Commit cba8eaf
tools: ensure the PR was not pushed before merging
When using Squash and Merge feature, it would allow to a malicious
actor to push unreviewed code to their PR while the CQ is running and
bypass the usual checks.
This commit adds a check to refuse to land if the head of the PR
branch is different from the one validated by ncu.
PR-URL: #40747
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>1 parent 58de6ce commit cba8eafCopy full SHA for cba8eaf
File tree
Expand file treeCollapse file tree
1 file changed
+2
-1
lines changedOpen diff view settings
Filter options
- tools/actions
Expand file treeCollapse file tree
1 file changed
+2
-1
lines changedOpen diff view settings
Collapse file
tools/actions/commit-queue.sh
Copy file name to clipboardExpand all lines: tools/actions/commit-queue.sh+2-1Lines changed: 2 additions & 1 deletion
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
110 | 110 | |
111 | 111 | |
112 | 112 | |
113 | | - |
| 113 | + |
| 114 | + |
114 | 115 | |
115 | 116 | |
116 | 117 | |
|
0 commit comments