Skip to content

Commit db00a0f

Browse files
authored
Branch protection remediation now uses default branch if none provided. (#3436)
Branch protection remediation now checks if branch name is empty and gets the default branch if available. If both are unavailable, remediation is skipped. Co-authored-by: Juan Antonio Osorio [email protected] Fixes #3430
1 parent 64a22e8 commit db00a0f

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

internal/engine/actions/remediate/gh_branch_protect/gh_branch_protect.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,18 @@ func (r *GhBranchProtectRemediator) Do(
132132
return nil, fmt.Errorf("error reading branch from params: %w", err)
133133
}
134134

135+
// This check avoids passing around an empty branch name which
136+
// causes issues down the road. Besides, it does not make
137+
// sense to protect what does not exist. (cit. Ozz 2024-05-27)
138+
if branch == "" && repo.DefaultBranch == "" {
139+
return nil, fmt.Errorf("both rule param and default branch names are empty: %w", engerrors.ErrActionSkipped)
140+
}
141+
// This sets the branch to the default one of the repository
142+
// in case no branch is configured via rule parameters.
143+
if branch == "" {
144+
branch = repo.DefaultBranch
145+
}
146+
135147
// get the current protection
136148
res, err := r.cli.GetBranchProtection(ctx, repo.Owner, repo.Name, branch)
137149
if errors.Is(err, github.ErrBranchNotProtected) {

0 commit comments

Comments
 (0)