From 559d544f6555c924f9084331150713a34963457e Mon Sep 17 00:00:00 2001
From: Rohan Khandelwal <98796241+rohankh532@users.noreply.github.com>
Date: Thu, 21 Apr 2022 13:42:22 -0700
Subject: [PATCH] Default Branch Checking Bugfix (#171)

* test action

* fixed Dockerfile

* / before policy filepath

* default branch checking + log

* revert logging

* remove lookupenv

* Dockerfile use golang entrypoint

* fixed test githubRef env

* revert dockerfile

* revert dockerfile
---
 Dockerfile              |  2 +-
 options/options.go      |  2 +-
 options/options_test.go | 63 ++++++++++++++++++++++++++++-------------
 3 files changed, 46 insertions(+), 21 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ab73fc44..b590eb00 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,4 +40,4 @@ COPY policies/template.yml  /policy.yml
 # Note: the file is executable in the repo
 # and permission carry over to the image.
 COPY entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
diff --git a/options/options.go b/options/options.go
index 71fa21e7..25f8b9a0 100644
--- a/options/options.go
+++ b/options/options.go
@@ -174,7 +174,7 @@ func (o *Options) Validate() error {
 	}
 
 	if strings.Contains(o.GithubEventName, "pull_request") &&
-		o.GithubRef == o.DefaultBranch {
+		o.GithubRef != o.DefaultBranch {
 		fmt.Printf("%s not supported with %s event.\n", o.GithubRef, o.GithubEventName)
 		fmt.Printf("Only the default branch %s is supported.\n", o.DefaultBranch)
 
diff --git a/options/options_test.go b/options/options_test.go
index 81db253d..b277f1d3 100644
--- a/options/options_test.go
+++ b/options/options_test.go
@@ -47,6 +47,8 @@ func TestNew(t *testing.T) {
 	tests := []struct {
 		name             string
 		githubEventPath  string
+		githubEventName  string
+		githubRef        string
 		repo             string
 		resultsFile      string
 		resultsFormat    string
@@ -59,6 +61,8 @@ func TestNew(t *testing.T) {
 		{
 			name:            "SuccessFormatSARIF",
 			githubEventPath: githubEventPathNonFork,
+			githubEventName: "pull_request",
+			githubRef:       "main",
 			repo:            testRepo,
 			resultsFormat:   "sarif",
 			resultsFile:     testResultsFile,
@@ -75,6 +79,8 @@ func TestNew(t *testing.T) {
 		{
 			name:            "SuccessFormatJSON",
 			githubEventPath: githubEventPathNonFork,
+			githubEventName: "pull_request",
+			githubRef:       "main",
 			repo:            testRepo,
 			resultsFormat:   "json",
 			resultsFile:     testResultsFile,
@@ -90,6 +96,8 @@ func TestNew(t *testing.T) {
 		{
 			name:            "FailureTokenIsNotSet",
 			githubEventPath: githubEventPathNonFork,
+			githubEventName: "pull_request",
+			githubRef:       "main",
 			repo:            testRepo,
 			resultsFormat:   "sarif",
 			resultsFile:     testResultsFile,
@@ -107,6 +115,8 @@ func TestNew(t *testing.T) {
 		{
 			name:            "FailureResultsPathNotSet",
 			githubEventPath: githubEventPathNonFork,
+			githubEventName: "pull_request",
+			githubRef:       "main",
 			want: fields{
 				EnableSarif: true,
 				Format:      formatSarif,
@@ -120,6 +130,8 @@ func TestNew(t *testing.T) {
 		{
 			name:            "FailureResultsPathEmpty",
 			githubEventPath: githubEventPathNonFork,
+			githubEventName: "pull_request",
+			githubRef:       "main",
 			resultsFile:     "",
 			want: fields{
 				EnableSarif: true,
@@ -131,33 +143,46 @@ func TestNew(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name:            "FailureBranchIsntMain",
+			githubEventPath: githubEventPathNonFork,
+			githubEventName: "pull_request",
+			githubRef:       "other-branch",
+			repo:            testRepo,
+			resultsFormat:   "sarif",
+			resultsFile:     testResultsFile,
+			want: fields{
+				EnableSarif: true,
+				Format:      formatSarif,
+				PolicyFile:  defaultScorecardPolicyFile,
+				ResultsFile: testResultsFile,
+				Commit:      options.DefaultCommit,
+				LogLevel:    options.DefaultLogLevel,
+			},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, tokenEnvExists := os.LookupEnv(EnvGithubAuthToken)
-			if !tokenEnvExists {
-				os.Setenv(EnvGithubAuthToken, testToken)
-				defer os.Unsetenv(EnvGithubAuthToken)
-			}
+
+			os.Setenv(EnvGithubAuthToken, testToken)
+			defer os.Unsetenv(EnvGithubAuthToken)
+
 			if tt.unsetToken {
 				os.Unsetenv(EnvGithubAuthToken)
 			}
 
-			_, pathEnvExists := os.LookupEnv(EnvGithubEventPath)
-			if !pathEnvExists {
-				if tt.githubEventPath != "" {
-					os.Setenv(EnvGithubEventPath, tt.githubEventPath)
-					defer os.Unsetenv(EnvGithubEventPath)
-				}
-			}
+			os.Setenv(EnvGithubEventPath, tt.githubEventPath)
+			defer os.Unsetenv(EnvGithubEventPath)
 
-			_, repoEnvExists := os.LookupEnv(EnvGithubRepository)
-			if !repoEnvExists {
-				if tt.repo != "" {
-					os.Setenv(EnvGithubRepository, tt.repo)
-					defer os.Unsetenv(EnvGithubRepository)
-				}
-			}
+			os.Setenv(EnvGithubEventName, tt.githubEventName)
+			defer os.Unsetenv(EnvGithubEventName)
+
+			os.Setenv(EnvGithubRef, tt.githubRef)
+			defer os.Unsetenv(EnvGithubRef)
+
+			os.Setenv(EnvGithubRepository, tt.repo)
+			defer os.Unsetenv(EnvGithubRepository)
 
 			os.Setenv(EnvInputResultsFormat, tt.resultsFormat)
 			defer os.Unsetenv(EnvInputResultsFormat)