From b4e96b674ee874b259534c730eabf0fa19de7170 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Thu, 21 Mar 2024 13:46:12 +0000 Subject: [PATCH] force push: re-apply changes on top of main after big changes Signed-off-by: Diogo Teles Sant'Anna --- checks/evaluation/branch_protection_test.go | 168 ++++++++++---------- 1 file changed, 84 insertions(+), 84 deletions(-) diff --git a/checks/evaluation/branch_protection_test.go b/checks/evaluation/branch_protection_test.go index 13db108331e..520c0d7124b 100644 --- a/checks/evaluation/branch_protection_test.go +++ b/checks/evaluation/branch_protection_test.go @@ -67,10 +67,10 @@ func TestBranchProtection(t *testing.T) { }, }, { - name: "Required status check enabled", + name: "Allow force push enabled", findings: []finding.Finding{ branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeNegative), branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), @@ -80,20 +80,20 @@ func TestBranchProtection(t *testing.T) { ), branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), }, result: scut.TestReturn{ - Score: 4, - NumberOfInfo: 5, - NumberOfWarn: 5, + Score: 1, + NumberOfWarn: 7, + NumberOfInfo: 3, }, }, { - name: "Required status check enabled without checking for status string", + name: "Allow deletions enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeNegative), branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), @@ -104,14 +104,14 @@ func TestBranchProtection(t *testing.T) { ), branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), }, result: scut.TestReturn{ - Score: 4, - NumberOfInfo: 4, - NumberOfWarn: 6, + Score: 1, + NumberOfWarn: 7, + NumberOfInfo: 3, }, }, { @@ -139,6 +139,56 @@ func TestBranchProtection(t *testing.T) { NumberOfDebug: 1, }, }, + { + name: "Non-admin run on project that require zero reviewer (or don't require PRs at all, we can't differentiate it)", + findings: []finding.Finding{ + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), + withValue( + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNotAvailable), + requiresApproversForPullRequests.RequiredReviewersKey, "0", + ), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeNotAvailable), + }, + result: scut.TestReturn{ + Score: 3, + NumberOfWarn: 2, + NumberOfInfo: 2, + NumberOfDebug: 5, + }, + }, + { + name: "Non-admin run on project that require 1 reviewer", + findings: []finding.Finding{ + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), + withValue( + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomePositive), + requiresApproversForPullRequests.RequiredReviewersKey, "1", + ), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + }, + result: scut.TestReturn{ + Score: 6, + NumberOfWarn: 3, + NumberOfInfo: 3, + NumberOfDebug: 4, + }, + }, { name: "Admin run with all tier 2 requirements except require PRs and reviewers", findings: []finding.Finding{ @@ -213,62 +263,12 @@ func TestBranchProtection(t *testing.T) { }, }, { - name: "Non-admin run on project that require zero reviewer (or don't require PRs at all, we can't differentiate it)", - findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), - withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNotAvailable), - requiresApproversForPullRequests.RequiredReviewersKey, "0", - ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeNotAvailable), - }, - result: scut.TestReturn{ - Score: 3, - NumberOfWarn: 2, - NumberOfInfo: 2, - NumberOfDebug: 5, - }, - }, - { - name: "Non-admin run on project that require 1 reviewer", - findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), - withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomePositive), - requiresApproversForPullRequests.RequiredReviewersKey, "1", - ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), - }, - result: scut.TestReturn{ - Score: 6, - NumberOfWarn: 3, - NumberOfInfo: 3, - NumberOfDebug: 4, - }, - }, - { - name: "Required admin enforcement enabled", + name: "Required status check enabled", findings: []finding.Finding{ branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), withValue( branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), @@ -276,18 +276,18 @@ func TestBranchProtection(t *testing.T) { ), branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), }, result: scut.TestReturn{ - Score: 3, - NumberOfWarn: 5, + Score: 4, NumberOfInfo: 5, + NumberOfWarn: 5, }, }, { - name: "Required linear history enabled", + name: "Required status check enabled without checking for status string", findings: []finding.Finding{ branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), @@ -300,23 +300,23 @@ func TestBranchProtection(t *testing.T) { ), branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), }, result: scut.TestReturn{ - Score: 3, - NumberOfWarn: 6, + Score: 4, NumberOfInfo: 4, + NumberOfWarn: 6, }, }, { - name: "Allow force push enabled", + name: "Required admin enforcement enabled", findings: []finding.Finding{ branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), withValue( branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), @@ -329,15 +329,15 @@ func TestBranchProtection(t *testing.T) { branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), }, result: scut.TestReturn{ - Score: 1, - NumberOfWarn: 7, - NumberOfInfo: 3, + Score: 3, + NumberOfWarn: 5, + NumberOfInfo: 5, }, }, { - name: "Allow deletions enabled", + name: "Required linear history enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), @@ -353,9 +353,9 @@ func TestBranchProtection(t *testing.T) { branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), }, result: scut.TestReturn{ - Score: 1, - NumberOfWarn: 7, - NumberOfInfo: 3, + Score: 3, + NumberOfWarn: 6, + NumberOfInfo: 4, }, }, {