From 6ed020037f4c2b6a6b542be6e5a15e86b0b7587b Mon Sep 17 00:00:00 2001
From: Oliver Tale-Yazdi <oliver.tale-yazdi@parity.io>
Date: Tue, 28 May 2024 13:23:42 +0200
Subject: [PATCH] [CI] Deny adding git deps (#4572)

Adds a small CI check to match the existing Git deps agains a known-bad
list.

---------

Signed-off-by: Oliver Tale-Yazdi <oliver.tale-yazdi@parity.io>
---
 .github/scripts/deny-git-deps.py   | 40 ++++++++++++++++++++++++++++++
 .github/workflows/checks-quick.yml |  4 ++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 .github/scripts/deny-git-deps.py

diff --git a/.github/scripts/deny-git-deps.py b/.github/scripts/deny-git-deps.py
new file mode 100644
index 00000000000..4b831c9347f
--- /dev/null
+++ b/.github/scripts/deny-git-deps.py
@@ -0,0 +1,40 @@
+"""
+Script to deny Git dependencies in the Cargo workspace. Can be passed one optional argument for the
+root folder. If not provided, it will use the cwd.
+
+## Usage
+	python3 .github/scripts/deny-git-deps.py polkadot-sdk
+"""
+
+import os
+import sys
+
+from cargo_workspace import Workspace, DependencyLocation
+
+KNOWN_BAD_GIT_DEPS = {
+	'simple-mermaid': ['xcm-docs'],
+	# Fix in <https://github.com/paritytech/polkadot-sdk/issues/2922>
+	'bandersnatch_vrfs': ['sp-core'],
+}
+
+root = sys.argv[1] if len(sys.argv) > 1 else os.getcwd()
+workspace = Workspace.from_path(root)
+
+def check_dep(dep, used_by):
+	if dep.location != DependencyLocation.GIT:
+		return
+	
+	if used_by in KNOWN_BAD_GIT_DEPS.get(dep.name, []):
+		print(f'ðŸ¤¨ Ignoring git dependency {dep.name} in {used_by}')
+	else:
+		print(f'ðŸš« Found git dependency {dep.name} in {used_by}')
+		sys.exit(1)	
+
+# Check the workspace dependencies that can be inherited:
+for dep in workspace.dependencies:
+	check_dep(dep, "workspace")
+
+# And the dependencies of each crate:
+for crate in workspace.crates:
+	for dep in crate.dependencies:
+		check_dep(dep, crate.name)
diff --git a/.github/workflows/checks-quick.yml b/.github/workflows/checks-quick.yml
index 3888928311a..cd9baf0d1bc 100644
--- a/.github/workflows/checks-quick.yml
+++ b/.github/workflows/checks-quick.yml
@@ -87,13 +87,15 @@ jobs:
       - name: install python deps
         run: |
           sudo apt-get update && sudo apt-get install -y python3-pip python3
-          pip3 install toml
+          pip3 install toml "cargo-workspace>=1.2.6"
       - name: check integrity
         run: >
           python3 .github/scripts/check-workspace.py .
           --exclude
           "substrate/frame/contracts/fixtures/build"
           "substrate/frame/contracts/fixtures/contracts/common"
+      - name: deny git deps
+        run: python3 .github/scripts/deny-git-deps.py .
   check-markdown:
     runs-on: ubuntu-latest
     timeout-minutes: 10
-- 
GitLab