Skip to content

Commit 4ef01d2

Browse files
authored
Merge pull request #15 from IntentProof/oss-spec-drift-protection
Pin CI to tools SPEC_REF for spec drift protection
2 parents 9959d5a + d9142ff commit 4ef01d2

1 file changed

Lines changed: 24 additions & 2 deletions

File tree

.github/workflows/ci.yml

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,28 @@ jobs:
1313
steps:
1414
- uses: actions/checkout@v4
1515

16-
- name: Checkout spec repository
16+
- name: Checkout intentproof-tools (SPEC_REF source)
1717
uses: actions/checkout@v4
1818
with:
19-
repository: IntentProof/intentproof-spec
19+
repository: IntentProof/intentproof-tools
2020
ref: main
21+
path: intentproof-tools
22+
23+
- name: Read pinned spec ref
24+
id: spec_ref
25+
run: |
26+
ref="$(tr -d '[:space:]' < intentproof-tools/SPEC_REF)"
27+
if ! echo "$ref" | grep -qE '^[0-9a-f]{40}$'; then
28+
echo "Invalid SPEC_REF in intentproof-tools: '$ref'" >&2
29+
exit 1
30+
fi
31+
echo "ref=$ref" >> "$GITHUB_OUTPUT"
32+
33+
- name: Checkout intentproof-spec at pinned ref
34+
uses: actions/checkout@v4
35+
with:
36+
repository: IntentProof/intentproof-spec
37+
ref: ${{ steps.spec_ref.outputs.ref }}
2138
path: intentproof-spec
2239

2340
- uses: actions/setup-go@v5
@@ -27,6 +44,11 @@ jobs:
2744
- name: go build
2845
run: go build ./...
2946

47+
- name: Verify sdk-signing fixtures match pinned spec
48+
env:
49+
INTENTPROOF_SPEC_DIR: intentproof-spec
50+
run: bash scripts/check-sdk-signing-fixtures-sync.sh
51+
3052
- name: go test
3153
env:
3254
INTENTPROOF_SPEC_DIR: intentproof-spec

0 commit comments

Comments
 (0)