From ca4a96e577ce11c91612d94b9dd7d214b6a21c1d Mon Sep 17 00:00:00 2001
From: Stephen Kitt <skitt@redhat.com>
Date: Fri, 15 Nov 2024 11:55:54 -0700
Subject: [PATCH] Check that dependencies don't include unmerged commits

This ensures that the project doesn't end up depending on commits that
aren't present in the corresponding branch of the dependency. This is
useful to prevent merging with pre-rebase commits from cross-project
changes; it also ensures that malicious commits from forks can't end
up references in the main projects.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
---
 .github/workflows/linting.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 3a494e4d8..4007336b3 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -33,6 +33,15 @@ jobs:
           flags: 'i'
           error: 'Fixup commits should be squashed into the commits under review'
 
+  check-branch-dependencies:
+    name: Check branch dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+      - name: Check that no dependencies include unmerged commits
+        run: make check-non-release-versions
+
   code-gen:
     name: Submariner K8s API Code Generation
     runs-on: ubuntu-latest