[Merged by Bors] - ci: add commit verification for transient commits #33713
Conversation
…ndling - Add show_diff_stat() helper to display file changes on verification failure - Remove spurious `git add -A` in transient verification (cherry-pick stages) - Track untracked files before/after auto-commit command to exclude pre-existing files from tree comparison - Restore state between transient and auto verification phases - Improve error messages with human-readable diff stats 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Allows --json output to be piped directly without log messages corrupting the JSON. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Cherry-pick conflicts indicate that transient commits don't cleanly separate from substantive commits, which means they have side effects. Remove the -X theirs fallback and fail immediately on any conflict. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PR summary 15f6691e7aImport changes for modified filesNo significant changes to the import graph Import changes for all files
Declarations diffNo declarations were harmed in the making of this PR! 🐙 You can run this locally as follows## summary with just the declaration names:
./scripts/declarations_diff.sh <optional_commit>
## more verbose report:
./scripts/declarations_diff.sh long <optional_commit>The doc-module for No changes to technical debt.You can run this locally as
|
github-actions
bot
added
the
CI
| name: Commit Verification | ||
|
|
||
| on: | ||
| pull_request: |
There was a problem hiding this comment.
| pull_request: | |
| pull_request_target: |
I think that it is ok to leave it as pull_request for testing, but it should probably become pull_request_target before merging.
There was a problem hiding this comment.
I'm not sure if pull_request_target is better here. On the one hand it means we won't need to manually approve workflow runs, on the other hand, the workflow will have access to secrets so we need to be more careful about security.
There was a problem hiding this comment.
Ok, I'll trust your judgement on this: I only have a superficial understanding of the security implications.
There was a problem hiding this comment.
Let's start out with pull_request, I think.
Co-authored-by: damiano <adomani@gmail.com>
|
|
||
| # Check if any commits have transient prefix | ||
| HAS_TRANSIENT=$(git log --format="%s" "$BASE_SHA..$HEAD_SHA" | \ | ||
| grep -E "^transient" || true) |
There was a problem hiding this comment.
Is the prefix transient or transient: (with a colon and space)? Not that it's a particularly common word, but it'd be best to make this check as specific as possible.
There was a problem hiding this comment.
Later on, there is
TRANSIENT_PREFIX: "transient"and it would be good to connect the two: would adding them inside an
env:
TRANSIENT_PREFIX="transient"avoid repetition? (Or "transient: ", or whatever other string we agree on.)
Co-authored-by: damiano <adomani@gmail.com>
|
Thanks! My view with anything CI-related is that it is easier and quicker to merge-and-test rapidly. In this case, the workflow is a separate one from the main build, so the main concern may be that there will be some CI error, but not much else. In case @bryangingechen wants to suggest something more, I'll delegate to him! bors d=bryangingechen |
|
✌️ bryangingechen can now approve this pull request. To approve and merge a pull request, simply reply with |
leanprover-community-mathlib4-bot
added
the
delegated
bryangingechen
left a comment
bryangingechen
left a comment
There was a problem hiding this comment.
Thanks! Excited to see how this goes!
bors d+
|
✌️ jcommelin can now approve this pull request. To approve and merge a pull request, simply reply with |
Co-authored-by: Bryan Gin-ge Chen <bryangingechen@gmail.com>
leanprover-community-mathlib4-bot
added
the
ready-to-merge
This PR adds a CI workflow that verifies PRs correctly use transient commits. This is intended as a stepping stone towards verifying auto-generated commits, see #33707. What this PR adds: - `scripts/verify_commits.sh` - Main verification script - `.github/workflows/commit_verification.yml` - GitHub Actions workflow
|
Pull request successfully merged into master. Build succeeded: |
mathlib-bors
bot
changed the title
4 participants
This PR adds a CI workflow that verifies PRs correctly use transient commits.
This is intended as a stepping stone towards verifying auto-generated commits, see #33707.
What this PR adds:
scripts/verify_commits.sh- Main verification script.github/workflows/commit_verification.yml- GitHub Actions workflowTesting locally
The commit at
HEAD^^contains test branch creation scripts. These can be used for testing the functionality of the two shell scripts. To test:Available test scripts:
create_test_branch.sh- Creates a branch with valid transient commits (should pass)create_test_branch_fail_conflict.sh- Transient commits cause cherry-pick conflicts (should fail)create_test_branch_fail_transient.sh- Transient commits have net effect (should fail)🤖 Generated with Claude Code