Skip to content

Commit 2b2f112

Browse files
spencerschrockspencerschrock
authored
Check github/codeql-action releases/v4 branch explicitly (#866)
Signed-off-by: Spencer Schrock <[email protected]>
1 parent b429cd6 commit 2b2f112

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed

app/server/verify_workflow.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -271,7 +271,7 @@ func (g *githubVerifier) contains(owner, repo, hash string) (bool, error) {
271271
// github/codeql-action has commits from their release branches that don't show up in the default branch
272272
// this isn't the best approach for now, but theres no universal "does this commit belong to this repo" call
273273
case owner == "github" && repo == "codeql-action":
274-
releaseBranches := []string{"releases/v3", "releases/v2", "releases/v1"}
274+
releaseBranches := []string{"releases/v4", "releases/v3", "releases/v2", "releases/v1"}
275275
for _, branch := range releaseBranches {
276276
contains, err = g.branchContains(branch, owner, repo, hash)
277277
if err != nil {

app/server/verify_workflow_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,7 @@ func Test_githubVerifier_contains_codeql_v1(t *testing.T) {
123123
responsePaths: map[string]string{
124124
"codeql-action": "./testdata/api/github/repository.json", // api call which finds the default branch
125125
"main...somehash": "./testdata/api/github/divergent.json", // doesnt belong to default branch
126+
"v4...somehash": "./testdata/api/github/divergent.json", // doesnt belong to releases/v4 branch
126127
"v3...somehash": "./testdata/api/github/divergent.json", // doesnt belong to releases/v3 branch
127128
"v2...somehash": "./testdata/api/github/divergent.json", // doesnt belong to releases/v2 branch
128129
"v1...somehash": "./testdata/api/github/containsCommit.json", // belongs to releases/v1 branch
@@ -150,6 +151,7 @@ func Test_githubVerifier_contains_codeql_v2(t *testing.T) {
150151
responsePaths: map[string]string{
151152
"codeql-action": "./testdata/api/github/repository.json", // api call which finds the default branch
152153
"main...somehash": "./testdata/api/github/divergent.json", // doesnt belong to default branch
154+
"v4...somehash": "./testdata/api/github/divergent.json", // doesnt belong to releases/v4 branch either
153155
"v3...somehash": "./testdata/api/github/divergent.json", // doesnt belong to releases/v3 branch either
154156
"v2...somehash": "./testdata/api/github/containsCommit.json", // belongs to releases/v2 branch
155157
},

0 commit comments

Comments
 (0)