Ignore private security forks in label_sync

kubernetes · Nov 8, 2019 · 9fa0aca · 9fa0aca
1 parent 8812b70
commit 9fa0aca
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/label_sync/main.go b/label_sync/main.go
@@ -319,6 +319,10 @@ func GetOrg(org string) (string, bool) {
 	return org, false
 }
 
+// securityForkNameRE is a regexp matching repos that are temporary security forks
+// https://help.github.com/en/github/managing-security-vulnerabilities/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability
+var securityForkNameRE = regexp.MustCompile(`^[\w-]+-ghsa-[\w-]+$`)
+
 // loadRepos read what (filtered) repos exist under an org
 func loadRepos(org string, gc client) ([]string, error) {
 	org, isUser := GetOrg(org)
@@ -328,9 +332,14 @@ func loadRepos(org string, gc client) ([]string, error) {
 	}
 	var rl []string
 	for _, r := range repos {
+		// Skip Archived repos as they can't be modified in this way
 		if r.Archived {
 			continue
 		}
+		// Skip private security forks as they can't be modified in this way
+		if r.Private && securityForkNameRE.Match(r.Name) {
+			continue
+		}
 		rl = append(rl, r.Name)
 	}
 	return rl, nil