From 4f817f9eb87d2525b34e03de4e4a3fb9bb01b1dc Mon Sep 17 00:00:00 2001
From: Stephen Kitt <skitt@redhat.com>
Date: Mon, 30 Sep 2024 17:21:09 +0200
Subject: [PATCH] Check that dependencies don't include unmerged commits

This ensures that the project doesn't end up depending on commits that
aren't present in the corresponding branch of the dependency. This is
useful to prevent merging with pre-rebase commits from cross-project
changes; it also ensures that malicious commits from forks can't end
up references in the main projects.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
---
 .github/workflows/linting.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index af6550d1b..2185fbd65 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -42,6 +42,15 @@ jobs:
       - name: Create the bundle and validate it
         run: make bundle
 
+  check-branch-dependencies:
+    name: Check branch dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+      - name: Check that no dependencies include unmerged commits
+        run: make check-non-release-versions
+
   crds:
     name: CRDs up-to-date
     runs-on: ubuntu-latest