nextcloud/.github/workflows/block-outdated-3rdparty.yml

# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Block merging with outdated 3rdparty/

on:
  pull_request:
    types: [opened, ready_for_review, reopened, synchronize]

permissions:
  contents: read

concurrency:
  group: block-outdated-3rdparty-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

jobs:
  block-outdated-3rdparty:
    name: Block merging with outdated 3rdparty/

    runs-on: ubuntu-latest-low

    steps:
      - name: Check requirement
        uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
        id: changes
        continue-on-error: true
        with:
          filters: |
            src:
              - '3rdparty'
              - 'version.php'            

      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: 3rdparty commit hash on current branch
        id: actual
        run: |
          echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"          

      - name: Register server reference to fallback to master branch
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            const baseRef = context.payload.pull_request.base.ref
            if (baseRef === 'main' || baseRef === 'master') {
              core.exportVariable('server_ref', 'master');
              console.log('Setting server_ref to master');
            } else {
              const regex = /^stable(\d+)$/
              const match = baseRef.match(regex)
              if (match) {
                core.exportVariable('server_ref', match[0]);
                console.log('Setting server_ref to ' + match[0]);
              } else {
                console.log('Not based on master/main/stable*, so skipping outdated 3rdparty check');
              }
            }            

      - name: Last 3rdparty commit on target branch
        if: ${{ env.server_ref != '' }}
        id: target
        run: |
          echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ env.server_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"          

      - name: Compare if 3rdparty commits are different
        if: ${{ env.server_ref != '' }}
        run: |
          echo '3rdparty/ seems to not point to the last commit of the dedicated branch:'
          echo 'Branch has: ${{ steps.actual.outputs.commit }}'
          echo '${{ env.server_ref }} has: ${{ steps.target.outputs.commit }}'          

      - name: Fail if 3rdparty commits are different
        if: ${{ env.server_ref != '' && steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
        run: |
          exit 1