From d9809e1e783ebc0c794b66e9d10c6fad1dc102e0 Mon Sep 17 00:00:00 2001
From: Yureka <yuka@yuka.dev>
Date: Sat, 20 Jul 2024 00:31:54 +0200
Subject: [PATCH] gerrit-one-way-sync: disallow auto-merging a staging
 iteration into master

---
 services/gerrit/one-way-sync.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/services/gerrit/one-way-sync.nix b/services/gerrit/one-way-sync.nix
index cdb86c0..4ace69a 100644
--- a/services/gerrit/one-way-sync.nix
+++ b/services/gerrit/one-way-sync.nix
@@ -13,9 +13,9 @@ let
     };
   };
   mkSyncService = targetRef: { name, fromUri, fromRefspec, localRefspec, ... }: {
-    path = [ pkgs.gitFull pkgs.openssh ];
+    path = [ pkgs.gitFull pkgs.openssh pkgs.lix ];
     script = ''
-      set -x
+      set -xe
       trap "git worktree prune && git worktree remove -f ${name}" EXIT
 
       if [ ! -d "/var/lib/onewaysync/nixpkgs" ]; then
@@ -33,7 +33,15 @@ let
       git config user.name Fork-o-Tron
       git config user.email noreply@forkos.org
       git fetch ${fromUri} ${fromRefspec}
+    '' + lib.optionalString (!(lib.hasInfix "staging" localRefspec)) ''
+      OLD_STDENV=$(nix eval -f . stdenv.outPath --store /run/onewaysync)
+    '' + ''
       git merge FETCH_HEAD
+    '' + lib.optionalString (!(lib.hasInfix "staging" localRefspec)) ''
+      NEW_STDENV=$(nix eval -f . stdenv.outPath --store /run/onewaysync)
+      # Do not allow auto-merging a staging iteration
+      test "$OLD_STDENV" = "$NEW_STDENV"
+    '' + ''
       GIT_SSH_COMMAND='ssh -i ${cfg.deployKeyPath}' git push ${cfg.pushUrl} HEAD:${targetRef}
     '';
     serviceConfig = {