Skip to content

Add validate-submodules composite action#103

Merged
GromNaN merged 2 commits into
mongodb-labs:mainfrom
GromNaN:validate-submodules
May 7, 2026
Merged

Add validate-submodules composite action#103
GromNaN merged 2 commits into
mongodb-labs:mainfrom
GromNaN:validate-submodules

Conversation

@GromNaN
Copy link
Copy Markdown
Collaborator

@GromNaN GromNaN commented May 6, 2026
edited
Loading

Submodule updates in a PR are opaque: the diff only shows two commit SHAs with no indication of what changed or whether the update is safe. This action adds two guardrails:

  1. The commit is on the upstream branch — prevents accidentally pointing to a commit from a feature branch, a fork, or an unmerged PR
  2. The commit does not regress — prevents a PR from rolling back a submodule to an older commit than what the target branch already has

Usage

- uses: mongodb-labs/drivers-github-tools/validate-submodules@main
  with:
    token: ${{ github.token }}

No actions/checkout required — the action uses the GitHub API exclusively.

The action reads branch from .gitmodules to know which upstream branch to check against, falling back to the remote's default branch if not configured.

Used in mongodb/mongo-php-library#1893

@GromNaN
Add validate-submodules composite action
1e81918 
Validates submodule references on PRs:
1. The referenced commit is on the upstream branch configured in .gitmodules
   (falls back to the remote's default branch if not configured)
2. The commit does not regress from the target branch

Uses the GitHub API exclusively — no checkout required.
@GromNaN GromNaN mentioned this pull request May 6, 2026
Open
@GromNaN
Copy link
Copy Markdown
Collaborator Author

GromNaN commented May 7, 2026

This action is very fast: 3s for 3 submodules (see job)

Run GromNaN/mongodb-drivers-github-tools/validate-submodules@validate-submodules
  with:
    token: ***
    repository: mongodb/mongo-php-library
    pr-sha: 7eaccd6868ce2421ef5e7338a2f30f951897b7db
    base-ref: v2.x
Run bash /home/runner/work/_actions/GromNaN/mongodb-drivers-github-tools/validate-submodules/validate-submodules/validate-submodules.sh
  bash /home/runner/work/_actions/GromNaN/mongodb-drivers-github-tools/validate-submodules/validate-submodules/validate-submodules.sh
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    REPO: mongodb/mongo-php-library
    PR_SHA: 7eaccd6868ce2421ef5e7338a2f30f951897b7db
    BASE_REF: v2.x
    GH_TOKEN: ***
Checking submodule: drivers-evergreen-tools
    Repo:        mongodb-labs/drivers-evergreen-tools
    PR commit:   4b02eb0136a767b3c6bbdff32b3584c0ec6f5b6f
    Base commit: 4b02eb0136a767b3c6bbdff32b3584c0ec6f5b6f
    ✓ Commit is on the upstream branch
Checking submodule: specifications
    Repo:        mongodb/specifications
    PR commit:   b519824da64005cdf99ca680fc49c4e278af0ef3
    Base commit: b519824da64005cdf99ca680fc49c4e278af0ef3
    ✓ Commit is on the upstream branch
Checking submodule: generator/mql-specifications
    Repo:        mongodb/mql-specifications
    PR commit:   38abf6fb9b46324e8d4fecba37c9db42b15db27d
    Base commit: 38abf6fb9b46324e8d4fecba37c9db42b15db27d
    ✓ Commit is on the upstream branch
All submodule checks passed

@GromNaN GromNaN requested a review from alcaeus May 7, 2026 09:49
@GromNaN GromNaN marked this pull request as ready for review May 7, 2026 09:49
paulinevos
paulinevos approved these changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@paulinevos paulinevos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a little too much github action foo for me to fully review what's going on, but if it does what it says it does it's a good addition.

GromNaN
GromNaN commented May 7, 2026
View reviewed changes
Comment thread validate-submodules/validate-submodules.sh
pr_sha=$(gh api "repos/$REPO/contents/$path?ref=$PR_SHA" --jq '.sha')
base_sha=$(gh api "repos/$REPO/contents/$path?ref=$BASE_REF" --jq '.sha' 2>/dev/null || true)

echo "::group::Checking submodule: $name"
Copy link
Copy Markdown
Collaborator Author

@GromNaN GromNaN May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very useful syntax for rendering collapsable sections.

@GromNaN GromNaN merged commit 92d51f8 into mongodb-labs:main May 7, 2026
6 checks passed
@GromNaN GromNaN deleted the validate-submodules branch May 7, 2026 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paulinevos paulinevos paulinevos approved these changes

@alcaeus alcaeus Awaiting requested review from alcaeus

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GromNaN @paulinevos