common: Rework package-publish-safety-catches.sh to use the CI checks (#2050)

**Summary** Run the CI checks in the safety catches instead of using a separate implementation. Depends on #2038. Resolves #1496. **Test Plan** Run `go-task run-safety-catches` on a branch that is ahead of main (with these changes checked out): ![afbeelding](6e12562c-a1e0-4163-93b8-c2486faf11e9) **Checklist** - [x] ~~Package was built and tested against unstable~~
2025-04-26 21:01:01 +03:00 · 2024-04-19 22:04:30 +02:00 · 2024-04-19 22:04:30 +02:00 · bbdeaa24b8
commit bbdeaa24b8
parent 7d68ef2d83 94d54fc6c8
4 changed files with 46 additions and 61 deletions
--- a/.github/workflows/script_lint.yml
+++ b/.github/workflows/script_lint.yml
@ -43,7 +43,6 @@ jobs:
          check_together: 'yes'
          ignore_paths: >-
            common/Legacy/**
-            common/Scripts/package-publish-safety-catches.sh
            common/Scripts/helpers.zsh
            common/Scripts/sync_licenses.sh
            common/Scripts/new-package.sh
--- a/Taskfile.yml
+++ b/Taskfile.yml
@ -162,7 +162,9 @@ tasks:

  # For staff and packagers with push access
  publish:
-    desc: Tag and publish a release
+    desc: >-
+      Publish the last commit for the current package to the repository and the build server.
+      The `run-safety-catches` task is used to check for common issues before pushing.
    dir: '{{ .USER_WORKING_DIR }}'
    preconditions:
      - sh: test $(git symbolic-ref HEAD 2>/dev/null) = "refs/heads/main"
@ -175,7 +177,9 @@ tasks:
      - task: push

  republish:
-    desc: Rebuild existing tag
+    desc: >-
+      Retry the last commit for the current package on the build server.
+      The `run-safety-catches` task is used to check for common issues before pushing.
    dir: '{{ .USER_WORKING_DIR }}'
    preconditions:
      - sh: test $(git symbolic-ref HEAD 2>/dev/null) = "refs/heads/main"
@ -185,7 +189,7 @@ tasks:
      - task: push

  run-safety-catches:
-    desc: Run safety catches script
+    desc: Check for issues in the currently staged commits using the CI package checks.
    dir: '{{ .USER_WORKING_DIR }}'
    cmds:
      - "{{ .TASKFILE_DIR }}/common/Scripts/package-publish-safety-catches.sh"
--- a/common/CI/package_checks.py
+++ b/common/CI/package_checks.py
@ -507,7 +507,7 @@ class PackageVersion(PullRequestCheck):

    def run(self) -> List[Result]:
        return [Result(message=self._error, level=self._level,
-                       file=path, line=self.file_line(path, r'^version\s*:'),)
+                       file=path, line=self.file_line(path, r'^version\s*:'), )
                for path in self.package_files
                if not self._check_version(path)]

@ -730,7 +730,10 @@ class Checker:
        UnwantedFiles,
    ]

-    def __init__(self, base: Optional[str], head: str, path: str, modified: bool, untracked: bool, files: List[str]):
+    def __init__(self, base: Optional[str], head: str, path: str, files: List[str],
+                 modified: bool, untracked: bool, results_only: bool, exit_warn: bool):
+        self.results_only = results_only
+        self.exit_warn = exit_warn
        self.base = base
        self.head = head
        self.git = Git(path)
@ -750,6 +753,7 @@ class Checker:
            self.files += self.git.untracked_files()

    def run(self) -> bool:
+        if not self.results_only:
            print(f'Checking files: {", ".join(self.files)}')
            if self.commits:
                print(f'Checking commits: {", ".join(self.commits)}')
@ -757,15 +761,17 @@ class Checker:
        results = [result for check in self.checks
                   for result in check(self.git, self.files, self.commits, self.base).run()]
        errors = [r for r in results if r.level == Level.ERROR]
+        warnings = [r for r in results if r.level == Level.WARNING]

-        print(f"Found {len(results)} result(s), {len(errors)} error(s)")
+        if not self.results_only:
+            print(f"Found {len(results)} result(s), {len(warnings)} warnings and {len(errors)} error(s)")

        for result in results:
            result.log()

        self.write_summary()

-        return len(errors) > 0
+        return len(errors) > 0 or self.exit_warn and len(warnings) > 0

    def write_summary(self) -> None:
        if self.summary_file is None:
@ -793,13 +799,20 @@ if __name__ == "__main__":
                        help='Include modified files')
    parser.add_argument('--untracked', action='store_true',
                        help='Include untracked files')
+    parser.add_argument('--fail-on-warnings', action='store_true',
+                        help='Exit with an error if warnings are encountered')
+    parser.add_argument('--results-only', action='store_true',
+                        help='Only show results, nothing else')
    parser.add_argument('filename', type=str, nargs="*",
                        help='Additional files to check')
+
    cli_args = parser.parse_args()
-    checker = Checker(cli_args.base,
-                      cli_args.head,
-                      cli_args.root,
-                      cli_args.modified,
-                      cli_args.untracked,
-                      cli_args.filename)
+    checker = Checker(base=cli_args.base,
+                      head=cli_args.head,
+                      path=cli_args.root,
+                      modified=cli_args.modified,
+                      untracked=cli_args.untracked,
+                      files=cli_args.filename,
+                      results_only=cli_args.results_only,
+                      exit_warn=cli_args.fail_on_warnings)
    exit(checker.run())
--- a/common/Scripts/package-publish-safety-catches.sh
+++ b/common/Scripts/package-publish-safety-catches.sh
@ -1,51 +1,20 @@
 #!/usr/bin/env bash
+set -euo pipefail

-# Safety catches when publishing packages. Not foolproof and there are edge cases where we don't want it which allows for force-pushing.
-# Currently:
-    # - Checks that the release has been bumped.
-    # - Warns if there are additions to abi_used_libs for system.{base,devel} packages.
+check_script="$(dirname "$0")/../CI/package_checks.py"
+check_args=(--base=origin/main --fail-on-warnings --results-only)

-# FIXME: Check for rundeps changes as well for system.{base,devel} packages.
-# FIXME: For the initial inclusion check that the release == 1
-
-LAST_COMMIT=$(git rev-list -1 HEAD .)
-
-LAST_COMMIT_DIFF=$(git log -u -1 ${LAST_COMMIT})
-
-PKG_BUMP=$(git log -u -1 ${LAST_COMMIT} package.yml | grep -w +release)
-
-# Check the release has been bumped
-if [[ $PKG_BUMP == "" ]]; then
-    echo "Warning: Cannot determine that the release has been bumped"
-    read -p "Press y to force-through. If unsure press any other key to abort." prompt
-    if [[ $prompt = "y" ]]; then
+if python3 "${check_script}" "${check_args[@]}"
+then
  exit 0
-    else
-        exit 1
-    fi
 fi

-# Checks for additions to abi_used_libs for system.{base,devel} packages.
+echo "Package checks failed. Press 'y' to continue, or any other key to abort."
+read -rp "Continue anyway? [yN] " prompt

-if [[ `git grep -E 'system.base|system.devel' pspec_x86_64.xml` ]]; then
-    SYSTEM_BASE_DEVEL_PKG=1
-fi
-
-if [[ `grep -E abi_used_libs <<< $LAST_COMMIT_DIFF` ]]; then
-    # Only if the change is an addition
-    ABI_ADDITION=`git log -u -1 ${LAST_COMMIT} -U0 --word-diff abi_used_libs | grep {+`
-    if [[ $ABI_ADDITION != "" ]]; then
-        CHANGED_ABI_USED_LIBS=1
-    fi
-fi
-
-if [[ ! -z "${SYSTEM_BASE_DEVEL_PKG}" && ! -z "${CHANGED_ABI_USED_LIBS}" ]]; then
-    echo "Found a system.base/system.devel pkg where" $ABI_ADDITION "has been added to abi_used_libs."
-    echo "Please ensure that the package containing" $ABI_ADDITION "is in system.base/system.devel BEFORE continuing."
-    read -p "Press y to continue. If unsure press any other key to abort." prompt
-    if [[ $prompt = "y" ]]; then
+if [[ $prompt = "y" ]]
+then
  exit 0
-    else
+else
  exit 1
-    fi
 fi