From 20b2c5f004c3f9b38e22abcdfd97bab2afebb5f5 Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Thu, 25 Feb 2021 11:13:47 -0330 Subject: [PATCH] Fix LavaMoat config check (#10514) The CI script to ensure no LavaMoat policy changes are required has been failing despite there being no changes. It turns out that the command used to check for changes (`git diff-index`) was failing despite the lack of changes because the file was written again by `yarn lavamoat:auto` but git hadn't gotten around to updating its index since the write occurred, so it was considering it as changed until it verified it wasn't [1]. The command has been replaced by `git diff --exit-code --quiet`, which should do exactly the same thing except that it forces git to update its internal cache to verify whether changes are present. [1]: https://stackoverflow.com/questions/34807971/why-does-git-diff-index-head-result-change-for-touched-files-after-git-diff-or-g --- .circleci/scripts/validate-allow-scripts.sh | 2 +- .circleci/scripts/validate-lavamoat-policy.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/scripts/validate-allow-scripts.sh b/.circleci/scripts/validate-allow-scripts.sh index 6e9f95051..e466f039c 100755 --- a/.circleci/scripts/validate-allow-scripts.sh +++ b/.circleci/scripts/validate-allow-scripts.sh @@ -6,7 +6,7 @@ set -o pipefail yarn allow-scripts auto -if git diff-index --quiet HEAD +if git diff --exit-code --quiet then echo "allow-scripts configuration is up-to-date" else diff --git a/.circleci/scripts/validate-lavamoat-policy.sh b/.circleci/scripts/validate-lavamoat-policy.sh index 65295c777..4eab30b75 100755 --- a/.circleci/scripts/validate-lavamoat-policy.sh +++ b/.circleci/scripts/validate-lavamoat-policy.sh @@ -6,7 +6,7 @@ set -o pipefail yarn lavamoat:auto -if git diff-index --quiet HEAD +if git diff --exit-code --quiet then echo "LavaMoat policy is up-to-date" else