🐛 Fix Branch-Protection scoring (ossf#3251)

* fix: Verify if branch is required to be up to date before merge Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * docs: Comment tracking GraphQL bug Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Add validation if pointers are not null before accessing the values Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Delete debug log file Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> --------- Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
kgangerlm · Nov 13, 2023 · e63c9e9 · e63c9e9
1 parent 379f737
commit e63c9e9
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/clients/githubrepo/branches.go b/clients/githubrepo/branches.go
@@ -190,7 +190,16 @@ func copyAdminSettings(src *branchProtectionRule, dst *clients.BranchProtectionR
 	copyBoolPtr(src.DismissesStaleReviews, &dst.RequiredPullRequestReviews.DismissStaleReviews)
 	if src.RequiresStatusChecks != nil {
 		copyBoolPtr(src.RequiresStatusChecks, &dst.CheckRules.RequiresStatusChecks)
-		copyBoolPtr(src.RequiresStrictStatusChecks, &dst.CheckRules.UpToDateBeforeMerge)
+		// TODO(#3255): Update when GitHub GraphQL bug is fixed
+		// Workaround for GitHub GraphQL bug https://github.com/orgs/community/discussions/59471
+		// The setting RequiresStrictStatusChecks should tell if the branch is required
+		// to be up to date before merge, but it only returns the correct value if
+		// RequiresStatusChecks is true. If RequiresStatusChecks is false, RequiresStrictStatusChecks
+		// is wrongly retrieved as true.
+		if src.RequiresStrictStatusChecks != nil {
+			upToDateBeforeMerge := *src.RequiresStatusChecks && *src.RequiresStrictStatusChecks
+			copyBoolPtr(&upToDateBeforeMerge, &dst.CheckRules.UpToDateBeforeMerge)
+		}
 	}
 }