diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ffaa2b03df9e7..aa9d97ba477b7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,6 +72,9 @@ jobs: - name: decide whether to skip this job run: src/ci/scripts/should-skip-this.sh if: success() && !env.SKIP_JOB + - name: ensure the channel matches the target branch + run: src/ci/scripts/verify-channel.sh + if: success() && !env.SKIP_JOB - name: configure GitHub Actions to kill the build when outdated uses: rust-lang/simpleinfra/github-actions/cancel-outdated-builds@master with: @@ -434,6 +437,9 @@ jobs: - name: decide whether to skip this job run: src/ci/scripts/should-skip-this.sh if: success() && !env.SKIP_JOB + - name: ensure the channel matches the target branch + run: src/ci/scripts/verify-channel.sh + if: success() && !env.SKIP_JOB - name: configure GitHub Actions to kill the build when outdated uses: rust-lang/simpleinfra/github-actions/cancel-outdated-builds@master with: @@ -541,6 +547,9 @@ jobs: - name: decide whether to skip this job run: src/ci/scripts/should-skip-this.sh if: success() && !env.SKIP_JOB + - name: ensure the channel matches the target branch + run: src/ci/scripts/verify-channel.sh + if: success() && !env.SKIP_JOB - name: configure GitHub Actions to kill the build when outdated uses: rust-lang/simpleinfra/github-actions/cancel-outdated-builds@master with: diff --git a/src/ci/github-actions/ci.yml b/src/ci/github-actions/ci.yml index a59a90b86bcaf..343091cb779fc 100644 --- a/src/ci/github-actions/ci.yml +++ b/src/ci/github-actions/ci.yml @@ -126,6 +126,10 @@ x--expand-yaml-anchors--remove: run: src/ci/scripts/should-skip-this.sh <<: *step + - name: ensure the channel matches the target branch + run: src/ci/scripts/verify-channel.sh + <<: *step + - name: configure GitHub Actions to kill the build when outdated uses: rust-lang/simpleinfra/github-actions/cancel-outdated-builds@master with: diff --git a/src/ci/scripts/verify-channel.sh b/src/ci/scripts/verify-channel.sh new file mode 100755 index 0000000000000..7945512738eb8 --- /dev/null +++ b/src/ci/scripts/verify-channel.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# We want to make sure all PRs are targeting the right branch when they're +# opened, otherwise we risk (for example) to land a beta-specific change to the +# master branch. This script ensures the branch of the PR matches the channel. + +set -euo pipefail +IFS=$'\n\t' + +source "$(cd "$(dirname "$0")" && pwd)/../shared.sh" + +declare -A CHANNEL_BRANCH +CHANNEL_BRANCH["nightly"]="master" +CHANNEL_BRANCH["beta"]="beta" +CHANNEL_BRANCH["stable"]="stable" + +if isCiBranch auto || isCiBranch try; then + echo "channel verification is only executed on PR builds" + exit +fi + +channel=$(cat "$(ciCheckoutPath)/src/ci/channel") +branch="$(ciBaseBranch)" +if [[ "${branch}" != "${CHANNEL_BRANCH[$channel]}" ]]; then + echo "error: PRs changing the \`${channel}\` channel should be sent to the \ +\`${CHANNEL_BRANCH[$channel]}\` branch!" + + exit 1 +fi diff --git a/src/ci/shared.sh b/src/ci/shared.sh index 3c196c9478cf8..332a949a4dc51 100644 --- a/src/ci/shared.sh +++ b/src/ci/shared.sh @@ -73,6 +73,18 @@ function isCiBranch { fi } +function ciBaseBranch { + if isAzurePipelines; then + echo "unsupported on Azure Pipelines" + exit 1 + elif isGitHubActions; then + echo "${GITHUB_BASE_REF#refs/heads/}" + else + echo "ciBaseBranch only works inside CI!" + exit 1 + fi +} + function ciCommit { if isAzurePipelines; then echo "${BUILD_SOURCEVERSION}"