debian-forge-composer/test/cases/diff-manifests.sh

#!/usr/bin/env bash
set -euo pipefail

# NOTE: This script is executed differently in .gitlab-ci.yml so use a relative path
source ./test/cases/shared_lib.sh

function revert_to_head {
   git checkout "$head"
}

if [[ "${CI_COMMIT_BRANCH}" != PR-* ]]; then
    greenprint "${CI_COMMIT_BRANCH} is not a Pull Request"
    greenprint "Skipping"
    exit 0
fi

greenprint "Getting PR number"
prnum="${CI_COMMIT_BRANCH#PR-}"

greenprint "Installing jq"
sudo dnf install -y jq

greenprint "Getting base branch name"
basebranch=$(curl  \
    -u "${SCHUTZBOT_LOGIN}" \
    -H 'Accept: application/vnd.github.v3+json' \
    "https://api.github.com/repos/osbuild/osbuild-composer/pulls/${prnum}" | jq -r ".base.ref")

greenprint "Adding upstream GitHub remote"
# distro version branches aren't synced to GitLab, so we will need to fetch
# them from GitHub directly
git remote add gh https://github.com/osbuild/osbuild-composer
git remote show gh

greenprint "Fetching gh/${basebranch}"
git fetch gh "${basebranch}"

greenprint "Getting revision IDs for HEAD and merge-base"
head=$(git rev-parse HEAD)
mergebase=$(git merge-base HEAD "gh/${basebranch}")

if [[ "${head}" == "${mergebase}" ]]; then
    greenprint "HEAD and merge-base are the same"
    greenprint "Test is unnecessary"
    exit 0
fi

# We are compiling things, install the build requirements
greenprint "Installing build dependencies"
# first we need to install the rpm macros so that dnf can parse our spec file
sudo dnf install -y redhat-rpm-config
# now install our build requirements
sudo dnf build-dep -y osbuild-composer.spec

manifestdir=$(mktemp -d)

greenprint "Generating all manifests for HEAD (PR #${prnum})"
if ! go run ./cmd/gen-manifests --output "${manifestdir}/PR" --workers 50; then
    redprint "Manifest generation on PR HEAD failed"
    exit 1
fi

# revert to $head on exit
trap revert_to_head EXIT
greenprint "Checking out merge-base ${mergebase}"
git checkout "${mergebase}"

greenprint "Generating all manifests for merge-base (${mergebase})"
# NOTE: it's not an error if this task fails; manifest generation on base
# branch can be broken in a PR that fixes it.
# As long as the generation on the PR HEAD succeeds, the job should succeed.
merge_base_fail=""
if ! go run ./cmd/gen-manifests --output "${manifestdir}/${mergebase}" --workers 50; then
    redprint "Manifest generation on merge-base failed"
    merge_base_fail="**NOTE:** Manifest generation on merge-base with \`${basebranch}\` (${mergebase}) failed.\n\n"
fi

greenprint "Diff: ${manifestdir}/${mergebase} ${manifestdir}/PR"
if diff=$(diff -Naur "${manifestdir}"/"${mergebase}" "${manifestdir}/PR"); then
    greenprint "No changes in manifests"
    exit 0
fi

greenprint "Manifests differ"
echo "${diff}" > "manifests.diff"
greenprint "Saved diff in job artifacts"

artifacts_url="${CI_JOB_URL}/artifacts/browse"

review_data_file="review.json"
cat > "${review_data_file}" << EOF
{"body":"⚠️ This PR introduces changes in at least one manifest (when comparing PR HEAD ${head} with the ${basebranch} merge-base ${mergebase}).  Please review the changes.  The changes can be found in the [artifacts of the \`Manifest-diff\` job [0]](${artifacts_url}) as \`manifests.diff\`.\n\n${merge_base_fail}[0] ${artifacts_url}","event":"COMMENT"}
EOF

greenprint "Posting review comment"
comment_req_out=$(mktemp)
comment_status=$(curl \
    -u "${SCHUTZBOT_LOGIN}" \
    -X POST \
    -H "Accept: application/vnd.github.v3+json" \
    --show-error \
    --write-out '%{http_code}' \
    --output "${comment_req_out}" \
    "https://api.github.com/repos/osbuild/osbuild-composer/pulls/${prnum}/reviews" \
    -d @"${review_data_file}")

cat "${comment_req_out}"

if [[ "${comment_status}" != "200" ]]; then
    redprint "Comment post failed (${comment_status})"
    exit 1
fi

exit 0