From 62f08354aaae95b07e6710644d1b7c1e6da8b7bd Mon Sep 17 00:00:00 2001 From: Eric Ball Date: Thu, 1 Oct 2020 17:52:22 -0700 Subject: [PATCH] Fix rtd-verify.sh to better validate submodules rtd-verify.sh was using "git submodule" commands to validate submodules, but Jenkins reads the .gitmodules file and executes a "git config" command for each submodule. Because of this, if a bad submodule was added to .gitmodules, it would pass verify but cause failures on subsequent builds after it was merged. This change closes that loophole by reading the .gitmodules file, and then running through the same "git config" command for each submodule that Jenkins runs when pulling in the main branch. Issue: RELENG-2932 Change-Id: Ic0e17d23a4763bd52172dad6b98146444bf4c165 Signed-off-by: Eric Ball --- releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml | 12 ++++++++++++ shell/rtd-verify.sh | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml diff --git a/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml b/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml new file mode 100644 index 00000000..e1ad7907 --- /dev/null +++ b/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml @@ -0,0 +1,12 @@ +--- +fixes: + - | + Fix rtd-verify.sh to better validate submodules. rtd-verify.sh was using + "git submodule" commands to validate submodules, but Jenkins reads the + .gitmodules file and executes a "git config" command for each submodule. + Because of this, if a bad submodule was added to .gitmodules, it would pass + verify but cause failures on subsequent builds after it was merged. + + This change closes that loophole by reading the .gitmodules file, and + then running through the same "git config" command for each submodule + that Jenkins runs when pulling in the main branch. diff --git a/shell/rtd-verify.sh b/shell/rtd-verify.sh index a1b1330c..29a991b5 100644 --- a/shell/rtd-verify.sh +++ b/shell/rtd-verify.sh @@ -29,6 +29,9 @@ fi git fetch origin "$GERRIT_REFSPEC" && git checkout FETCH_HEAD git submodule update +for submod in $(git config -f .gitmodules --get-regexp '^submodule\.(.+)\.url' | awk -e '{print $1}'); do + git config --get "$submod" +done # When a new commands are added in lftools, the docs verify job needs to -- 2.16.6