chainguard-dev / melange

build APKs from source code
Apache License 2.0
425 stars 104 forks source link

RFE: git-checkout cherry-picks support filtering #1422

Open smoser opened 2 months ago

smoser commented 2 months ago

I've seen this need twice in the past two days. Once with squid https://github.com/wolfi-dev/os/pull/25778 and once https://github.com/wolfi-dev/os/pull/25652

An upstream commit may have unrelated changes that don't apply. In the squid case, the changes that went into the same commit as the desired chagnes were for .github/workflows.

We'd like to have some prettier way to do this.

The solution employed in both the above PRs was:

  - runs: |
      git fetch origin master:master
      # Fix failure to build from source against new libxml2, without
      # nanohttp support.
      git show <COMMIT> -- FILE1 [FILE2 ...] > partial-cherry-pick.patch
      git apply partial-cherry-pick.patch

The documentation for git pipelines shows that the structure of the cherry-picks is:

pipeline:
  - uses: git-checkout
    with:
      expected-commit: 976ea78599d71f22e9c0fefc2dc37c1d9fc835a4
      repository: https://github.com/python/cpython.git
      tag: v3.10.14
      cherry-picks: |
        3.10/c62c9e518b784fe44432a3f4fc265fb95b651906: CVE-2024-4032

Note the format of cherry-picking: [branch/]commit: comment here

That is unfortunately limiting, as we want to add some metadata (which files to ignore).

smoser commented 2 months ago

@xnox fyi

smoser commented 2 months ago

Also seen https://github.com/wolfi-dev/os/pull/26609