diff options
| -rw-r--r-- | .github/workflows/ci.yml | 6 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | flake.nix | 1 | ||||
| -rwxr-xr-x | scripts/ci-check-charon-pin.sh | 22 | ||||
| -rwxr-xr-x | scripts/update-charon-pin.sh | 2 |
5 files changed, 31 insertions, 2 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 56769cae..5ee28837 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,3 +54,9 @@ jobs: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v26 - run: nix develop --command bash -c "cd tests/lean && make" + + check-charon-pin: + runs-on: [self-hosted, linux, nix] + steps: + - uses: actions/checkout@v4 + - run: nix develop --command ./scripts/ci-check-charon-pin.sh @@ -90,7 +90,7 @@ update-charon-pin: # Keep the commit revision in `./charon-pin` as well so that non-nix users can # know which commit to use. ./charon-pin: flake.lock - nix-shell -p jq --run './scripts/update-charon-pin.sh' >> ./charon-pin + ./scripts/update-charon-pin.sh >> ./charon-pin # Checks that `./charon` contains a clone of charon at the required commit. # Also checks that `./charon/bin/charon` exists. @@ -226,6 +226,7 @@ pkgs.ocamlPackages.ocamlformat pkgs.ocamlPackages.menhir pkgs.ocamlPackages.odoc + pkgs.jq ]; inputsFrom = [ diff --git a/scripts/ci-check-charon-pin.sh b/scripts/ci-check-charon-pin.sh new file mode 100755 index 00000000..4aacd96e --- /dev/null +++ b/scripts/ci-check-charon-pin.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# Checks that the charon pin: +# - moves forward from the previous pin, to ensure we don't regress the charon version; +# - is merged into Charon. + +NEW_CHARON_PIN="$(cat flake.lock | jq -r .nodes.charon.locked.rev)" +OLD_CHARON_PIN="$(git show origin/main:flake.lock | jq -r .nodes.charon.locked.rev)" +echo "This PR updates the charon pin from $OLD_CHARON_PIN to $NEW_CHARON_PIN" + +git clone https://github.com/AeneasVerif/charon +cd charon +CHARON_MAIN="$(git rev-parse HEAD)" + +if ! git merge-base --is-ancestor "$OLD_CHARON_PIN" "$NEW_CHARON_PIN"; then + echo "Error: the new charon pin does not have the old one as its ancestor. The pin must only move forward." + exit 1 +fi + +if ! git merge-base --is-ancestor "$NEW_CHARON_PIN" "$CHARON_MAIN"; then + echo "Error: commit $NEW_CHARON_PIN is not merged into Charon." + exit 1 +fi diff --git a/scripts/update-charon-pin.sh b/scripts/update-charon-pin.sh index 418602b8..63dfe3b6 100755 --- a/scripts/update-charon-pin.sh +++ b/scripts/update-charon-pin.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash if ! which jq 2> /dev/null 1>&2; then - echo 'Error: command `jq` not found.' + echo 'Error: command `jq` not found; please install it.' exit 1 fi echo '# This is the commit from https://github.com/AeneasVerif/charon that should be used with this version of aeneas.' > ./charon-pin |