ci: lock deploy workflows across main and master
This commit is contained in:
defiQUG
51
scripts/verify/check-gitea-branch-workflow-parity.sh
Normal file
51
scripts/verify/check-gitea-branch-workflow-parity.sh
Normal file
@@ -0,0 +1,51 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
cd "$PROJECT_ROOT"
|
||||
|
||||
SOURCE_TARGET_PAIRS=(
|
||||
".gitea/workflow-sources/deploy-to-phoenix.yml:.gitea/workflows/deploy-to-phoenix.yml"
|
||||
".gitea/workflow-sources/validate-on-pr.yml:.gitea/workflows/validate-on-pr.yml"
|
||||
)
|
||||
|
||||
missing_ref=false
|
||||
for ref in origin/main origin/master; do
|
||||
if ! git rev-parse --verify "$ref" >/dev/null 2>&1; then
|
||||
missing_ref=true
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ "$missing_ref" == true ]]; then
|
||||
echo "[i] Skipping main/master workflow parity check (origin/main or origin/master not available)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for pair in "${SOURCE_TARGET_PAIRS[@]}"; do
|
||||
source="${pair%%:*}"
|
||||
target="${pair##*:}"
|
||||
|
||||
main_blob="$(git show "origin/main:$source" 2>/dev/null || true)"
|
||||
master_blob="$(git show "origin/master:$source" 2>/dev/null || true)"
|
||||
|
||||
if [[ -z "$main_blob" ]]; then
|
||||
main_blob="$(git show "origin/main:$target" 2>/dev/null || true)"
|
||||
fi
|
||||
if [[ -z "$master_blob" ]]; then
|
||||
master_blob="$(git show "origin/master:$target" 2>/dev/null || true)"
|
||||
fi
|
||||
|
||||
if [[ -z "$main_blob" || -z "$master_blob" ]]; then
|
||||
echo "[✗] Missing $source/$target on origin/main or origin/master" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$main_blob" != "$master_blob" ]]; then
|
||||
echo "[✗] Branch workflow drift: $source differs between origin/main and origin/master" >&2
|
||||
echo " Keep both deploy branches in lockstep for workflow-source files." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[✓] Branch parity OK for $source"
|
||||
done
|
||||
32
scripts/verify/check-gitea-workflows.sh
Normal file
32
scripts/verify/check-gitea-workflows.sh
Normal file
@@ -0,0 +1,32 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
cd "$PROJECT_ROOT"
|
||||
|
||||
check_one() {
|
||||
local source_rel="$1"
|
||||
local target_rel="$2"
|
||||
|
||||
if [[ ! -f "$source_rel" ]]; then
|
||||
echo "[✗] Missing workflow source: $source_rel" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [[ ! -f "$target_rel" ]]; then
|
||||
echo "[✗] Missing generated workflow: $target_rel" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! diff -u "$source_rel" "$target_rel" >/dev/null; then
|
||||
echo "[✗] Workflow drift detected: $target_rel does not match $source_rel" >&2
|
||||
echo " Run: bash scripts/verify/sync-gitea-workflows.sh" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo "[✓] $target_rel matches $source_rel"
|
||||
}
|
||||
|
||||
check_one ".gitea/workflow-sources/deploy-to-phoenix.yml" ".gitea/workflows/deploy-to-phoenix.yml"
|
||||
check_one ".gitea/workflow-sources/validate-on-pr.yml" ".gitea/workflows/validate-on-pr.yml"
|
||||
@@ -3,6 +3,7 @@
|
||||
# Use for CI or pre-deploy: dependencies, config files, optional genesis.
|
||||
# Usage: bash scripts/verify/run-all-validation.sh [--skip-genesis]
|
||||
# --skip-genesis: do not run validate-genesis.sh (default: run if smom-dbis-138 present).
|
||||
# Steps: dependencies, config files, cW* mesh matrix (if pair-discovery JSON exists), genesis.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
@@ -24,15 +25,64 @@ bash "$SCRIPT_DIR/check-dependencies.sh" || log_err "check-dependencies failed"
|
||||
log_ok "Dependencies OK"
|
||||
echo ""
|
||||
|
||||
echo "1b. pnpm workspace vs lockfile..."
|
||||
if [[ -f "$PROJECT_ROOT/pnpm-workspace.yaml" ]]; then
|
||||
bash "$SCRIPT_DIR/check-pnpm-workspace-lockfile.sh" || log_err "pnpm lockfile / workspace drift"
|
||||
log_ok "pnpm lockfile aligned with workspace"
|
||||
else
|
||||
echo " (no pnpm-workspace.yaml at root — skip)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
echo "1c. Gitea workflow source sync..."
|
||||
bash "$SCRIPT_DIR/check-gitea-workflows.sh" || log_err "Gitea workflow source drift"
|
||||
log_ok "Gitea workflows match source-of-truth files"
|
||||
echo ""
|
||||
|
||||
echo "1d. main/master workflow parity..."
|
||||
bash "$SCRIPT_DIR/check-gitea-branch-workflow-parity.sh" || log_err "main/master workflow parity drift"
|
||||
log_ok "main/master workflow parity OK"
|
||||
echo ""
|
||||
|
||||
echo "2. Config files..."
|
||||
bash "$SCRIPT_DIR/../validation/validate-config-files.sh" || log_err "validate-config-files failed"
|
||||
log_ok "Config validation OK"
|
||||
echo ""
|
||||
|
||||
if [[ "$SKIP_GENESIS" == true ]]; then
|
||||
echo "3. Genesis — skipped (--skip-genesis)"
|
||||
echo "3. cW* mesh matrix (deployment-status + Uni V2 pair-discovery)..."
|
||||
DISCOVERY_JSON="$PROJECT_ROOT/reports/extraction/promod-uniswap-v2-live-pair-discovery-latest.json"
|
||||
if [[ -f "$DISCOVERY_JSON" ]]; then
|
||||
MATRIX_JSON="$PROJECT_ROOT/reports/status/cw-mesh-deployment-matrix-latest.json"
|
||||
bash "$SCRIPT_DIR/build-cw-mesh-deployment-matrix.sh" --no-markdown --json-out "$MATRIX_JSON" || log_err "cw mesh matrix merge failed"
|
||||
log_ok "cW mesh matrix OK (also wrote $MATRIX_JSON)"
|
||||
else
|
||||
echo "3. Genesis (smom-dbis-138)..."
|
||||
echo " ($DISCOVERY_JSON missing — run: bash scripts/verify/build-promod-uniswap-v2-live-pair-discovery.sh)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
echo "3b. deployment-status graph (cross-chain-pmm-lps)..."
|
||||
PMM_VALIDATE="$PROJECT_ROOT/cross-chain-pmm-lps/scripts/validate-deployment-status.cjs"
|
||||
if [[ -f "$PMM_VALIDATE" ]] && command -v node &>/dev/null; then
|
||||
node "$PMM_VALIDATE" || log_err "validate-deployment-status.cjs failed"
|
||||
log_ok "deployment-status.json rules OK"
|
||||
else
|
||||
echo " (skip: node or $PMM_VALIDATE missing)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
echo "3c. External dependency blockers..."
|
||||
EXT_CHECK="$SCRIPT_DIR/check-external-dependencies.sh"
|
||||
if [[ -x "$EXT_CHECK" ]]; then
|
||||
bash "$EXT_CHECK" --advisory || true
|
||||
else
|
||||
echo " (skip: $EXT_CHECK missing)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
if [[ "$SKIP_GENESIS" == true ]]; then
|
||||
echo "4. Genesis — skipped (--skip-genesis)"
|
||||
else
|
||||
echo "4. Genesis (smom-dbis-138)..."
|
||||
GENESIS_SCRIPT="$PROJECT_ROOT/smom-dbis-138/scripts/validation/validate-genesis.sh"
|
||||
if [[ -x "$GENESIS_SCRIPT" ]]; then
|
||||
bash "$GENESIS_SCRIPT" || log_err "validate-genesis failed"
|
||||
|
||||
18
scripts/verify/sync-gitea-workflows.sh
Normal file
18
scripts/verify/sync-gitea-workflows.sh
Normal file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
cd "$PROJECT_ROOT"
|
||||
|
||||
sync_one() {
|
||||
local source_rel="$1"
|
||||
local target_rel="$2"
|
||||
|
||||
mkdir -p "$(dirname "$target_rel")"
|
||||
cp "$source_rel" "$target_rel"
|
||||
echo "[✓] Synced $target_rel from $source_rel"
|
||||
}
|
||||
|
||||
sync_one ".gitea/workflow-sources/deploy-to-phoenix.yml" ".gitea/workflows/deploy-to-phoenix.yml"
|
||||
sync_one ".gitea/workflow-sources/validate-on-pr.yml" ".gitea/workflows/validate-on-pr.yml"
|
||||
Reference in New Issue
Block a user