Skip to content

Freeze BKG 2.0.4 and eBL (plus modules) 3.0.3 #621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
HenrikHL merged 1 commit into from
Apr 10, 2026
Merged

Freeze BKG 2.0.4 and eBL (plus modules) 3.0.3 #621

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/forbidden_changes.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ bkg/v2/BKG_v2.0.0.yaml
bkg/v2/BKG_v2.0.1.yaml
bkg/v2/BKG_v2.0.2.yaml
bkg/v2/BKG_v2.0.3.yaml
bkg/v2/BKG_v2.0.4.yaml
bkg/v2/BKG_v2.0.0-Beta-1.yaml
bkg/v2/BKG_v2.0.0-Beta-2.yaml
cs/v1/CS_v1.0.0.yaml
Expand All @@ -22,19 +23,23 @@ ebl/v2/ebl_v2.0.0-Beta-3.yaml
ebl/v3/EBL_v3.0.0.yaml
ebl/v3/EBL_v3.0.1.yaml
ebl/v3/EBL_v3.0.2.yaml
ebl/v3/EBL_v3.0.3.yaml
Copy link
Copy Markdown

@qodo-code-review qodo-code-review bot Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Pr file list truncation 🐞 Bug ⛨ Security

The forbidden-change workflow only fetches the first 100 changed files (per_page: 100) and does
not paginate, so forbidden edits can slip through in PRs that change more than 100 files (including
the newly frozen specs). This undermines the freeze enforcement guarantee.
Agent Prompt 
### Issue description
The forbidden-change check only evaluates the first page (max 100) of PR files, allowing forbidden edits to bypass detection in large PRs.

### Issue Context
This PR expands the set of frozen specs (e.g., `ebl/v3/EBL_v3.0.3.yaml`). The enforcement mechanism must reliably evaluate *all* changed files.

### Fix Focus Areas
- .github/workflows/check_forbidden_changes.yml[39-48]
- .github/workflows/check_forbidden_changes.yml[62-70]

### Implementation notes
Use Octokit pagination (e.g., `github.paginate(github.rest.pulls.listFiles, { owner, repo, pull_number, per_page: 100 })`) or a manual loop over `page` until fewer than `per_page` results are returned, then build `changedFiles` from the full aggregated list.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

ebl/v3/ebl_v3.0.0-Beta-1.yaml
ebl/v3/EBL_v3.0.0-Beta-2.yaml
ebl/v3/endorsement/EBL_END_v3.0.2.yaml
ebl/v3/endorsement/EBL_END_v3.0.3.yaml
ebl/v3/issuance/EBL_ISS_v3.0.0.yaml
ebl/v3/issuance/EBL_ISS_v3.0.1.yaml
ebl/v3/issuance/EBL_ISS_v3.0.2.yaml
ebl/v3/issuance/EBL_ISS_v3.0.3.yaml
ebl/v3/issuance/ebl_iss_v3.0.0-Beta-1.yaml
ebl/v3/issuance/EBL_ISS_v3.0.0-Beta-2.yaml
ebl/v3/issuance_response/*
ebl/v3/notification/*
ebl/v3/surrender/EBL_SUR_v3.0.0.yaml
ebl/v3/surrender/EBL_SUR_v3.0.1.yaml
ebl/v3/surrender/EBL_SUR_v3.0.2.yaml
ebl/v3/surrender/EBL_SUR_v3.0.3.yaml
ebl/v3/surrender/ebl_sur_v3.0.0-Beta-1.yaml
ebl/v3/surrender/EBL_SUR_v3.0.0-Beta-2.yaml
ebl/v3/surrender_response/*
Expand Down
Loading