on-error: true
id: changed-files
run: |
echo "changed_files=$(git diff --name-only main -- .drone/ | xargs)" >> $GITHUB_OUTPUT
git diff main .drone/ | grep "+hmac "
echo "sha_updated=$?" >> $GITHUB_OUTPUT
- name: Check that drone was updated properly
if: always()
run: |
jsonnetChanged=false
yamlChanged=false
echo "sha updated? ${{ steps.changed-files.outputs.sha_updated }}"
# check whether the drone jsonnet and yaml files were updated
for file in ${{ steps.changed-files.outputs.changed_files }}; do
if [ "$file" == ".drone/drone.jsonnet" ]; then
echo "$file was changed"
jsonnetChanged=true
fi
if [ "$file" == ".drone/drone.yml" ]; then
echo "$file was changed"
yamlChanged=true
fi
done
# if niether file was changed we're okay
if { [ "$yamlChanged" = false ] && [ "$jsonnetChanged" = false ]; } then
echo "neither file was changed"
exit 0
fi
# if both files were changed then we should ensure that the sha in the yaml was also updated
if { [ "$yamlChanged" = true ] && [ "$jsonnetChanged" = true ]; } then
# annoyingly, the return value is a string
if [ "${{ steps.changed-files.outputs.sha_updated }}" = "0" ]; then
echo "both files were changed and sha was updated"
exit 0
fi
echo "both drone yaml and jsonnet were updated but the sha in the yaml file was not updated"
exit 1
fi
# only one of the two files was updated
echo "if one of the drone files (yaml or jsonnet) was changed then bothy files must be updated"
exit 1