Check that dependencies don't include unmerged commits

This ensures that the project doesn't end up depending on commits that aren't present in the corresponding branch of the dependency. This is useful to prevent merging with pre-rebase commits from cross-project changes; it also ensures that malicious commits from forks can't end up references in the main projects. Signed-off-by: Stephen Kitt <[email protected]>
submariner-io · Oct 15, 2024 · 4f817f9 · 4f817f9
1 parent 393ed87
commit 4f817f9
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -42,6 +42,15 @@ jobs:
       - name: Create the bundle and validate it
         run: make bundle
 
+  check-branch-dependencies:
+    name: Check branch dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+      - name: Check that no dependencies include unmerged commits
+        run: make check-non-release-versions
+
   crds:
     name: CRDs up-to-date
     runs-on: ubuntu-latest