diff --git a/.gitlab/.pre/common/prebuild-workspace-image.yml b/.gitlab/.pre/common/prebuild-workspace-image.yml new file mode 100644 index 000000000000..8c194babea95 --- /dev/null +++ b/.gitlab/.pre/common/prebuild-workspace-image.yml @@ -0,0 +1,13 @@ +prebuild-workspace-image-check: + image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX + needs: [] + stage: setup + tags: ["arch:amd64", "specific:true"] + rules: + - !reference [.except_main_release_or_mq] + - changes: + paths: + - .devcontainer/datadog/default/**/* + compare_to: $COMPARE_TO_BRANCH + script: + - bash tools/prebuild-devcontainer-check.sh diff --git a/.gitlab/JOBOWNERS b/.gitlab/JOBOWNERS index dcf511c3f387..3d46137abf69 100644 --- a/.gitlab/JOBOWNERS +++ b/.gitlab/JOBOWNERS @@ -274,3 +274,6 @@ validate_experiment_systemd_units @DataDog/fleet # Fuzz testing test_fuzz @DataDog/chaos-engineering + +# Workspaces +prebuild-workspace-image-check @DataDog/agent-devx diff --git a/renovate.json b/renovate.json index 6711f6b59896..8f6fc102fd64 100644 --- a/renovate.json +++ b/renovate.json @@ -168,6 +168,16 @@ "versioningTemplate": "loose", "datasourceTemplate": "custom.linux-images" }, + { + "customType": "regex", + "managerFilePatterns": [".devcontainer/datadog/default/prebuild-devcontainer.json"], + "matchStrings": [ + "\"image\":\\s*\"registry.ddbuild.io/ci/datadog-agent-buildimages/dev-env-workspace:(?v[^\"]+)\"" + ], + "depNameTemplate": "linux-images", + "versioningTemplate": "loose", + "datasourceTemplate": "custom.linux-images" + }, { "customType": "regex", "managerFilePatterns": [".gitlab-ci.yml"], diff --git a/tools/prebuild-devcontainer-check.sh b/tools/prebuild-devcontainer-check.sh new file mode 100644 index 000000000000..e5921ae855ae --- /dev/null +++ b/tools/prebuild-devcontainer-check.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# This script is designed to be standalone, for use in any repo, and as part of a pre-commit hook, +# so it must not have any external dependencies beyond `git` + +# logs-backend will make SOURCE_REF/TARGET_REF available as part of the CI; DDCI will make DDCI_* +# variables available. They have opposite meanings (see https://github.com/DataDog/dd-source/pull/194529#issuecomment-2775985239). +source_ref="${DDCI_PULL_REQUEST_TARGET_SHA:-${SOURCE_REF:-}}" +if [[ -z "$source_ref" ]]; then + source_ref="$(git symbolic-ref -q refs/remotes/origin/HEAD)" + source_ref="${source_ref##refs/remotes/}" +fi +target_ref="${DDCI_PULL_REQUEST_SOURCE_SHA:-${TARGET_REF:-HEAD}}" + +# Get any dirs containing changed prebuild-devcontainer.json files, and make sure that those dirs +# are _also_ present in the list of dirs containing changed devcontainer.json files. + +devcontainer_prebuild_changed_dirs=() +while IFS='' read -r line; do + devcontainer_prebuild_changed_dirs+=("$(dirname "$line")") +done < <(git diff --name-only "$source_ref...$target_ref" -- '**/prebuild-devcontainer.json') + +devcontainer_changed_dirs=() +while IFS='' read -r line; do + devcontainer_changed_dirs+=("$(dirname "$line")") +done < <(git diff --name-only "$source_ref...$target_ref" -- '**/devcontainer.json') + +bad_dirs=() +exitcode=0 +for devcontainer_prebuild_dir in "${devcontainer_prebuild_changed_dirs[@]}"; do + + matched=0 + for devcontainer_dir in "${devcontainer_changed_dirs[@]}"; do + if [[ "$devcontainer_prebuild_dir" == "$devcontainer_dir" ]]; then + matched=1 + break + fi + done + + if (( !matched )); then + bad_dirs+=("$devcontainer_prebuild_dir") + fi + +done + +if (( ${#bad_dirs[@]} > 0 )); then + printf $'\033[91m\033[1m'"ERROR:"$'\033[0m'" " + cat <