Skip to content

exclude certain paths from diff checking in repo guard#466

Merged
metapileks merged 1 commit into
developfrom
pileks/met-410-repo-guard-crashes-on-large-binary-diffs
Jun 10, 2026
Merged

exclude certain paths from diff checking in repo guard#466
metapileks merged 1 commit into
developfrom
pileks/met-410-repo-guard-crashes-on-large-binary-diffs

Conversation

@metapileks

@metapileks metapileks commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Repo guard was checking against changes in PDFs, causing a buffer overflow and subsequent false positive failure.
This PR excludes certain dirs from the repo guard checks.

See failure in #456 for additional context.

@metapileks metapileks requested a review from metajinglun June 10, 2026 17:35
@metapileks metapileks self-assigned this Jun 10, 2026
@metapileks metapileks marked this pull request as ready for review June 10, 2026 17:36
@metapileks metapileks requested a review from metanallok as a code owner June 10, 2026 17:36
@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Repository Guard

  • Cargo.lock: pass
  • yarn.lock (root): pass
  • yarn.lock (sdk): pass
  • Repo guard: pass

Repository Guard

Cargo dependency pinning

  • Status: pass
  • Every programs/*/Cargo.toml dep uses =x.y.z, a path = .. workspace ref, or a git dep with a 40-char rev.

Cross-program Anchor/Solana version consistency

  • Status: pass
  • anchor-lang and anchor-spl are pinned to the version declared in repo-guard.toml across every program.

solana-program crate pin

  • Status: pass
  • Every solana-program = "=X" declaration is =1.17.14 (locked to match Cargo.lock).

Anchor.toml solana_version

  • Status: pass
  • Anchor.toml declares solana_version = "1.17.34" (local-dev install for anchor test).

Crate minimum age

  • Status: pass
  • All Cargo deps changed by this PR are at least 14 days old on crates.io.

Yarn package.json pinning

  • Status: pass
  • All package.json deps use exact versions (no ^, ~, ranges).

npm minimum age

  • Status: pass
  • All npm deps changed by this PR are at least 14 days old.

Workflow toolchain consistency

  • Status: pass
  • Every workflow declares anchor-version: 0.29.0.
  • Per-file solana-cli-version values match [toolchain.workflow_solana_cli] in repo-guard.toml.

GitHub Action SHA pinning

  • Status: pass
  • Every third-party action is pinned to a SHA in [actions.sha_allowlist].

Sensitive program / config changes

  • Status: warn
  • Review hint only (CODEOWNERS is the merge gate). Lines below match heuristics for security-sensitive changes:
  • High-sensitivity files touched: .github/repo-guard.toml, scripts/repo-guard.ts

Overall status: pass

Lockfile freshness (Cargo.lock + yarn.lock) is checked by the workflow directly and cannot be bypassed. The sensitive-diff section is a review hint - CODEOWNERS handles the actual merge gate.

@metapileks metapileks merged commit 70f6b75 into develop Jun 10, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@metajinglun metajinglun metajinglun approved these changes

@metanallok metanallok metanallok approved these changes

Assignees

@metapileks metapileks

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@metapileks @metajinglun @metanallok