Check that dependencies don't include unmerged commits

This ensures that the project doesn't end up depending on commits that aren't present in the corresponding branch of the dependency. This is useful to prevent merging with pre-rebase commits from cross-project changes; it also ensures that malicious commits from forks can't end up references in the main projects. Signed-off-by: Stephen Kitt <[email protected]>
submariner-io · Oct 15, 2024 · d3a1ca0 · d3a1ca0
1 parent fd4e9f3
commit d3a1ca0
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 3 deletions.
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -42,6 +42,15 @@ jobs:
       - name: Create the bundle and validate it
         run: make bundle
 
+  check-branch-dependencies:
+    name: Check branch dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - name: Check that no dependencies include unmerged commits
+        run: make check-non-release-versions
+
   crds:
     name: CRDs up-to-date
     runs-on: ubuntu-latest

diff --git a/Makefile b/Makefile
@@ -1,3 +1,4 @@
+# Dummy change
 BASE_BRANCH ?= devel
 # Denotes the default operator image version, exposed as a variable for the automated release
 DEFAULT_IMAGE_VERSION ?= $(BASE_BRANCH)
@@ -253,6 +254,9 @@ $(OPERATOR_SDK):
 
 operator-sdk: $(OPERATOR_SDK)
 
+check-non-release-versions:
+	$(SCRIPTS_DIR)/check-non-release-versions.sh
+
 .PHONY: build ci clean bundle kustomization is-semantic-version olm scorecard system-test controller-gen kustomize operator-sdk
 
 else

diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/prometheus/client_golang v1.20.2
 	github.com/submariner-io/admiral v0.19.0-m3
 	github.com/submariner-io/shipyard v0.19.0-m3
-	github.com/submariner-io/submariner v0.19.0-m3
+	github.com/submariner-io/submariner v0.19.0-m3.0.20240930152152-22aa951d2cb0
 	golang.org/x/net v0.29.0
 	golang.org/x/text v0.18.0
 	k8s.io/api v0.31.1

diff --git a/go.sum b/go.sum
@@ -399,8 +399,8 @@ github.com/submariner-io/admiral v0.19.0-m3 h1:LTkYxCvB8S1210P2FZtCb6dzjaPpIgBrR
 github.com/submariner-io/admiral v0.19.0-m3/go.mod h1:xRpP1rDOblEdPHr0qrC+plcTNfShYJAOH2fexqOmI1A=
 github.com/submariner-io/shipyard v0.19.0-m3 h1:NliwAktRPF4OsLj1TDgpaOJD/bmmZW/FH9+mJmWgxbk=
 github.com/submariner-io/shipyard v0.19.0-m3/go.mod h1:BY1ceSnPz1/hN5F9uljcSzy5n5qgAOENsIvZpJ+XPOU=
-github.com/submariner-io/submariner v0.19.0-m3 h1:UHfG15WNOFH05WF6keLtj4+y1nxL7HiDmQqG6uk+EEI=
-github.com/submariner-io/submariner v0.19.0-m3/go.mod h1:0Am9/udIvtZO8hM7YvRTbIsEWGD8YrCR2JHzNmTGyHg=
+github.com/submariner-io/submariner v0.19.0-m3.0.20240930152152-22aa951d2cb0 h1:kPLkNZOI6xux9eStbw8GS6HHJkeoOG4OmiH1gQVX4rg=
+github.com/submariner-io/submariner v0.19.0-m3.0.20240930152152-22aa951d2cb0/go.mod h1:hKbs5L9QPDslJ6n4k3fsPRbr7JbpT5AVr58YgWQQCKQ=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=