You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/ce/howto/apply-requirements.mdx
+56-1Lines changed: 56 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,4 +26,59 @@ workflows:
26
26
on_pull_request_closed: ["digger unlock"]
27
27
on_commit_to_default: ["digger unlock"]
28
28
skip_merge_check: true
29
-
```
29
+
```
30
+
31
+
## Requiring undiverged branches in PRs
32
+
33
+
While PR locks prevent you from PRs stepping on eachother in parallel, they still do not protect you from a stale branch
34
+
that is behind the current main head. In order to safeguard against this you have a few options:
35
+
36
+
Force your repo to always have rebased branches from main. In github this is done by adding the branch protection rule:
37
+
38
+
Under settings > branch protection rules > Require branches to be up to date before merging → check this
39
+
40
+
Since digger will always query github api for mergability status, this protects you from any stale apply from PRs being performed.
41
+
42
+
43
+
44
+
Understandably this may not be feasible to mark especially for monorepos that mix code and terraform. In such cases you can achieve a similar effect by using a custom workflow like below (digger.yml):
45
+
46
+
```
47
+
projects:
48
+
- name: gcp-infra
49
+
dir: cloud/terraform/gcp
50
+
workflow: terraform-strict
51
+
52
+
workflows:
53
+
terraform-strict:
54
+
plan:
55
+
steps:
56
+
- run: |
57
+
echo "Checking if branch is up-to-date with main..."
58
+
git fetch --unshallow origin main || git fetch origin main
59
+
git fetch --unshallow origin HEAD || git fetch origin HEAD
60
+
if ! git merge-base --is-ancestor origin/main HEAD; then
61
+
echo "❌ Branch is not up-to-date with main. Please rebase or merge main into your branch."
62
+
echo "Run: git fetch origin && git rebase origin/main"
63
+
exit 1
64
+
fi
65
+
echo "✅ Branch is up-to-date with main"
66
+
- init
67
+
- plan
68
+
apply:
69
+
steps:
70
+
- run: |
71
+
echo "Checking if branch is up-to-date with main..."
72
+
git fetch --unshallow origin main || git fetch origin main
73
+
git fetch --unshallow origin HEAD || git fetch origin HEAD
74
+
if ! git merge-base --is-ancestor origin/main HEAD; then
75
+
echo "❌ Branch is not up-to-date with main. Please rebase or merge main into your branch."
76
+
echo "Run: git fetch origin && git rebase origin/main"
77
+
exit 1
78
+
fi
79
+
echo "✅ Branch is up-to-date with main"
80
+
- init
81
+
- apply
82
+
```
83
+
84
+
We plan to eventually support this natively as a flag in digger
0 commit comments