Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: ensure the PR was not pushed before merging #40747

Merged
merged 1 commit into from
Nov 7, 2021

Conversation

aduh95
Copy link
Contributor

@aduh95 aduh95 commented Nov 6, 2021

When using Squash and Merge feature, it would allow to a malicious actor to push unreviewed code to their PR while the CQ is running and bypass the usual checks.
This PR adds a check to refuse to land if the head of the PR branch is different from the one validated by ncu.

When using Squash and Merge feature, it would allow to a malicious
actor to push unreviewed code to their PR while the CQ is running and
bypass the usual checks.
This commit adds a check to refuse to land if the head of the PR
branch is different from the one validated by ncu.
@nodejs-github-bot nodejs-github-bot added the tools Issues and PRs related to the tools directory. label Nov 6, 2021
@aduh95
Copy link
Contributor Author

aduh95 commented Nov 6, 2021

/cc @nodejs/actions

@aduh95 aduh95 added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. fast-track PRs that do not need to wait for 48 hours to land. labels Nov 6, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Nov 6, 2021

Fast-track has been requested by @aduh95. Please 👍 to approve.

@aduh95 aduh95 merged commit 96e00e0 into nodejs:master Nov 7, 2021
@aduh95
Copy link
Contributor Author

aduh95 commented Nov 7, 2021

Landed in 96e00e0

@aduh95 aduh95 deleted the cq-merge-sha-validation branch November 7, 2021 11:08
targos pushed a commit that referenced this pull request Nov 8, 2021
When using Squash and Merge feature, it would allow to a malicious
actor to push unreviewed code to their PR while the CQ is running and
bypass the usual checks.
This commit adds a check to refuse to land if the head of the PR
branch is different from the one validated by ncu.

PR-URL: #40747
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
@targos targos mentioned this pull request Nov 8, 2021
BethGriggs pushed a commit that referenced this pull request Nov 25, 2021
When using Squash and Merge feature, it would allow to a malicious
actor to push unreviewed code to their PR while the CQ is running and
bypass the usual checks.
This commit adds a check to refuse to land if the head of the PR
branch is different from the one validated by ncu.

PR-URL: #40747
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Nov 26, 2021
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. fast-track PRs that do not need to wait for 48 hours to land. tools Issues and PRs related to the tools directory.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants