Skip to content

Commit

Permalink
add fallback lookup for actions/upload-artifact v3/node20 branch (#599)
Browse files Browse the repository at this point in the history
Signed-off-by: Spencer Schrock <sschrock@google.com>
  • Loading branch information
spencerschrock authored Mar 26, 2024
1 parent 79a615f commit 69a7fbd
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 1 deletion.
35 changes: 35 additions & 0 deletions app/server/post_results_e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,10 @@ package server
import (
"context"
"io"
"net/http"
"os"

"github.com/google/go-github/v42/github"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"

Expand Down Expand Up @@ -112,3 +114,36 @@ var _ = Describe("E2E Test: getAndVerifyWorkflowContent", func() {
AssertInvalidWorkflowContent("testdata/results/imposter-commit-results.json", "imposter commit")
})
})

// helper function to setup a github verifier with an appropriately set token.
func getGithubVerifier() githubVerifier {
httpClient := http.DefaultClient
token, _ := readGitHubTokens()
if token != "" {
httpClient.Transport = githubTransport{
token: token,
}
}
return githubVerifier{
ctx: context.Background(),
client: github.NewClient(httpClient),
}
}

var _ = Describe("E2E Test: githubVerifier_contains", func() {
Context("E2E Test: Validate known good commits", func() {
It("can detect actions/upload-artifact v3-node20 commits", func() {
gv := getGithubVerifier()
c, err := gv.contains("actions", "upload-artifact", "97a0fba1372883ab732affbe8f94b823f91727db")
Expect(err).Should(BeNil())
Expect(c).To(BeTrue())
})

It("can detect github/codeql-action backport commits", func() {
gv := getGithubVerifier()
c, err := gv.contains("github", "codeql-action", "a82bad71823183e5b120ab52d521460ecb0585fe")
Expect(err).Should(BeNil())
Expect(c).To(BeTrue())
})
})
})
9 changes: 8 additions & 1 deletion app/server/verify_workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -263,16 +263,23 @@ func (g *githubVerifier) contains(owner, repo, hash string) (bool, error) {
if contains {
return true, nil
}

switch {
// github/codeql-action has commits from their v1 and v2 release branch that don't show up in the default branch
// this isn't the best approach for now, but theres no universal "does this commit belong to this repo" call
if owner == "github" && repo == "codeql-action" {
case owner == "github" && repo == "codeql-action":
contains, err = g.branchContains("releases/v2", owner, repo, hash)
if err != nil {
return false, err
}
if !contains {
contains, err = g.branchContains("releases/v1", owner, repo, hash)
}

// add fallback lookup for actions/upload-artifact v3/node20 branch
// https://github.com/actions/starter-workflows/pull/2348#discussion_r1536228344
case owner == "actions" && repo == "upload-artifact":
contains, err = g.branchContains("v3/node20", owner, repo, hash)
}
return contains, err
}
Expand Down

0 comments on commit 69a7fbd

Please sign in to comment.